I have recently setup functionbeat to ship aws cloudwatch logs to elasticsearch.
How do i format the message into multiple fields; timestamp, log_id, log_level and the actual message.
I want to parse the message fields. So that it becomes log_timestamp, log_id, level and the object thats remaining is the message.
expected:
{
...
log_timestamp: "2020-10-02T08:45:37.404Z",
log_id: "77b5e840-0269-4877-99cb-dbdfb4b97094",
level: "INFO",
message: {
event: 'INSERT',
payload: {
person_id: 'd6db17f9-f366-46b1-b5bd-127aebb05c2c',
game_id: 'a0038f96-b268-415d-bb12-1738f46e377e'
}
}
}
Is there something prebuilt that already does this. i saw this in the documentation https://www.elastic.co/guide/en/beats/functionbeat/current/functionbeat-installation-configuration.html#setup-assets but not sure what it is and it didint change anyhthing.