Unknown field - Filebeat json parsing

Hi.
Im using filebeat to send to Opensearch a preformatted json logfile. The files are parsing fine, but i have an unknown field and i don´t know why:

image752×353 15.3 KB

My log file :

{"data": {"affected_items": [{"cpu": {"cores": 8, "mhz": 2594, "name": "Intel Core Processor (Broadwell, no TSX, IBRS)"}, "ram": {"free": 14336760, "total": 16372160, "usage": 13}, "scan": {"id": 0, "time": "2024-05-09T08:47:30+00:00"}, "board_serial": " ", "agent_id": "058"}], "total_affected_items": 1, "total_failed_items": 0, "failed_items": []}, "message": "All specified syscollector information was returned", "error": 0}
{"data": {"affected_items": [{"cpu": {"cores": 8, "mhz": 2694, "name": "Intel(R) Xeon(R) Gold 6258R CPU @ 2.70GHz"}, "ram": {"free": 8709676, "total": 16362568, "usage": 47}, "scan": {"id": 0, "time": "2024-05-09T09:06:25+00:00"}, "board_serial": "None", "agent_id": "082"}], "total_affected_items": 1, "total_failed_items": 0, "failed_items": []}, "message": "All specified syscollector information was returned", "error": 0}

Filebeat config

filebeat.inputs:
- type: log
  enabled: true
  paths:
    - syscollector.log
  json.keys_under_root: true
  json.add_error_key: true
  json.message_key: log
processors:
- drop_fields:
    fields: [ "message" , "error" ]
- add_tags:
    tags: ["wazuh", "sys-wazuh"]
output.logstash:
  hosts: ["x.y.x.v:port"]

Any ideas?

Thanks in advance

OpenSearch/OpenDistro are AWS run products and differ from the original Elasticsearch and Kibana products that Elastic builds and maintains. You may need to contact them directly for further assistance. See What is OpenSearch and the OpenSearch Dashboard? | Elastic for more details.

(This is an automated response from your friendly Elastic bot. Please report this post if you have any suggestions or concerns )