Hi, i have a question about filebeat elasticsearch module and it’s slowlog pipeline part. I found that in filebeat-7.7.0-elasticsearch-slowlog-pipeline-json which is default pipeline in fb 7.7.0 version, there is parsed elasticsearch.slowlog.duration field with long type. But i cannot find it in saved/parsed docs (logs) in elasticsearch, where that pipeline is installed and logs are send.
Log message is parsed by pipeline because i can see other fields, but this field which is pretty major for use is not. There is field elasticsearch.slowlog.took but it’s keyword and it’s useless for creating visualisations (longest slowlog query, etc…).
I found that in filebeat-7.7.0 index template mapping field elasticsearch.slowlog.duration is missing so is that some bug? Or i am missing something?
It's odd because of field like slowlog took which will be integer, slowlogs are useless for kibana's visualisations/dashboards. If you cannot sort or agregate by time how long slowlog took, you can't use that logs.