-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nested JSON map parsing not working #1409
Comments
I tried to rollback to |
message key is not parsed by default, on that case you can use the decoder
…On Thu, Jun 27, 2019, 20:26 Rafael Fonseca ***@***.***> wrote:
I tried to rollback to edsiper/fluent-bit-1.2-next:5 and that didn't
work. Rolling back to fluent/fluent-bit:1.1.2 makes it work better (but
no parsing of message key).
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#1409?email_source=notifications&email_token=AAC2INSBVWMA3L75NTOE7WLP4VZEHA5CNFSM4H4BDMJ2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODYY3Y6Q#issuecomment-506575994>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAC2INVKHTTMWXZ6UYW6UOTP4VZEHANCNFSM4H4BDMJQ>
.
|
Closing this ticket, the solution is to use Decoder in your parser but applied to message key. |
Sorry @edsiper but this isn't resolved. While I can add the decoder to the I will retrace my steps again to confirm one more time. |
Hi @rafaelmagu, is this working better with 1.2.2? |
Hi @servo1x, it does not work for me. I have settled on |
Does this issue have a solution? same issue here. |
Hi, I do have this issue with 1.3 docker image. This is from fluentbit container log stdout
Value for This is my parsers.conf
|
If you are using Fluent Bit >= 1.2 you have to get rid of the decoder: https://docs.fluentbit.io/manual/installation/upgrade_notes#fluent-bit-v-1-2 |
Bug Report
Describe the bug
Nested JSON maps in a Kubernetes service's stdout log do not get parsed in 1.2.0.
To Reproduce
I'm using the Helm chart for Fluent Bit. Here is
fluent-bit-config
ConfigMap:Original log message from container stdout:
Object as displayed in Kibana:
{\"@timestamp\":\"2019-06-28T00:01:23.500Z\",\"@version\":\"1\",\"message\":\"172.22.10.250 - - [2019-06-28T00:01:23.500Z] \\\"GET /healthcheck HTTP/1.1\\\" 200 -1\",\"method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status_code\":200,\"requested_url\":\"GET /healthcheck HTTP/1.1\",\"requested_uri\":\"/healthcheck\",\"remote_host\":\"172.22.10.250\",\"remote_user\":\"-\",\"content_length\":-1,\"elapsed_time\":1}
Expected behavior
I expected the nested JSON map to be parsed correctly, and the keys available as indexed fields in Elasticsearch.
Your Environment
Additional context
This was mostly working with
edsiper/fluent-bit-1.2-next:5
, except for the fact that one field wasn't fully parsed (note the extra backslashes):This has been described in #1278 (comment)
I'm using a custom Docker image built on top of 1.2.0:
The files mentioned are detailed here: #337 (comment)
The text was updated successfully, but these errors were encountered: