diff --git a/infrastructure/monitoring/logstash/logstash.conf b/infrastructure/monitoring/logstash/logstash.conf index f71eb84d..1bae5793 100644 --- a/infrastructure/monitoring/logstash/logstash.conf +++ b/infrastructure/monitoring/logstash/logstash.conf @@ -10,6 +10,13 @@ filter { # container_id, but Kibana and other tools read from container.id by default rename => {"container_id" => "container.id"} } + # As of V8, Elasticsearch JSON logs now comply with ECS. [host] becomes object + mutate { + rename { + "[host]" => "[host][name]" + } + } + truncate { length_bytes => 12 fields => ["container.id"]