ActionCable logs cant be inserted into Logstash/ElasticSearch

[WebBurnout]

I am shipping logs to Logstash and ElasticSearch/Kibana using the logstash-logger gem. But I have found a problem where the data attributes for the ActionCable logs don't match those for ActionController and so Elasticsearch rejects them because they don't fit the index. Is there anyway to unify the structure of the JSON so that this works smoothly? I'm getting the following errors from Elastic when the logs are imported:

[2020-08-11T04:10:34,436][WARN ][logstash.outputs.elasticsearch][main][392e6798a764164c968f462a00bf90b399609f6d6b25ff05b1aff97c238fdbb0] Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"logstash-2020.08.11", :routing=>nil, :_type=>"_doc"}, #<LogStash::Event:0x39173bf5>], :response=>{"index"=>{"_index"=>"logstash-2020.08.11", "_type"=>"_doc", "_id"=>"Lqy223MBTSy0TVE-dDdB", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse field [format] of type [text] in document with id 'Lqy223MBTSy0TVE-dDdB'. Preview of field's value: '{}'", "caused_by"=>{"type"=>"illegal_state_exception", "reason"=>"Can't get text on a START_OBJECT at 1:11"}}}}}

The key part is failed to parse field [format] of type [text] .... Preview of field's value: '{}'. It looks like in the ActionController logs format is a text field and in ActionCable it's an empty hash.

Thanks for the amazing gem! It's really helping a lot despite this issue

[iloveitaly]

Fixed with #322