[09:42:26] <hashar>	 I looked a bit at the dlq events on Kibana, I wanted to search against the "original" field which is the original event serialized to json modules/profile/files/logstash/filter_scripts/dlq_transformer.rb
[09:43:07] <hashar>	 and somehow, I can not filter against that "original" field:  "Unindexed fields can not be searched"
[09:44:58] <hashar>	 and indeed it shows as a string type which is not searchable https://logstash.wikimedia.org/app/management/kibana/indexPatterns/patterns/19d32430-85d8-11eb-8ab2-63c7f3b019fc#/?_a=h@9293420 
[15:48:44] <cwhite>	 hashar: that is expected behavior for that field. `log.original` stores the original data for reference purposes and does not index it to mitigate index bloat
[18:18:56] <hashar>	 cwhite: I thought it could have been indexed just like any other kind of strings, eg without interpolating its content. But that might make the index larger I guess
[18:19:57] <hashar>	 cwhite: my use case was to find some restbase errors I spotted earlier in the week and I wanted to filter out on those to see more or less when it started.   Then obviously the proper way is to fix the wrong field type
[18:20:54] <hashar>	 then I wanted to find whether we could have the event 'message' field to be indexed, so one could at least triage the faulty messages, file out a task and get them addressed
[18:21:13] <hashar>	 that was my friday exploration -8^)