Hi.
Im using filebeat to send to Elasticsearch a preformatted json logfile. The files are parsing fine, but i have an unknown field and i don´t know why:
Any ideas?
Thanks in advance
Víctor
hi @vdelcampo, what is the unknown field in this case? could not pinpoint it from the image.
Also, can you provide us with the filebeat config /pipelines etc where you process the log.
Hi Mariana.
In Kibana appears data.proto_msg.ratMsg.portfolioResp.portfolio field as unknown in Available fields. When i have a look in a message it looks like the image i posted. That field has those subfields and also are not availables. My Filebeat config file is:
filebeat.inputs:
-type: log
enabled: true
json.keys_under_root: true
json.add_error_key: true
json.message_key: log
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
output.elasticsearch:
hosts: ["x.x.x.x:9200"]
index: "rat-%{+yyyy.MM.dd}"
setup.template:
name: 'rat'
pattern: 'rat-*'
enabled: false
processors:
drop_fields:
fields: ["agent.ephemeral_id", "agent.hostname", "agent.id", "agent.type", "agent.version", "ecs.version", "input.type", "log.offset", "version", "host.name"]
setup.ilm.enabled: false
Regards
Víctor
Got it, the problem was with json files. That field has . I removed it an it works.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.