I'm trying to use ElasticSearch & Kibana to drill into JSON message logs,
but the only Fields I can see or search on are:
@timestamp
@version
message
"message" is a string in JSON format that contains various data fields that
I want to be able to search on, for example:
{"ClientSubSystem":"Indexer", "CodeVersion":"13.4.03",
"SessionDuration_seconds":145.23, "DataLoadsAttempted":15,
"BytesLoaded":125846713}
The actual number of fields may vary depending on the message - there will
be a core set of common fields in all messages, and then a possible set of
additional fields that will vary depending on the particular analysis needs
of the subsystem developers. I'm hoping to allow for complex JSON messages,
if possible. (Nested JSON objects, arrays, values of different types, etc.)
I'm using Logstash to feed ElasticSearch, and suspect I need to correctly
set up some kind of templates, mappings, etc., but nothing I've tried
allows me to drill into the message JSON fields using Kibana.
Can anyone provide any hints?
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.