I use filebeat to grab my Docker logs. Most of these are plain text. However, for self-created services I like to use Serilog for structured logging and it therefore formats the logs in elasticsearch format.
Is it possible to somehow enable json decoding partially, and let non-json logs go through as though json decoding wasn't enabled? Possibly by configuring multiple container inputs and filtering appropriately?
I already tried enabling json decoding, but then all non-json logs will result in an elasticsearch error, which ironically also fails as the log message is a cropped json body.
That's what I was hoping you could tell me.
How would I add such a processor so that it would send the message as is if it is plain text, or decode the message if it is json?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.