I use filebeat to grab my Docker logs. Most of these are plain text. However, for self-created services I like to use Serilog for structured logging and it therefore formats the logs in elasticsearch format.
Is it possible to somehow enable json decoding partially, and let non-json logs go through as though json decoding wasn't enabled? Possibly by configuring multiple container inputs and filtering appropriately?
I already tried enabling json decoding, but then all non-json logs will result in an elasticsearch error, which ironically also fails as the log message is a cropped json body.