Hi, I don't understand why I cannot find any field in the select when trying to create a Log Threshold Alert in Kibana (7.17).
I can see data in Discover
I can see data in Discover
@mattia.borini this is due to the fact that your index contains only single field called "log" which essentially has the whole message as string text. You need to parse the events as JSON first to have the {property:value } pairing. Once those pairings are stored in ES, you will see the property list in your available fields list and can be used for alerting or monitoring purposes.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.