We are using ELK as a standalone deployment on bosh to get application logs from CF (v6). We deployed a new ELK for our prod environment and migrated the logs from old environment to new ELK. We are facing issue with logs as in the new ELK the org and space name and IDs are not present. The indices are getting created without the org and space name. Because of that except admin any other CF user are not able to view logs from Kibana. We checked the cf logs are working properly through CLI but ELK is not able to fetch or parse all the data properly.
We have 4 doppler in our CF deployment.
The firehose-to-syslog output of Dev and Prod environment is attached.
We are using the same setup in our dev and test environment and there we do not have this issue.
Can you please suggest which component is responsible for this issue? And what changes can we make to resolve this issue?
We are using ELK as a standalone deployment on bosh to get application logs from CF (v6). We deployed a new ELK for our prod environment and migrated the logs from old environment to new ELK. We are facing issue with logs as in the new ELK the org and space name and IDs are not present. The indices are getting created without the org and space name. Because of that except admin any other CF user are not able to view logs from Kibana. We checked the cf logs are working properly through CLI but ELK is not able to fetch or parse all the data properly. We have 4 doppler in our CF deployment. The firehose-to-syslog output of Dev and Prod environment is attached.
We are using the same setup in our dev and test environment and there we do not have this issue. Can you please suggest which component is responsible for this issue? And what changes can we make to resolve this issue?