Version: 7.13.4
OS: osx
When using the decode_json_fields and configuring to add error keys, such errors are not added to the final JSON.
Sample configuration
filebeat.inputs:
- type: stdin
processors:
- decode_json_fields:
fields: ["message"]
target: ""
expand_keys: true
overwrite_keys: true
add_error_key: true
output.console:
pretty: trueFirst test with a valid JSON object:
echo '{"key":"value"}' | ./filebeat -c filebeat-error.yml -ereturns
{
"@timestamp": "2021-07-27T10:19:33.732Z",
"@metadata": {
"beat": "filebeat",
"type": "_doc",
"version": "7.13.4"
},
"ecs": {
"version": "1.8.0"
},
"host": {
"name": "rhincodon"
},
"agent": {
"hostname": "rhincodon",
"ephemeral_id": "53225a81-467b-4253-8ee7-bafa4e737e8f",
"id": "9ba7dc8c-a9ce-43a8-8c39-a306060abef5",
"name": "rhincodon",
"type": "filebeat",
"version": "7.13.4"
},
"key": "value",
"log": {
"offset": 0,
"file": {
"path": ""
}
},
"message": "{\"key\":\"value\"}",
"input": {
"type": "stdin"
}
}However invalid JSON like the missing bracket at the start does not show any error in the final JSON
echo '"key":"value"}' | ./filebeat -c filebeat-error.yml -e
returns
{
"@timestamp": "2021-07-27T10:20:41.144Z",
"@metadata": {
"beat": "filebeat",
"type": "_doc",
"version": "7.13.4"
},
"log": {
"offset": 0,
"file": {
"path": ""
}
},
"message": "\"key\":\"value\"}",
"input": {
"type": "stdin"
},
"agent": {
"name": "rhincodon",
"type": "filebeat",
"version": "7.13.4",
"hostname": "rhincodon",
"ephemeral_id": "51c5a075-1eca-4688-a1fc-164a3ff1cbc6",
"id": "9ba7dc8c-a9ce-43a8-8c39-a306060abef5"
},
"ecs": {
"version": "1.8.0"
},
"host": {
"name": "rhincodon"
}
}
Version: 7.13.4
OS: osx
When using the
decode_json_fieldsand configuring to add error keys, such errors are not added to the final JSON.Sample configuration
First test with a valid JSON object:
returns
{ "@timestamp": "2021-07-27T10:19:33.732Z", "@metadata": { "beat": "filebeat", "type": "_doc", "version": "7.13.4" }, "ecs": { "version": "1.8.0" }, "host": { "name": "rhincodon" }, "agent": { "hostname": "rhincodon", "ephemeral_id": "53225a81-467b-4253-8ee7-bafa4e737e8f", "id": "9ba7dc8c-a9ce-43a8-8c39-a306060abef5", "name": "rhincodon", "type": "filebeat", "version": "7.13.4" }, "key": "value", "log": { "offset": 0, "file": { "path": "" } }, "message": "{\"key\":\"value\"}", "input": { "type": "stdin" } }However invalid JSON like the missing bracket at the start does not show any error in the final JSON
returns
{ "@timestamp": "2021-07-27T10:20:41.144Z", "@metadata": { "beat": "filebeat", "type": "_doc", "version": "7.13.4" }, "log": { "offset": 0, "file": { "path": "" } }, "message": "\"key\":\"value\"}", "input": { "type": "stdin" }, "agent": { "name": "rhincodon", "type": "filebeat", "version": "7.13.4", "hostname": "rhincodon", "ephemeral_id": "51c5a075-1eca-4688-a1fc-164a3ff1cbc6", "id": "9ba7dc8c-a9ce-43a8-8c39-a306060abef5" }, "ecs": { "version": "1.8.0" }, "host": { "name": "rhincodon" } }