Hi Shawn, On Wed, May 27, 2020 at 04:24:11PM -0400, Shawn Taylor wrote:
I am running ES/Kibana 6.8.9-1 and am struggling with this issue.
https://discuss.elastic.co/t/message-failed-to-find-message-in-kibana-logs/2...
I have added my index to the *Logs Indices* field in the Logs configuration.
When I look at the fields in a document I see a field called MESSAGE, but not message.
I do not see a way to add this field in the configuration. Is it possible to have this document display in the Logs UI? Can I convert the fields in syslog-ng to lowercase before forwarding them to elastic?
I don't use the "logs app" in Kibana, so I'm afraid I'm limited in my ability to help you. That being said, the thread you mention has been solved by changing the name of the message column by the user: You are right! My problem was that I was changing "message" field to "message_log", so really "message" field didn't exist. I have changed in Kibana Logs the "Log Columns" to add "message_logs" and it works now! So it seems you can change the name of the columns in kibana, and in your case, assuming you're using the default syslog-ng config, it should be MESSAGE.