Hello,
We have a requirement to send the entire raw log message along with parsed data.
This will allow the users to view the parsed data as well raw log.
Can someone let me know if this is feasible?
Not fully sure I understand the question. If this is a requirement, it's more about adding this as a field, right?
one question to think about is your mapping in this case. If this field needs to be searchable or not, so either if this is a 'text' field, or you only need to return the data in a search response.
I would like raw log message as field,something like below.
Let me know how to do it.
Raw log:
"192.168.0.1 - - [05/Feb/2018:12:00:00 +0900] "GET / HTTP/1.1" 200 777"
Some tools work exactly like that (beats). How do you index your data?
We use fluentd as an agent to send logs to elastic search.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.