Filebeats is throwing this error but it is not configured to do any json processing. Any thoughts?
{"level":"warn","timestamp":"2019-01-17T21:55:19.132Z","caller":"elasticsearch/client.go:521","message":"Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xbf085c22ea8d145c, ext:1783841419872, loc:(*time.Location)(0x20ee1e0)}, Meta:common.MapStr(nil), Fields:common.MapStr{"offset":1096845, "tags":string{"docker-container"}, "prospector":common.MapStr{"type":"log"}, "host":common.MapStr{"name":"elastic-filebeat-t797m"}, "beat":common.MapStr{"name":"elastic-filebeat-t797m", "hostname":"elastic-filebeat-t797m", "version":"6.5.3"}, "message":"{\"log\":\" \\\"/bin/service-init/index.js\\\"\\n\",\"stream\":\"stdout\",\"time\":\"2019-01-17T20:18:27.924421093Z\"}", "source":"/var/lib/docker/containers/b84b2109973f370c30c3a0f95256c57466e0b9bbfd344569e7e3657aa03b0a23/b84b2109973f370c30c3a0f95256c57466e0b9bbfd344569e7e3657aa03b0a23-json.log", "input":common.MapStr{"type":"log"}, "meta":common.MapStr{"cloud":common.MapStr{"provider":"ec2", "region":"us-east-1", "availability_zone":"us-east-1a", "instance_id":"REDACTED", "machine_type":"t2.large"}}}, Private:file.State{Id:"", Finished:false, Fileinfo:(*os.fileStat)(0xc42024bba0), Source:"/var/lib/docker/containers/b84b2109973f370c30c3a0f95256c57466e0b9bbfd344569e7e3657aa03b0a23/b84b2109973f370c30c3a0f95256c57466e0b9bbfd344569e7e3657aa03b0a23-json.log", Offset:1096960, Timestamp:time.Time{wall:0xbf085a6556afd133, ext:1508152014, loc:(*time.Location)(0x20ee1e0)}, TTL:-1, Type:"log", Meta:map[string]string(nil), FileStateOS:file.StateOS{Inode:0x1f871dc, Device:0xca02}}}, Flags:0x1} (status=400): {"type":"mapper_parsing_exception","reason":"object mapping for [log_json] tried to parse field [log_json] as object, but found a concrete value"}"}
My configuration for this path:
- type: log
paths:- /var/lib/docker/containers/*/*.log
tags: ["docker-container"]
processors:
- add_kubernetes_metadata:
in_cluster: true