Closed polycaster closed 4 years ago
Got around this by adding an undocumented parameter to the input source.
It then became:
<source>
@type cloudwatch_logs
tag cloudwatch
log_group_name /aws/rds/instance/instancesrds-skyfallperf-postings/postgresql
log_stream_name instancesrds-skyfallperf-postings
fetch_interval 20
use_log_stream_name_prefix true
json_handler json
format /(?<message>.+)/
state_file /etc/fluent/rds_state.pos
</source>
Noticed this after reading through the code and it can be found on the Configure STS credentials
section as an example.
Problem
I want to use this plugin to input RDS logs from Cloudwatch which are not output in a JSON structure, however the plugin seems to only support JSON messages and i'm wondering why. I might be missing something here. ...
Steps to replicate
Now for every parsed log there will be the following:
Expected Behavior or What you need to ask
I would expect messages to be parsed regardless of format within the "message" parameter coming from the cloudwatch event. Is there a specific reason why these are mandatory to be valid JSON? ...
Using Fluentd and CloudWatchLogs plugin versions