I've modified logstash.conf so that it will parse the message from IIS logs and I am seeing results in the discover tab but unfortunately, it is not showing up in visualize. I am pretty sure this is because I have not modified fields.yml. Is there a way to get the variables parsed from grok to show in the visualize tab by editing fields.yml from Filebeat?
My fields.yml is unmodified from the elastic default from filebeat 7.2.0
My logstash.conf file is simple and only has a grok filter
That looks like either a filebeat of Kibana question, not a logstash question.
I'm not completely sure but my filebeat data has to go through Logstash and is parsed by Logstash.conf so I put it under Logstash. I will edit to add tags though, thank you!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.