Hi All,
I create two index pattern in elasticsearch, one of the index patterns has message.raw field (logstash-, system default template?), but cannot found on the other one (miki-, created by myself),
Jason
You need to create a mapping template that handles that for you, just like how the Logstash one does.