We used to use the log.original field a lot for our searches in Kibana, but since the upgrade of Elastic.CommonSchema.Nlog package, I can't seem to find this field anymore. Also, it looks like the log template we depend on isn't being logged now.
Has anyone else faced this? Am I missing something, or is there a new way to access these features after the upgrade? Any tips or suggestions would be really helpful.
Thanks in advance!
Hi @ridvandev Welcome to the community.
Cool you have been using Elasticsearch for so long, However, from 1.5.3 there have been many many changes...
What are you using to ingest your logs?
Probably the closest to what you are looking for is the event.original field, but whether that is available for every logs that is not necessarily the case.
You might be able to use a field alias or runtime field to "recreate/access" log.original
It also depends if that field was text field or keyword
Hi @stephenb, thank you for the quick reply!
I think I couldn't explain myself quite right.
We updated the Elastic.CommonSchema.Nlog package version from 1.5.3 to 8.6.1.
With this upgrade, we lost the field log.original, but we got log.origin.file.name and log.origin.function instead which are always empty.
There is no event.original field, unfortunately.
We are using Nlog.Targets.ElasticSearch package to ingest logs to elastic-stack.
Hmm, I am probably not the right person to answer that I will ping someone.
I see version 1.6 etc, for the NLog and 8.6.1 is the Version of the Stack not NLog (I am guessing)
When I look at the page I see the layout still contains...
},
"log":{
"logger":"Elastic.CommonSchema.NLog",
"original":"Info {ValueX} {SomeY}"
},
I will see if I can ping someone
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.