fluentd not parsing JSON log file entry

[jsnandini09]

I've seen a number of similar questions but none of the solutions solves my issue. Below are my configuration details Elasticsearch :7.3.0 Kibana :7.3.0 Fluentd deamonset: fluent/fluentd-kubernetes-daemonset:v1-debian-elasticsearch Currently my logs are showing in kibana like this: "log": "{\"type\":\"response\",\"@timestamp\":\"2022-11-17T10:16:04Z\",\"tags\":[],\"pid\":1,\"method\":\"post\",\"statusCode\":200

I'm expecting to see the JSON pulled from the log: value somewhat like this

type: response
timestamp:"2022-11-17T10:16:04Z
tags: []
pid:1
method:post

My fluentd config is:

<source>
    @type tail
    path /var/log/containers/*.log
    pos_file /var/log/fluentd-containers.log.pos
    tag kubernetes.*
    exclude_path ["/var/log/containers/fluent*"]
    read_from_head true
    tag kubernetes.*
    <parse>
      @type multi_format
      <pattern>
        format json
        time_key time
        time_type string
        time_format "%Y-%m-%dT%H:%M:%S.%NZ"
        keep_time_key false
      </pattern>
      <pattern>
        format regexp
        expression /^(?<time>.+) (?<stream>stdout|stderr)( (?<logtag>.))? (?<log>.*)$/
        time_format '%Y-%m-%dT%H:%M:%S.%N%:z'
        keep_time_key false
      </pattern>
    </parse>
 </source>

 <filter kubernetes.var.log.containers.**.log>
  @type kubernetes_metadata
  </filter>

  <filter kubernetes.**>
  @type parser
  key_name log
  <parse>
    @type json
    json_parser json
  </parse>
  replace_invalid_sequence true
  remove_key_name_field true
  reserve_data true
  emit_invalid_record_to_error false 
  reserve_time true 
  </filter>

How do I get logs whose messages are in string format in JSON format

[github-actions[bot]]

This issue has been automatically marked as stale because it has been open 90 days with no activity. Remove stale label or comment or this issue will be closed in 30 days

[github-actions[bot]]

This issue was automatically closed because of stale in 30 days