Hi All,
New to KIbana/ES. we have ES running on azure with our application.
We have apache2 logs format which are configured using a config map as below:
log-format: '"{"localServerName": "%v", "remoteHost": "%h", "identdUsername":
"%l", "remoteUser": "%u", "time": "%t", "responseTime": %D, "requestFirstLine":
"%r", "status": "%>s", "bytes": "%b", "referer": "%{Referer}i",
"userAgent": "%{User-agent}i"}"'
now when we see the logs in kibana discover, we are not seeing all the fields getting parsed as JSON.
example log:
{"localServerName": "stage3.abc.se", "remoteHost": "1.1.1.1", "identdUsername": "-", "remoteUser": "-", "time": "[12/Jul/2019:17:31:27 +0000]", "responseTime": 20974, "requestFirstLine": "GET /ws/v2/users/rajiv.dantu HTTP/1.1", "status": "200", "bytes": "967", "referer": "https://abc.se", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:66.0) Gecko/20100101 Firefox/66.0"}
what we see is the field called log with the full log value but no specific fields getting updated with values.
Any idea why this happens and how to look at why it happens? Could it be the fluent bit we are using is not able to parse the JSON?
Rajiv.