Replies: 1 comment
-
| I mean, I'd just do a LUA filter to do it all in one pass with any custom behaviour you need. I think Falco also did some demos and blog posts around integrating audit logs with Fluent Bit. | 
Beta Was this translation helpful? Give feedback.
                  
                    0 replies
                  
                
            
  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment
  
        
    
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi Folks,
I'm trying to parse kubernetes audit logs and extract few fields from the logs such as User, Verb, Request Message, Response Message, Object URI. I created Nest filters to lift the nested json in the event, however i'm unsure how i can only fetch specific fields from the lifted json.
So the current approach that works is to lift the json and then have a record modifier to remove the keys that are not required.
I would like to know if a simpler config is possible to parse the audit logs
A sample config
An example event
Beta Was this translation helpful? Give feedback.
All reactions