[Functionbeat] Index multiple individual events from Kinesis events array #12442
Comments
|
@bczifra thanks for filing! I'd like to confirm here, is this Cloudwatch or Cloudtrail data? |
|
@acchen97 Cloudwatch |
|
Same problem here. Is someone working on this? Any workarround? |
|
This should be resolved in #13317 (thx!). However, we still have an outstanding task to update the documentation, and backport to the version when we first added this function to include information on this new function and to mark it as experimental (for now). @dedemorton |
|
Hi my apologies for missing this notification (it's been awhile). I've created an issue here to track the doc addition: #20042 |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
botelastic
bot
added
Stalled
needs_team
|
This issue doesn't have a |
Describe the enhancement:
Kinesis batches events together into a single array of events. These might look like this:
This enhancement request is to introduce functionality to allow Functionbeat to output each of the entries in the array as individual, separate events. That is, this single source event from Kinesis should generate three separate events that could then be JSON parsed and sent to Elasticsearch for processing.
Describe a specific use case for the enhancement or feature:
One example of when this would be useful is for parsing Cloudwatch logs, as shown in the example JSON above. Though Functionbeat does have a
cloudwatchfunction, there may be times where it doesn't have direct access to Cloudwatch but does have access to a Kinesis stream.The text was updated successfully, but these errors were encountered: