How to parse functionbeat cloudwatch logs

Kay_Khan · October 2, 2020, 8:57am

I have recently setup functionbeat to ship aws cloudwatch logs to elasticsearch.

How do i format the message into multiple fields; timestamp, log_id, log_level and the actual message.

I want to parse the message fields. So that it becomes log_timestamp, log_id, level and the object thats remaining is the message.

expected:

{
...
log_timestamp: "2020-10-02T08:45:37.404Z",
log_id: "77b5e840-0269-4877-99cb-dbdfb4b97094",
level: "INFO",
message: {
  event: 'INSERT',
  payload: {
    person_id: 'd6db17f9-f366-46b1-b5bd-127aebb05c2c',
    game_id: 'a0038f96-b268-415d-bb12-1738f46e377e'
  }
}
}

Is there something prebuilt that already does this. i saw this in the documentation https://www.elastic.co/guide/en/beats/functionbeat/current/functionbeat-installation-configuration.html#setup-assets but not sure what it is and it didint change anyhthing.

system · October 30, 2020, 10:57am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Functionbeat not using timestamp from CloudWatch logEvent Beats functionbeat	3	627	June 25, 2019
Functionbeat JSON logs Beats	1	333	May 22, 2019
How to extract JSON from lambda-generated cloudwatch logs with Functionbeat? Beats functionbeat	1	667	July 19, 2021
[AWS] Functionbeat to logstash config problem Beats functionbeat	5	724	March 27, 2019
Decode_json_fields with message field Beats functionbeat	3	969	September 7, 2020

How to parse functionbeat cloudwatch logs

Related topics