Using Filebeat with Large JSON logs

jamesjuxly · March 24, 2021, 7:58pm

Hello,

I'm using an ELK stack with filebeat to ship JSON logs from docker containers (kubernetes) to elastic. The problem I'm having is that large log entries seem to be skipped. Is there a setting to change to allow this to pick up ~200kb+ json objects to log?

  filebeat.yml: |-
    filebeat.config:
      inputs:
        # Mounted `filebeat-inputs` configmap:
        path: ${path.config}/inputs.d/*.yml
        # Reload inputs configs as they change:
        reload.enabled: false
      modules:
        path: ${path.config}/modules.d/*.yml
        # Reload module configs as they change:
        reload.enabled: false

    processors:
      - add_cloud_metadata: ~
      - decode_json_fields:
          when.regexp.message: '^{'
          fields: ["message"]
          target: ""
          overwrite_keys: true
      - drop_event:
          when.not.contains.message: "\"cid\":"


    output.elasticsearch:
      hosts: ["loggingelastic:9200"]

system · April 21, 2021, 9:58pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat log file input empty in Kibana Beats docker , filebeat	2	400	October 24, 2022
Filebeat lost lines from docker json log file Beats docker , filebeat	1	389	July 24, 2020
Filebeat 7.2 shipping to elastic cloud .yml - Error Decoding Json logs Beats filebeat	5	492	August 13, 2019
Log message truncated at 32k Beats filebeat	2	1580	May 6, 2019
Filebeat isn't filtering and sending huge logs Beats filebeat	8	576	October 4, 2018

Using Filebeat with Large JSON logs

Related topics