in the this shttps://www.elastic.co/blog/how-to-centralize-logs-with-rsyslog-logstash-and-elasticsearch-on-ubuntu-14-04ample , the elastic doc stored as following:
{
"@timestamp" : "2015-11-18T18:45:00Z",
"@version" : "1",
"message" : "Your syslog message here",
"sysloghost" : "hostname.example.com",
"severity" : "info",
"facility" : "daemon",
"programname" : "my_program",
"procid" : "1234"
}
why some field, like and has a '@' sign prepend while others not ?
what is the logic behind it?
appreciate any help!
I think it started in Logstash as a convention for meta fields.
There is no specific behavior in elasticsearch regarding those names.
appreciate the insight! Thank you.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.