Support default logstash log format
We added support for receiving logs from logstash/elastic search in the issue #367 (closed), but it requires some specific logstash configuration to work.
Currently such configuration can be activated via the -log_format=append-rfc33339
option.
In addition to it, we should support for the JSON packaged logs, the default option on Logstash. A log line in such format looks like:
{"log-source":"filebeat","@version":"1","input":{"type":"log"},"ecs":{"version":"1.6.0"},"message":"Mar 20 07:54:52 melian postfix/smtp[6807]: 586711880093: to=<XXXXXXXX>, relay=XXXXX[XXXXX]:25, delay=4.1, delays=0.15/0.01/1.4/2.5, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 6ECB0A8019A)","log-type":"mail","tags":["beats_input_codec_plain_applied"],"type":"debug","hostname":"melian","@timestamp":"2021-03-20T06:54:55.835Z","log":{"file":{"path":"/var/log/mail.log"},"offset":4020961}}
Which contains all the info we need: the timestamp, as a RFC 3339 encoded time, as well as the raw log line.
Requirements:
- When I want to allow Control Center to read receive logs from logstash, I'll pass the command line options
-log_format=logstash
.
Edited by Leandro Santiago