search

fluent-plugins-nursery / fluent-plugin-cloudwatch-logs

CloudWatch Logs Plugin for Fluentd
MIT License
201 stars 141 forks source link

Nested JSON Output #255

Closed atze234 closed 9 months ago

atze234 commented 9 months ago

Hello,

i'm parsing my logs using Grok Patterns with the fluent-plugin-grok-parser. Having such a pattern in filter for example:

<filter matcher>
  @type parser
  key_name message
  reserve_data true
<grok>
  pattern "^%{IP:[http][request][client][ip]} %{DATA}"
</grok>
</filter>

This will create the Field "[http][request][client][ip]" in cloudwatch logs. Is it possible somehow that i can put nested JSON directly to cloudwatch?

What i expect in Cloudwatch Logs:

{

    "host": "myhostname",
    "message": "192.168.0.1 message-from-ip",
    "http": {
        "request": {
          "client": {
            "ip" : "192.168.0.1"
          }
        }
      }
}

But i got in cloudwatch:

{

    "host": "myhostname",
    "message": "192.168.0.1 message-from-ip",
    "[http][request][client][ip]": "192.168.0.1"
}

Im using the fluent-package from Debian Repository with these plugins: fluent-plugin-cloudwatch-logs (0.14.3) fluent-plugin-grok-parser (2.6.2)

github-actions[bot] commented 9 months ago

@atze234 this issue was automatically closed because it did not follow the issue template.