Hi,
I have a C++ application with a custom logging framework.
I was able to modify the framework quite easily to produce ECS-formatted JSON messages. Now, I am trying to use FileBeat to load these log messages into Elastic.
The C++ application is already using WinHTTP to call various REST services, so I thought to just use WinHTTP, too, to send the events to FileBeat.
So far, my FileBeat configuration looks like this:
- type: http_endpoint
enabled: true
listen_address: "0.0.0.0"
listen_port: 5046
content_type: ""
prefix: "json"
preserve_original_event: true
processors:
- decode_json_fields:
fields: ["event.original"]
overwrite_keys: true
expand_keys: true
add_error_key: true
target: ""
- drop_fields:
fields: ["event.original", "json" ]
ignore_missing: true
However, I feel that there might be a better way.
If I just change prefix to "", I receive an error message in the Filebeat log that key names cannot be empty.
Any ideas on how this can be improved?