Hey Everyone,
So I have Functionbeat working nicely with cloudwatch logs, we use Bunyan to do out logging in JSON format so, for example, some log messages look like this:
{
"name": "the_log",
"hostname": "ip-1-2-3-4",
"pid": 1,
"level": 30,
"msg": "Some Message",
"time": "2019-04-24T16:56:27.769Z",
"v": 0
}
I also added the following to the processor
processors:
- decode_json_fields:
when.regexp.message: '^{'
fields: ["message", "msg"]
process_array: true
max_depth: 5
overwrite_keys: true - add_host_metadata: ~
- add_cloud_metadata: ~
However, those fields don't appear to get indexed, a normal console.log appears fine but all the JSON bits are missing. Normally these fields just appear so I'm guessing there's something different with Functionbeat?
Thanks in advance
Marc