elasticsearch – PostgreSQL integration for ELK is not mapping logs properly
The integration is ingesting logs from CSV file and everything seems more or less ok, except that according to Elastic documentation the query body should be mapped to postgresql.log.query
field, however, in my case it’s mapped to message
field. Also I have 11 empty fields, however, I expect to see data at least in a few of them, at least.
I’m configuring PostgreSQL integration for ELK fleet. At this point I’m interested only in logs, so all of the metrics are disabled. I updated my PostgreSQL configuration to match this. Also I made sure that the postgresql logging configuraion stays as close to default as possible (except the changes suggested by elastic). There are no logs on the agent that can suggest why such behaviour occurs.
Read more here: Source link