Hi All,
I'm fairly new to logstash and ELK stack and I'm stuck in trying to ingest the json file from a filebeat instance.
I can receive the json entries from filebeat just fine but all values/fields are in the message field.
My goal is to take each field in the json file and make each of it a field in the index being created. But I'm stuck in the error that [_id] is a metadata and I've been trying to replace the field and even delete the field but failed to do so.
NOTE: the secua tag is being added fine. So I'm quite certain that Filebeat sends the json lines just fine.
The error is attached in this post * .
The config file is also attached on this post *
