Hi All,
we have now two different shippers sending logs to our es cluster (no logstash included).
FileBeat is sending the log-message itself in field "message" and fluentbit (we have limited control over its configuration because its centralized) sends the message in field "log".
Is there a efficient way (on es side) to rename the field "log" in the logs shipped by fluentbit to "message" ?
Thanks all and greetings!
I don't know if fluentbit supports using elasticsearch ingest pipelines.
If it does, just create a pipeline with a rename processor.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.