Hi team!
Is there a error will be if i name my logstash’s parsed fields “server”, “message”, “client”. I was unable to see this parsed fields in graylog but see they in “stdout { codec => rubydebug }” output.
Once i have rename these fields to “server1”, “message1”, “client1” they appeared in graylog. Is they like “reserver” fields? If yes why it is denied to name custom values like reserver? And where can find full list of reserver fields?
Thank you.
“message” is kind of a reserved field. The other two fields (“server” and “client”) should have shown up.
Thank you jochen,
How i can get all reserved field list? For what purpose reserved fields is?
The reserved fields are being used for various functions in Graylog, for example “message” is the default message shown in the web interface.
Thank you jochen.
I thought internal graylog-template has reserved fields and custom user fields. For which then is graylog-template in elasticsearch?
The index template is required so that certain fields in Elasticsearch have a defined type (instead of being “auto-detected” by Elasticsearch).
See http://docs.graylog.org/en/2.3/pages/configuration/elasticsearch.html#custom-index-mappings for details.
Got it now.
Thank you.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
