Observability field composition of Stream Logs message

b790718 · May 12, 2025, 2:39pm

Elasticsearch: v8.11.0
Kibana: v8.11.0
Filebeat: v8.11.0
APM Agent: nodejs v8.10.0

I use winston logger with ecs-winston-format.
I am so confused about what field composition of Stream Message is ?
When I set ecsFomat config > convertReqRes : true, Stream Logs message first "" is always empty.
I can't find the field composition of message in document

weltenwort · May 12, 2025, 3:03pm

Hi @b790718,

I agree this doesn't look perfect. What the UI attempts to do here is to interpolate the event.dataset field. This is part of the message reconstruction heuristics, which go astray sometimes.

If you're on a recent version of the Elastic Stack, you might want to try out Discover in a Kibana space configured for Observability: Explore logs in Discover | Elastic Docs

Nowadays Discover adapts its rendering to suit the use-case better when the data viewed are log entries.

Topic		Replies	Views
Log UI failed to format message from Logs	5	3566	February 5, 2019
Kibana infra/logs displaying "undefined" for ECS-formatted events Logs	6	1144	May 12, 2020
Discover: Field data loading is forbidden on message Kibana	2	1588	July 6, 2017
Easily parseable log format (ideally, CEF format) in ELS / Kibana / Fluentd Elasticsearch	1	865	July 14, 2017
Customizing message field for Ecs logging method of java applications Beats ecs-elastic-common-schema , filebeat	3	773	July 15, 2020

Observability field composition of Stream Logs message

Related topics