Hi,
For one of my projects I'm trying to sue ELK for logging ansible events. I'm suing callback module from https://github.com/ujenmr/ansible-logstash-callback. And it communicates with logstash and logstash sends it to elastic., and everything looks ok, but there is always "but"
At Logstash level ansible_result is string.
{"ansible_type":"task","level":"INFO","ansible_result":"{"changed": false, "debug": "", "msg": "XXXX", "results": [{"login_encrypt_method": {"msg": "Zadovoljavajuci algoritam sazimanja sha512", "status": "true"}}], "stderr": null, "stdout": " password hashing algorithm is sha512\n", "stdout_lines": [" password hashing algorithm is sha512"]}","session":"XXX","message":"ansible ok","type":"ansible","ansible_playbook":"security-.yml","ansible_task":"Provjera primjene enkripcije na md5 ili ili shaX (kao argument uzima se tip potpisa)","logger_name":"python-logstash-logger","status":"OK"}
One of the most information from here is ansible_result, but logstash receives input as json.dump, like string, and elastic saves this field as string not as json.
So what I'm trying to accomplish here to have structure like:
"ansible_results":{
"changed":"true",
"msg": "Somme message"...
}
So i can be searchable using Kibana.
I've also tried to form by removing trailing staring " and ending " character, so logstash sends it to elastic as json, but than it doesn't logs anything in elasticsearch.
I don't have so much experince with cases like this one, so any ides would be great.
Thanks