I am running ES/Kibana 6.8.9-1 and am struggling with this issue.

https://discuss.elastic.co/t/message-failed-to-find-message-in-kibana-logs/210522

I have added my index to the Logs Indices field in the Logs configuration.

When I look at the fields in a document I see a field called MESSAGE, but not message.

I do not see a way to add this field in the configuration. Is it possible to have this document display in the Logs UI? Can I convert the fields in syslog-ng to lowercase before forwarding them to elastic?

Thanks,

Shawn