[syslog-ng] Forwarding to Elastic

Shawn Taylor staylor8 at ncsu.edu
Thu May 28 11:48:16 UTC 2020 

Thanks Fabien,

I can't seem to find this configuration option in Kibana. I see the MESSAGE
field in the document, but I assume that it's case sensitive and doesn't
recognize that field?

Shawn

On Thu, May 28, 2020 at 3:58 AM Fabien Wernli <wernli at in2p3.fr> wrote:

> Hi Shawn,
>
> On Wed, May 27, 2020 at 04:24:11PM -0400, Shawn Taylor wrote:
> > I am running ES/Kibana 6.8.9-1 and am struggling with this issue.
> >
> >
> https://discuss.elastic.co/t/message-failed-to-find-message-in-kibana-logs/210522
> >
> > I have added my index to the *Logs Indices* field in the Logs
> configuration.
> >
> > When I look at the fields in a document I see a field called MESSAGE, but
> > not message.
> >
> > I do not see a way to add this field in the configuration. Is it possible
> > to have this document display in the Logs UI? Can I convert the fields in
> > syslog-ng to lowercase before forwarding them to elastic?
>
> I don't use the "logs app" in Kibana, so I'm afraid I'm limited in my
> ability to help you.
> That being said, the thread you mention has been solved by changing the
> name
> of the message column by the user:
>
>    You are right! My problem was that I was changing "message" field to
>    "message_log", so really "message" field didn't exist.
>    I have changed in Kibana Logs the "Log Columns" to add "message_logs"
> and it
>    works now!
>
> So it seems you can change the name of the columns in kibana, and in your
> case, assuming you're using the default syslog-ng config, it should be
> MESSAGE.
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>

-- 
Shawn Taylor
Security Applications Technologies
NC State University
1575 Varsity Drive
Raleigh NC 27606
919.515.8507
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200528/66831e08/attachment-0001.html>

More information about the syslog-ng mailing list