I've just installed a new ELK stack with Logstash 1.5, Elasticsearch 1.7, and Kibana 4. The flow for my logs is from nxlog -> logstash tcp input, through a json filter to rabbitmq output, then into another logstash instance with the rabbitmq input, through some mutate filters, and then finally in to the elasticsearch output. The Elasticsearch output has all the default values.
The issue is that the .raw non-indexed fields don't seem to be getting any data in them. An example of this can be seen in the screenshot. I've refreshed Kibana so the field shows up in the list, but it is empty.
The template exists in Elasticsearch:
Ideally we'd like to use the non-indexed fields for aggregations. Any thoughts or assistance troubleshooting would be greatly appreciated.