kibana - Logstash not adding fields -
i using logstash 1.4.2 , have following conf file.
i expect see in kibana in "fields" section on left options "received_at" , "received_from" , "description", don't.
i see
- @timestamp
- @version
- _id
- _index
- _type host path
i see in _source section on right side following...
received_at:2015-05-11 14:19:40 utc received_from:pgp02 descriptionerror1!
so home come these don't appear in list of "popular fields"?
i'd filter right side not show every field in _source section on right. excuse redaction blocks.
input { file { path => "c:/servererrlogs/office-log.txt" start_position => "beginning" sincedb_path => "c:/tools/logstash-1.4.2/office-log.sincedb" tags => ["product_qa", "office"] } file { path => "c:/servererrlogs/dis-log.txt" start_position => "beginning" sincedb_path => "c:/tools/logstash-1.4.2/dis-log.sincedb" tags => ["product_qa", "dist"] } } filter { grok { match => ["path","%{greedydata}/%{greedydata:filename}\.log"] match => [ "message", "%{timestamp_iso8601:logdate}: %{loglevel:loglevel} (?<logmessage>.*)" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] } date { match => [ "logdate", "iso8601", "yyyy-mm-dd hh:mm:ss,sssssssss" ] } #logdate parsed timestamp, remove original log message mutate { remove_field => ['message', 'logdate' ] add_field => [ "description", "error1!" ] } } output { elasticsearch { protocol => "http" host => "0.0.0.x" } } update:
i have tired searching query like:
tags: data , loglevel : info
then saving query, , reloading page.
but still don't see loglevel appearing 'popular fields'
if fields don't appear on left side, it's kibana caching problem. go settings->indices, select index, , click orange refresh button.
Comments
Post a Comment