Hi, I'm using nxlog to send logs from Windows eventlog to elasticsearch, and using Kibana view. I'm getting all the message as it is in the 'Message' column, I want to re-order it so the hostname parameter will be the windows server (and not the elasticsearch server), add 'Type' to the messages, etc. this is the configuration file of nxlog: * 55.2.110.4=elasticsearch server <Extension json>  Module xm_json </Extension> # Nxlog internal logs <Input internal>    Module im_internal    Exec $EventReceivedTime = integer($EventReceivedTime) / 1000000; </Input>   # Windows Event Log <Input eventlog> # Uncomment im_msvistalog for Windows Vista/2008 and later    Module im_msvistalog   # Uncomment im_mseventlog for Windows XP/2000/2003 #   Module im_mseventlog      Exec $EventReceivedTime = integer($EventReceivedTime) / 1000000; </Input>   <Output out>    Module om_http    URL  https://55.2.110.4:443    HTTPSAllowUntrusted    TRUE </Output>   <Route 1>    Path internal, eventlog => out </Route>   this is an example message from kibana:   Field Action Value @timestamp   2015-09-08T07:35:47.064Z @version   1 _id   AU-r4dtqVULqkki94YkZ _index   logstash-2015.09.08 _type   logs host   55.2.110.4 http_port   5005 message   2015-09-08 07:35:43 dc-prod-zone-a.organization.com AUDIT_SUCCESS 4634 An account was logged off. Subject: Security ID: S-1-5-21-1595779987-1987268195-2987234418-1104 Account Name: DC-PROD-ZONE-C$ Account Domain: ORGANIZATION Logon ID: 0x679381 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.     Thanks a lot