Hi everyone,

I am now using Flume to collect log into ElasticSearch. And the logs are in json format. However, when I check them in ES, it seems that Flume has put the entire json log in the @message attribute. Is there any config to do or need I do some coding to separate them into different columns as ES always does?

BTW, I found that ttl seems not working in ElasticSearch. I'm using Flume

Any clue shall be appreciated.