28 May
2020
28 May
'20
12:55 p.m.
Hi Shawn, On Thu, May 28, 2020 at 07:48:16AM -0400, Shawn Taylor wrote:
I can't seem to find this configuration option in Kibana. I see the MESSAGE field in the document, but I assume that it's case sensitive and doesn't recognize that field?
Yes, fields in lucene are case-sensitive (it's just JSON). You could of course change the field name to @message (I believe you need the @ char too) before sending it to ES. You can do this multiple ways, either by adding a rewrite rule in your logpath, or by changing the template in the elasticsearch destination as suggested by Bazsi. I suggest you read the documentation, or of course we can assist you further in this list.