K
Q

Filebeat and json logs from Kubernetes not working

12/30/2019

I've setup a sample Kubernetes cluster using minikube with Elasticsearch and Kibana 6.8.6, and Filebeat 7.5.1.

My application generate log messages in json format {"@timestamp":"2019-12-30T21:59:48+0000","message":"example","data":"data-462"}

I can see the log message in Kibana, but my json log is embedded inside "message" atribute as a string:

enter image description here

I configured json.keys_under_root: true to no effect (as stated in documentation: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-log.html#filebeat-input-log-config-json)

My configuration:

  filebeat.yml: |-
    migration.6_to_7.enabled: true

    filebeat.config:
      modules:
        path: ${path.config}/modules.d/*.yml
        reload.enabled: false

    filebeat.autodiscover:
      providers:
        - type: kubernetes
          hints.enabled: true
          hints.default_config.enabled: false
          json.keys_under_root: true
          json.add_error_key: true

    output.elasticsearch:
      hosts: ['${ELASTICSEARCH_HOST:elasticsearch}:${ELASTICSEARCH_PORT:9200}']
      username: ${ELASTICSEARCH_USERNAME}
      password: ${ELASTICSEARCH_PASSWORD}
  kubernetes.yml: |-
    - type: docker
      containers.ids:
      - "*"
      processors:
        - add_kubernetes_metadata:
            in_cluster: true

I need the "message" and "data" fields as separate fields in Kibana.

What I'm missing?

-- Eduardo Ito
filebeat
json
kubernetes
minikube

Similar Questions

traefik kubernetes crd health check
Completely remove Kubernetes
How to verify cluster network policy configuration/support
Spring Security - Google OAuth 2.0 - UnknownHostException www.googleapis.com

1 Answer

1/1/2020

Try adding json.message_key: message in your filebeat configuration

-- Tummala Dhanvi
Source: StackOverflow