Snippet
from http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/mapping.html
"Explicit mapping is defined on an index/type level. By default, there
isn’t a need to define an explicit mapping, since one is automatically
created and registered when a new type or new field is introduced (with no
performance overhead) and have sensible defaults."
Following is the json format of the log Logstash is generating:
{
"message" => "<6> Jan 9 07:19:26 w2k8r233110
0|TEST|TESTPRODUCT|8.0.1310|TestSignature|This is test
message|Medium|src=10.31.252.102",
"@version" => "1",
"@timestamp" => "2014-02-25T06:52:52.930Z",
"type" => "syslog",
"host" => [
[0] "127.0.0.1:38989",
[1] "w2k8r233110"
],
"syslog_pri" => "6",
"timestamp" => "Jan 9 07:19:26",
"cef_version" => "0",
"device_vendor" => "TEST",
"device_product" => "TESTPRODUCT",
"device_version" => "8.0.1310",
"signature_id" => "TestSignature",
"message_content" => "This is test message",
"severity" => "Medium",
"src_ip" => "10.31.252.102"
}
But i can't see the fields in Elasticsearch Kibana interface. Could anyone
please help me out?
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/6438c2fa-aacb-45cf-a19b-196c6aea6c3a%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.