Json message storing with message. extension in index

harijld · July 15, 2022, 9:24am

Hi Team, I have small query here.
I am sending json messag on Kafka queue and indexing the same in Elasticsearch. It is inserting properly but all the fields are storing with message.field extension. Is there any parameter do i need to include in the logstash config file to remove this message. extension.

logsstash config file -

input {
    kafka {
      bootstrap_servers => "XX.XX.XX.XX:9092"
          topics => ["logmes"]
    }
}

filter {

        json {
                source => "message"
             }
         }


output {
  elasticsearch {
    hosts => "https://XX.XX.XX.XX:9200"
    index => "tibco-app-logs"
    user => "elastic"
    password => "XXXXXXXXX"
    cacert => "/etc/logstash/elk-stack.crt.pem"
    ssl_certificate_verification => false
  }
}

Elasticsearch data -

Badger · July 15, 2022, 3:26pm

Since you have not given any indication what you JSON structure is, it is impossible to say.

Topic		Replies	Views
Determining Elasticsearch index from message Logstash	2	545	July 6, 2017
Logstash pipeline for kafka message Logstash	4	514	July 27, 2022
Index JSON data from kafka to elatsicsearch Logstash	1	290	March 19, 2019
Json is storing as string in es Logstash	5	2767	August 11, 2017
How to configure logstash to index json logs including all fields Logstash	6	5038	July 6, 2017

Json message storing with message. extension in index

Related topics