I'm having a log file from my cron-service with the format like this:
ISO_time|job_name|job_status
Example:
2020-03-16T06:30:02+00:00|clean_up_database|0
2020-03-16T06:30:03+00:00|random_job|1
How can I parse those fields with dissect processor and convert the status_code at the end to an integer? I updated the annotation of the pod with the following command but it didn't work:
kubectl annotate pods <pod_name> co.elastic.logs/enabled=true --overwrite
kubectl annotate pods <pod_name> co.elastic.logs/processors.1.dissect.target_prefix='' --overwrite
kubectl annotate pods <pod_name> co.elastic.logs/processors.1.dissect.tokenizer='%{time}|%{job.name}|%{job.status_code}' --overwrite
kubectl annotate pods <pod_name> co.elastic.logs/processors.2.convert.fields='{from: "job.status_code", type: "integer"}' --overwrite
kubectl annotate pods <pod_name> co.elastic.logs/processors.3.timestamp.field='time' --overwrite
kubectl annotate pods <pod_name> co.elastic.logs/processors.3.timestamp.layouts='2020-03-16T04:05:02.234Z' --overwrite
kubectl annotate pods <pod_name> co.elastic.logs/processors.3.timestamp.test='2020-03-16T04:05:02+00:00' --overwrite
kubectl annotate pods <pod_name> co.elastic.logs/processors.4.drop_fields.fields='time' --overwrite
I really appreciate anyone who can help me out 