Filebeat decode json processor

venkat9731 · June 11, 2020, 6:20pm

I am having an issue with my filebeat config
Exiting: Error while initializing input: When using the JSON decoder and multiline together, you need to specify a message_key value accessing
filebeat.yml file

filebeat.inputs:
- type: container
  paths: 
    - '/var/lib/docker/containers/*/*.log'
  multiline.pattern: '^{'
  multiline.negate: true
  multiline.match: after
  json.keys_under_root: true
  json.overwrite_keys: true  

processors:
- add_docker_metadata:
    host: "unix:///var/run/docker.sock"  

- decode_json_fields:
    fields: ["log"]  
    overwrite_keys: true
    max_depth: 10

output.elasticsearch:
  hosts: [elasticsearch:9200]
  indices:
    - index: "filebeat-%{[agent.version]}-%{+yyyy.MM.dd}"

logging.json: true
logging.metrics.enabled: false

and my log format is

{"@timestamp":"2020-06-11T18:01:27.098Z", "log.level": "INFO", "message":"200 OK: GET - "url", "service.name":"service name","event.dataset":"","process.thread.name":"thread nmae","log.logger":"Application","service.type":"application","request_uuid":"request_uuid"}

and also, how can I set the parameters such as request_uuid under root instead of the message key.

system · July 12, 2020, 11:38pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat crashing on JSON decoder and multiline together specifying a message_key value error Beats filebeat	1	1526	May 8, 2019
How to get multiline JSON parsing configured? Beats filebeat	2	1928	December 12, 2020
Filebeat Multiline Docker Log Beats filebeat	7	2221	March 7, 2019
Filebeat: error json decode Beats docker , filebeat	2	374	October 27, 2021
Filebeat not parsing json in messages Beats filebeat	10	6682	June 5, 2018

Filebeat decode json processor

Related topics