I am now using Flume to collect log into ElasticSearch. And the logs are in json format. However, when I check them in ES, it seems that Flume has put the entire json log in the @message attribute. Is there any config to do or need I do some coding to separate them into different columns as ES always does?
BTW, I found that ttl seems not working in ElasticSearch. I'm using Flume 184.108.40.206.
Any clue shall be appreciated.