rdesgrange
(Rdesgrange)
September 21, 2016, 2:51pm
1
Hi,
I have a setup where filebeat send log to logstash, that process it through grok parser and then send it to Elasticsearch. Classic.
I just add this line in my logstash configuration :
useragent {
source => "http_user_agent"
target => "useragent"
}
In Kibana I can see the data, but kibana say to me "This field is not indexed thus unavailable for visualisation and search"
I didn't have problem with other field ? with this field aren't indexed ? I have the geoip plugin and field are correctly indexed.
In advance thanks
spinscale
(Alexander Reelsen)
September 21, 2016, 4:35pm
2
Hey,
the useragent
field usually contains some more sub fields. Is it possible that you havent specified a concrete one?
--Alex
rdesgrange
(Rdesgrange)
September 22, 2016, 7:58am
3
what do you mean by concreate one.
I have several sub fields, like build
, device
, etc... but where do I need to specify these field in order to index it ?
The thing I don't understand is why geoip
is indexed normaly (without any configuration) and not useragent.
rdesgrange
(Rdesgrange)
September 22, 2016, 8:15am
4
Ok I refresh the kibana index in Settings/Indices, and it's now indexed.
Sorry, I though that the field wasn't index in elasticsearch
Thanks for the help.