1

I have Elasticsearch + APM + Kibana configured for my services. Every http request is traced to APM. I'm currently capturing the body of all request. The field which stores the body inside the apm index is http.request.body.original.

The field look like this:

enter image description here

The problem is that I can't search inside that field. Something like http.request.body.original : *testuser* doesn't work. The body could be a simple JSON. Is there a way to allow searching in that fields? I need to prepare a dashboard with the requests that contains a specific user inside the body.

enter image description here

Thanks.

UPDATE

Http mapping image of apm-transaction index enter image description here

Rubén M
  • 107
  • 1
  • 1
  • 13
  • Can you show the response of this call `GET your-index/mapping/field/http.request.body.original` ? it shows as searchable, but I think it's not – Val Feb 14 '23 at 13:44
  • The endpoint returns empty value. Here is an image of the http mapping. It's weird because in APM view inside Kibana, I see an http.request.body.original field with its post value as JSON but the mapping is not showing it. – Rubén M Feb 15 '23 at 11:40
  • You should search on `http.request.body.content` or `http.request.body.content.text` – Val Feb 15 '23 at 11:44

0 Answers0