[filebeat] Fix ingestion of JSON logs

lab/ansible/roles/filebeat/files/filebeat.yml

@@ -9,9 +9,10 @@ filebeat.inputs:
   enabled: true
   paths:
     - /var/log/*.log
+    - /var/log/messages
 
 output.elasticsearch:
-  hosts: ["http://192.168.40.46:5080"]
+  hosts: ["http://linux.service:5080"]
   timeout: 10
   path: "/api/default/"
   index: default

lab/ansible/roles/filebeat/templates/filebeat.yml.j2

@@ -8,11 +8,21 @@ filebeat.inputs:
 - type: log
   enabled: true
   paths:
-    - /var/log/*.log
+    - /var/log/auth.log
+    - /var/log/caddy.access.log
     - /var/log/messages
+    - /usr/local/etc/unbound/unbound.log
+  json.add_error_key: true        # Add an error key if JSON parsing fails
+
+processors:
+  - decode_json_fields:
+      fields: ["msg"]               # Parse the "msg" field (assuming it's a string containing JSON)
+      target: "msg"          # The parsed output will be under a new field "msg_parsed"
+      overwrite_keys: true          # Optionally overwrite the "msg" field
+
 
 output.elasticsearch:
-  hosts: ["http://linux.service:5080"]
+  hosts: ["http://log.service:5080"]
   timeout: 10
   path: "/api/default/"
   index: default