[syslog-ng] Forwarding to Elastic
Fabien Wernli
wernli at in2p3.fr
Thu May 28 07:58:48 UTC 2020
Hi Shawn,
On Wed, May 27, 2020 at 04:24:11PM -0400, Shawn Taylor wrote:
> I am running ES/Kibana 6.8.9-1 and am struggling with this issue.
>
> https://discuss.elastic.co/t/message-failed-to-find-message-in-kibana-logs/210522
>
> I have added my index to the *Logs Indices* field in the Logs configuration.
>
> When I look at the fields in a document I see a field called MESSAGE, but
> not message.
>
> I do not see a way to add this field in the configuration. Is it possible
> to have this document display in the Logs UI? Can I convert the fields in
> syslog-ng to lowercase before forwarding them to elastic?
I don't use the "logs app" in Kibana, so I'm afraid I'm limited in my
ability to help you.
That being said, the thread you mention has been solved by changing the name
of the message column by the user:
You are right! My problem was that I was changing "message" field to
"message_log", so really "message" field didn't exist.
I have changed in Kibana Logs the "Log Columns" to add "message_logs" and it
works now!
So it seems you can change the name of the columns in kibana, and in your
case, assuming you're using the default syslog-ng config, it should be
MESSAGE.
More information about the syslog-ng
mailing list