Lost .raw fields after creating custom index

Elastic Stack Kibana
1

I just created a custom index using the following config but I don't see the .raw fields anymore - which I need to carry out the desired visualizations. Could somebody please explain exactly what I need to do and how I should go about doing it? Thanks!

Here's my config -

I have modified my config to the following but still getting the same default date-based name for the index. Any suggestions?

input {
file {
path => "C:/ELK/logstash-2.2.2/sample.log"
type => "sample"
start_position => "beginning"
sincedb_path => "C:/ELK/logstash-2.2.2/dbfiles"

}
}

filter {
grok { match => { "message" => "%{DAY:day}\s%{MONTH:month}\s%{MONTHDAY:monthday}\s%{YEAR:year}\s%{TIME:time}\sGMT(?[+-]\d\d\d\d)\s([^)]+)\s%{NUMBER:temp}\s%{NUMBER:light}\s%{GREEDYDATA:room}"} }

}

output {

elasticsearch {

index => "templightlogs"

}

stdout{}

}

2

This is really a Logstash question that you might want to move to the Logstash category.

This is because the index template that ships with Logstash and is installed on the ES cluster by default only covers indexes whose names match logstash-*. You should make a copy of that template, adjust the index name pattern, and have your elasticsearch output use your template file instead.