Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

JSON logs not seen as JSON by Subscription filter?

0

I'm trying to get our logs from cloudwatch into Kibana, but I've run into an unexpected problem. Our logs are JSON formatted, and show up as such in cloudwatch. When I go to create an Elasticsearch subscription filter, and choose the JSON format testing the filter pattern on the data from this log group just matches the whole json object as a string it puts under the message field. If I try to add a pattern, it seems to split the string on random delimiters (: , and space) and that wouldn't help anyway since the logs don't all have the same json fields.

Am I approaching this wrong?
How do I get json data from cloudwatch into elastic search with the fields being the same on either end?

Argomenti
Gestione e amministrazione
Tag
Amazon CloudWatch
Lingua
English
percosab
posta 4 anni fa861 visualizzazioni
1 Risposta
0

I figured this out. The JSON format was working, but all my log groups were going to the same index, once we fixed that they started showing up with all their fields in ES. I did end up adding a pattern, { $.written_ts > 500 }, just to sort out the actual JSON objects from the occaisional print() statement that I still need to find and remove.

percosab
con risposta 4 anni fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente