Json upload using Data visualizer issue

Elastic Stack Kibana
1

I am trying to upload/index a simple json file using Kibana's Data Visualizer (under ML). I have 3 node elastic cluster and one kibana running on docker. It lets me upload the json, but when I look at the index it had put all my fields under @timestamp, field, message (all my fields go here). I haven't been able to figure out how to upload the json file correctly.
For eg, this is how my json got indexed:
(barcode, upload_time, dev_id, etc are all separate fields in my json, but it put all of them under message. I don't get what I did wrong)
{ "_index": "temperature1", "_type": "_doc", "_id": "0mqepnYBI_PmrchLebAL", "_score": 1.0, "_source": { "@timestamp": "2020-11-25T03:59:01.868674000Z", "field": "\"upload_time\"", "message": " \"upload_time\": \"2020-11-25T03:59:01.868674Z\"\r\n },\r\n {\r\n \"device_id\": \"xxxx\",\r\n \"device_data\": {\r\n \"ta\": \"26.51\",\r\n \"to\": \"35.79\",\r\n \"dev_id\": \"xxxx\",\r\n \"barcode\": \"164378\",\r\n \"file_name\": \"\",\r\n \"User-Agent\": \"rrrrr\"," } }

2 
{
  "_index": "temperature1",
  "_type": "_doc",
  "_id": "0mqepnYBI_PmrchLebAL",
  "_score": 1,
  "_source": {
    "@timestamp": "2020-11-25T03:59:01.868674000Z",
    "field": "\"upload_time\"",
    "message": """ "upload_time": "2020-11-25T03:59:01.868674Z"
 },
 {
 "device_id": "xxxx",
 "device_data": {
 "ta": "26.51",
 "to": "35.79",
 "dev_id": "xxxx",
 "barcode": "164378",
 "file_name": "",
 "User-Agent": "rrrrr","""
  }
}

Your message has a """ which means multi line and the closing to that ins't until after User-Agent. What are you using to generate this data?

I believe you are going for the below structure.

{
    "_index": "temperature1",
    "_type": "_doc",
    "_id": "0mqepnYBI_PmrchLebAL",
    "_score": 1,
    "_source": {
        "@timestamp": "2020-11-25T03:59:01.868674000Z",
        "field": "\"upload_time\"",
        "message": "",
        "upload_time": "2020-11-25T03:59:01.868674Z",
        "device_id": "xxxx",
        "device_data": {
            "ta": "26.51",
            "to": "35.79",
            "dev_id": "xxxx",
            "barcode": "164378",
            "file_name": "",
            "User-Agent": "rrrrr"
        }
    }
}
3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.