Thanks Fabien, I can't seem to find this configuration option in Kibana. I see the MESSAGE field in the document, but I assume that it's case sensitive and doesn't recognize that field? Shawn On Thu, May 28, 2020 at 3:58 AM Fabien Wernli <wernli@in2p3.fr> wrote:
Hi Shawn,
On Wed, May 27, 2020 at 04:24:11PM -0400, Shawn Taylor wrote:
I am running ES/Kibana 6.8.9-1 and am struggling with this issue.
https://discuss.elastic.co/t/message-failed-to-find-message-in-kibana-logs/2...
I have added my index to the *Logs Indices* field in the Logs
configuration.
When I look at the fields in a document I see a field called MESSAGE, but not message.
I do not see a way to add this field in the configuration. Is it possible to have this document display in the Logs UI? Can I convert the fields in syslog-ng to lowercase before forwarding them to elastic?
I don't use the "logs app" in Kibana, so I'm afraid I'm limited in my ability to help you. That being said, the thread you mention has been solved by changing the name of the message column by the user:
You are right! My problem was that I was changing "message" field to "message_log", so really "message" field didn't exist. I have changed in Kibana Logs the "Log Columns" to add "message_logs" and it works now!
So it seems you can change the name of the columns in kibana, and in your case, assuming you're using the default syslog-ng config, it should be MESSAGE.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Shawn Taylor Security Applications Technologies NC State University 1575 Varsity Drive Raleigh NC 27606 919.515.8507