Hi guys,
I noticed today that for some pods log messages are available in the message field, while for others they in the msg field. Is there some way to merge this field or make them all available over a pointer that links merges the result of both of them?
If you have Logstash in your pipeline you can do all kind of alteration to your logs, e.g.
filter {
if [msg] {
mutate {
rename => { "msg" => "message" }
}
}
}
See
https://www.elastic.co/guide/en/logstash/current/plugins-filters-mutate.html
I am using fluentd actually for log collection 
I'm sure fluentd have similar functionality... OR you can switch to FluentBit, forward logs to a Logstash instance then to Elasticsearch. 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.