I use ELK 5.0.1 + Filebeat 5.0.1.
I configure Filebeat to send json logs to Elasticsearch.
When I visualize the logs in Kibana, I have a lot of "unknown" field.
I want to filter some of this field like I can do with the "message" field.
How can I do this ?
You probably need to refresh Kibana's mapping cache. This doc page describes the process a bit
That solve my issue.
Thanks.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
