Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Convert Filebeat mongodb.log to ECS #10009

Merged
merged 3 commits into from
Jan 11, 2019
Merged

Convert Filebeat mongodb.log to ECS #10009

merged 3 commits into from
Jan 11, 2019

Conversation

webmat
Copy link
Contributor

@webmat webmat commented Jan 11, 2019
edited
Loading

Renames

  • read_timestamp => event.created (not aliased)
  • mongodb.log.message => message
  • mongodb.log.severity => log.level

TODO

  • read_timestamp => event.created
  • Alias renamed fields to their ECS counterpart, not forgetting migration: true
  • Document field migrations in ecs-migration.yml
  • Changelog

@webmat webmat requested review from a team as code owners January 11, 2019 05:20
@webmat webmat self-assigned this Jan 11, 2019
@webmat webmat requested a review from ruflin January 11, 2019 05:23
@ruflin ruflin mentioned this pull request Jan 11, 2019
Closed
ruflin
ruflin approved these changes Jan 11, 2019
View reviewed changes
filebeat/module/mongodb/log/test/mongodb-debian-3.2.11.log-expected.json
@@ -6,11 +6,11 @@
"event.module": "mongodb",
"fileset.name": "log",
"input.type": "log",
"log.level": "I",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That does not really follow our field convention but don't have a better suggestion at the moment.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well there's no normalization on this yet. The examples in ECS right now are WARN, ERR and INFO... I think this should be the raw value.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And these are equivalent to log levels, btw. doc expected values are F for fatal, E for error, W for warning, I for informational and D for debug.

@urso urso removed the request for review from a team January 11, 2019 14:58
@webmat webmat merged commit f384ba3 into elastic:master Jan 11, 2019
@webmat webmat deleted the ecs-mongo-fb branch January 11, 2019 18:53
webmat pushed a commit to webmat/beats that referenced this pull request Jan 17, 2019
Add missing Filebeat ECS migration for MongoDB (PR elastic#10009)
ea025e5
webmat added a commit that referenced this pull request Jan 17, 2019
@webmat
Add missing changelog for Filebeat ECS migration of MongoDB module, f…
cdb6c1a 
…or PR #10009 (#10151)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ruflin ruflin ruflin approved these changes

Assignees

@webmat webmat

Labels
ecs Filebeat Filebeat module review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@webmat @ruflin