Add json parsing doc section for Filebeat on Kubernetes #22621
Conversation
Signed-off-by: chrismark <[email protected]>
|
Pinging @elastic/integrations-platforms (Team:Platforms) |
botelastic
bot
added
needs_team
💚 Build Succeeded
Expand to view the summary
Build stats
❕ Flaky test reportNo test was executed to be analysed. |
|
Hey @ChrsMark, i think you wanted to mention @dedemorton 😃 |
🤦🏼 you r right! sorry for this! |
Signed-off-by: chrismark <[email protected]>
Signed-off-by: chrismark <[email protected]>
| paths: | ||
| - "/var/log/containers/*-${data.kubernetes.container.id}.log" | ||
| processors: | ||
| - decode_json_fields: |
There was a problem hiding this comment.
Should this one still be json.*?
|
|
||
| It is common case when collecting logs from workloads running on Kubernetes that these | ||
| applications are logging in json format. In these case, special handling can be applied so as to | ||
| parse these json logs properly and decode them into fields. Bellow there are provided 3 different ways |
There was a problem hiding this comment.
I think we should be more opinionated here, adding just 2 options. One for template based autodiscover and another one for hints based autodiscover. I would go for json.* as it gives the user more freedom down the line (multiline/line filtering happens after JSON decoding).
Signed-off-by: chrismark <[email protected]>
|
@exekias fixed, could you have another look please? |
(cherry picked from commit b0da5cb)
Adds documentation section about json parsing for Filebeat on Kubernetes.
Closes #22516
@dedemorton do you think I should add it in the new docs guide we are preparing?