Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

JSON logs not seen as JSON by Subscription filter?

0

I'm trying to get our logs from cloudwatch into Kibana, but I've run into an unexpected problem. Our logs are JSON formatted, and show up as such in cloudwatch. When I go to create an Elasticsearch subscription filter, and choose the JSON format testing the filter pattern on the data from this log group just matches the whole json object as a string it puts under the message field. If I try to add a pattern, it seems to split the string on random delimiters (: , and space) and that wouldn't help anyway since the logs don't all have the same json fields.

Am I approaching this wrong?
How do I get json data from cloudwatch into elastic search with the fields being the same on either end?

Temas
Gestión y gobierno
Etiquetas
Amazon CloudWatch
Idioma
English
percosab
preguntada hace 4 años861 visualizaciones
1 Respuesta
0

I figured this out. The JSON format was working, but all my log groups were going to the same index, once we fixed that they started showing up with all their fields in ES. I did end up adding a pattern, { $.written_ts > 500 }, just to sort out the actual JSON objects from the occaisional print() statement that I still need to find and remove.

percosab
respondido hace 4 años

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante