andymotta/docker-ingest-node.json

## docker-ingest-node.json
{
  "processors": [
    {
      "remove": {
        "field": [
          "agent.ephemeral_id",
          "agent.hostname",
          "agent.id",
          "agent.type",
          "agent.version",
          "container.id",
          "container.image.tag",
          "container.labels.com_docker_swarm_node_id",
          "container.labels.com_docker_swarm_service_id",
          "container.labels.com_docker_swarm_service_name",
          "container.labels.com_docker_swarm_task",
          "container.labels.com_docker_swarm_task_id",
          "container.name",
          "ecs.version"        ]
      }
    },
    {
      "grok": {
        "field": "message",
        "patterns": [ "%{JSON:message_payload}" ],
        "pattern_definitions": {
          "JSON": "{.*$"
        },
        "ignore_missing": true
      }
    },
    {
      "json": {
        "field": "message_payload",
        "target_field": "container_log"
      }
    },
    {
      "remove": {
        "field": "message_payload"
      }
    },
    {
      "remove": {
        "field": "message"
      }
    }
  ]
}
	{
	"processors": [
	{
	"remove": {
	"field": [
	"agent.ephemeral_id",
	"agent.hostname",
	"agent.id",
	"agent.type",
	"agent.version",
	"container.id",
	"container.image.tag",
	"container.labels.com_docker_swarm_node_id",
	"container.labels.com_docker_swarm_service_id",
	"container.labels.com_docker_swarm_service_name",
	"container.labels.com_docker_swarm_task",
	"container.labels.com_docker_swarm_task_id",
	"container.name",
	"ecs.version" ]
	}
	},
	{
	"grok": {
	"field": "message",
	"patterns": [ "%{JSON:message_payload}" ],
	"pattern_definitions": {
	"JSON": "{.*$"
	},
	"ignore_missing": true
	}
	},
	{
	"json": {
	"field": "message_payload",
	"target_field": "container_log"
	}
	},
	{
	"remove": {
	"field": "message_payload"
	}
	},
	{
	"remove": {
	"field": "message"
	}
	}
	]
	}