hi.
I have a rabbitmq->Logstash->elasticSearch pipeline .When i look at the data being sent to elastic search, i see that some times, there is a short_message and long_message while other times there is just short_Message,
Is there a way, i can make it consistent to have both short_message and long_message and if that's not an option, how do i check if long_message is present and retrieve my data from there ?
I have found the root cause, as short_message and full_message were generated by Gelf appender for log4net. There was size limit being used (250 char limits) internally that determined which field to use message data. Changed Appender to send always both fields with data in required place, worked.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.