Unable to index one field..please help

Hi All,

I am using bind log parser to parse the logs and at the same time have created a translate_plugin to create dictionary_path and adding customised field but I am not sure how to index that field using logstash-template.json?

Can someone please help me on this?

translate {
field => "query"
destination => "malicious_domain"
refresh_interval => 20
dictionary_path => '/etc/logstash/isndoms.yaml'
}

I need to Index malicious_domain field; please help me on this!!

Ok - I guess I did not refresh the index that resolved the issue..

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.