[docker]: ANSI escape sequences in log messages

[ulab]

Integration Name

Docker [docker]

Dataset Name

docker.container_logs

Integration Version

2.12.0

Agent Version

8.15.4

Agent Output Type

elasticsearch

Elasticsearch Version

8.15.4

OS Version and Architecture

Debian 11.11

Software/API Version

No response

Error Message

With the default installation docker logs contain ANSI escape sequences to display fancy colors. These should be removed by default.

Event Original

No response

What did you do?

Currently I am doing the following in the logs-docker.container_logs@custom Pipeline:

[
  {
    "gsub": {
      "field": "message",
      "pattern": "\\x1B\\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|M|K]",
      "replacement": "",
      "ignore_missing": true,
      "description": "mutate-ansii-colours in message"
    }
  },
  {
    "gsub": {
      "field": "log.level",
      "pattern": "\\x1B\\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|M|K]",
      "replacement": "",
      "ignore_missing": true,
      "description": "mutate-ansii-colours in log.level"
    }
  }
]

This is from Jason Neurohr's blog entry.

What did you see?

ANSI sequences

What did you expect to see?

No ANSI sequences.

Anything else?

No response