Open pdelormekpler opened 1 year ago
@elastic/obs-cloud-monitoring fyi
@pdelormekpler the s3 object key unescaping on the PR you mentioned is indeed what makes the +
sign be translated to a space char.
see this go playground snippet if you want to understand what happens.
there is indeed a bug in the filebeat input, since we should unescape the s3 object key only when the value comes from an s3-sqs notification. in your case, since you are using the direct s3 listing input, the key is not escaped and we should not unescape it.
Hi! We just realized that we haven't looked into this issue in a while. We're sorry!
We're labeling this issue as Stale
to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1
.
Thank you for your contribution!
Hi,
I'm testing the aws-s3 input in Filebeat to ship logs from S3 to ElasticSearch.
I'm using filebeat 8.5.2 with this input config:
Everything starts fine:
Logs:
In my s3 bucket, the path is:
NNN/insight_daily/daily_insight_content/2022-04-01T00:00:00+00:00/1.log
I saw a related PR merged, but it seems it's not working for "+" at least.
Thank you for your help.