debugd: Use very basic JSON regex filter before JSON filter

debugd/internal/debugd/logcollector/logstash/templates/pipeline.conf

@@ -28,25 +28,31 @@ filter {
 
     # Parse structured logs for following systemd units.
     if [systemd][unit] in ["bootstrapper.service", "constellation-bootstrapper.service"] {
-        json {
+        # skip_on_invalid_json below does not skip the whole filter, so let's use a cheap workaround here.
-            source => "message"
+        # See:
-            target => "logs"
+        # https://discuss.elastic.co/t/skip-on-invalid-json-skipping-all-filters/215195
-            skip_on_invalid_json => true
+        # https://discuss.elastic.co/t/looking-for-a-way-to-detect-json/102263
-        }
+        if [message] =~ "\A\{.+\}\z" {
-        date {
+            json {
-            match => [ "[logs][ts]", "ISO8601" ]
+                source => "message"
-        }
+                target => "logs"
-        mutate {
+                skip_on_invalid_json => true
-            replace => {
+            }
-                "message" => "%{[logs][msg]}"
+            date {
+                match => [ "[logs][ts]", "ISO8601" ]
+            }
+            mutate {
+                replace => {
+                    "message" => "%{[logs][msg]}"
+                }
+                remove_field => [
+                    "[logs][msg]",
+                    "[logs][ts]"
+                ]
+            }
+            de_dot {
+                fields => ["[logs][peer.address]"]
             }
-            remove_field => [
-                "[logs][msg]",
-                "[logs][ts]"
-            ]
-        }
-        de_dot {
-            fields => ["[logs][peer.address]"]
         }
     }
 }