Description of problem: We are able to configure log forwarding for fluentd, using the 'forward' output plugin. However, it seems the external logstash is only receiving "bad-request" with empty payload/message: { "headers" => { "http_accept" => nil, "request_path" => "/bad-request", "http_version" => "HTTP/1.0", "request_method" => "GET", "http_host" => nil, "http_user_agent" => nil }, "@timestamp" => 2020-02-25T09:09:02.459Z, "@version" => "1", "host" => "XX.XXX.XX.XX", // removed for this bugzilla issue "message" => "" } Is it possible to set a format/content type like JSON? Expected results: Audit logs are forwarded to external log stash.
Can you provide us with the generated fluent.conf. It would be part of the fluentd configmap in the openshift-logging namespace.
Looking closer into the issue, it seems that fluentd's forwarder was used but this does not work with logstash. There is currently no way to send it to logstash but if there is no particular reason, you could just forward it directly to Elastsearch. Closing this issue.