I'm trying to mask some values in the logs but looks like it's not working because of the log format.
Here is the format:
"_source": {
"log": "2021-01-24 07:15:37 +0000 [warn]: #0 dump an error event: error_class=Fluent::Plugin::ElasticsearchErrorHandler::ElasticsearchError error=\"400 - Rejected by Elasticsearch\" location=nil tag=\"myapp-tag\" time=2021-01-24 07:15:32.694763042 +0000 record={\"method\"=>\"GET\", \"path\"=>\"/404\", \"format\"=>\"html\", \"controller\"=>\"ErrorsController\", \"action\"=>\"not_found\", \"status\"=>404, \"duration\"=>2.66, \"view\"=>0.38, \"params\"=>{\"path\"=>\"/etc/<canary>\", \".ico\"=>nil}, \"app_name\"=>\"myapp-name\", \"host\"=>\"host.com\", \"remote_id\"=>\"123.213.78.179\"}\n"
For example, how do I access app_name?