Hello List, I’m trying to understand the use case of pattern_db when the destination will be ES. My initial understanding was that I could use patterndb as an engine to tag my log message data with attributes, but it doesn’t seem to work that way. I have a json output like this in Kibana. In a loghost deployment, It looks like I would need to manually align a patterndb filter with each host_message type even before patterned comes into play. Q) What is the right solution for enriching message data into ES ? Example JSON from Kibana MESSAGE is not parsed. ======================= { "_index": "syslog-ng_2016.09.12", "_type": "syslog-ng", "_id": "AVcdnzJla9VjMdxDYo8Z", "_score": null, "_source": { "PROGRAM": “###-asa11", "PRIORITY": "warning", "MESSAGE": "%ASA-4-106023: Deny tcp src outside:###.###.31.2/33553 dst public:###.###.7.191/443 by access-group \"outside_access_in\" [0x2c1c6a65, 0x0]", "ISODATE": "2016-09-12T13:57:03-04:00", "HOST": “###.###.###.###", "FACILITY": "local5", "@timestamp": "2016-09-12T13:57:03-04:00" }, "fields": { "ISODATE": [ 1473703023000 ], "@timestamp": [ 1473703023000 ] }, "sort": [ 1473703023000 ] }