You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -131,7 +131,7 @@ PUT _ingest/pipeline/filebeat* <1>
<1> `_ingest/pipeline/filebeat*`: The name of the pipeline. Update the pipeline name to match the name of your data stream. For more information, refer to {fleet-guide}/data-streams.html#data-streams-naming-scheme[Data stream naming scheme].
<2> `processors.dissect`: Adds a {ref}/dissect-processor.html[dissect processor] to extract structured fields from your log message.
<3> `field`: The field you're extracting data from, `message` in this case.
<4> `pattern`: The pattern of the elements in your log data. The pattern varies depending on your log format. `%{@timestamp}`, `%{log.level}`, `%{host.ip}`, and `%{message}` are common {ecs-ref}/ecs-reference.html[ECS] fields. This pattern would match a log file in this format: `2023-11-07T09:39:01.012Z ERROR 192.168.1.110 Server hardware failure detected.`
<4> `pattern`: The pattern of the elements in your log data. The pattern varies depending on your log format. `%{@timestamp}` is required. `%{log.level}`, `%{host.ip}`, and `%{message}` are common {ecs-ref}/ecs-reference.html[ECS] fields. This pattern would match a log file in this format: `2023-11-07T09:39:01.012Z ERROR 192.168.1.110 Server hardware failure detected.`
Refer to <<logs-stream-parse>> for more on using ingest pipelines to parse your log data.
