I’m trying to add a json extractor with a string matcher to an input. When I do the data for my stream stops showing up in search. The extractor works when I ‘try’ it and the stats for it look like it’s matching input records. How do you search on extracted data? I think there is something basic that I’ve missed but not sure.
Is the answer that we need to add mappings to the elasticsearch indices for newly extracted fields? that would explain why the records stop showing up in search when I add the extracted fields
what can you find in your Graylog server.log when you enable the extractor?
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.