My SourceName has r-container-name-containerID
mhobotpplnet opened this issue · 2 comments
mhobotpplnet commented
Not sure how all this ties together but for example my ingested logs show
_sourceName as
r-consul-registrator-consul-registrator-consul-8-9566fbb7
I do not have any source.json or anywhere in the files specifying that a sourceName should be named like that.
Where is sourcename defined or how can I define/change a sourcename metadata?
mhobotpplnet commented
I found out where this came from.
its from docker it self
curl --unix-socket /var/run/docker.sock http://localhost/events
if you run that you will see, r-name-name-somenumber..
Now I need to figure out how to parse something else than the name:"r-containerName"
mhobotpplnet commented
I fixed this issue via sumo extraction field (not really ideal, but those are my options I guess)