I am having an issue with my filebeat config
Exiting: Error while initializing input: When using the JSON decoder and multiline together, you need to specify a message_key value accessing
filebeat.yml file
filebeat.inputs:
- type: container
paths:
- '/var/lib/docker/containers/*/*.log'
multiline.pattern: '^{'
multiline.negate: true
multiline.match: after
json.keys_under_root: true
json.overwrite_keys: true
processors:
- add_docker_metadata:
host: "unix:///var/run/docker.sock"
- decode_json_fields:
fields: ["log"]
overwrite_keys: true
max_depth: 10
output.elasticsearch:
hosts: [elasticsearch:9200]
indices:
- index: "filebeat-%{[agent.version]}-%{+yyyy.MM.dd}"
logging.json: true
logging.metrics.enabled: false
and my log format is
{"@timestamp":"2020-06-11T18:01:27.098Z", "log.level": "INFO", "message":"200 OK: GET - "url", "service.name":"service name","event.dataset":"","process.thread.name":"thread nmae","log.logger":"Application","service.type":"application","request_uuid":"request_uuid"}
and also, how can I set the parameters such as request_uuid under root instead of the message key.