I think this is the same issue where we were working on key_value() to extract the fields and that wouldn’t work either… we had arrived at the point where I had noted to add a few more debug messages into the pipeline… did those show as being added to the message? From what we were seeing the work was being done but it was not being written to Elasticsearch… That is odd behavior and the behavior in this thread where it doesn’t like simple regex searches is strange as well…
Can you run one of these (depending on what OS you have):
dpkg -l | grep -E ".*(elasticsearch|graylog|mongo).*"
--or--
yum list installed | grep -E ".*(elasticsearch|graylog|mongo).*"
Also which Java version you are using?
$ java -version
openjdk version "1.8.0_312"
OpenJDK Runtime Environment (build 1.8.0_312-8u312-b07-0ubuntu1~20.04-b07)
OpenJDK 64-Bit Server VM (build 25.312-b07, mixed mode)
