Sep 6, 2018 · 1 min read
Nice blog! I have a similar setup but the raw json logs are not being parsed by fluentd as you say. Kibana parses them to show as separate fields but elasticsearch still shows them as a string under the log field. Since they are not json fields they are not searchable fields which almost totally defeats the purpose of splitting them.