Hello
We use docker, configurer to send logs through Fluent Bit to Elastic Search.
When the log get out from FluentBit to ElasticSearch, the field Log who contain a JSON is encapsulated in quotes, making it parsed as a string but EL and thus not efficient for index.
I tried to modify the parsers.conf on Fluent Bit with:
Decode_Field_As escaped_utf8 log do_next
Decode_Field_As json log
but nothing works.
Any clue ?