From 0545b71e522692655ffdfba2d626580d924297f2 Mon Sep 17 00:00:00 2001
From: Florian Apolloner <florian@apolloner.eu>
Date: Tue, 10 Dec 2024 12:30:00 +0100
Subject: [PATCH] Add semantic meaning to gelf decoded data.

---
 ...22003-gelf-semantic-meaning.enhancement.md |  3 +++
 lib/codecs/src/decoding/format/gelf.rs        | 25 ++++++++++++++++---
 2 files changed, 25 insertions(+), 3 deletions(-)
 create mode 100644 changelog.d/22003-gelf-semantic-meaning.enhancement.md

diff --git a/changelog.d/22003-gelf-semantic-meaning.enhancement.md b/changelog.d/22003-gelf-semantic-meaning.enhancement.md
new file mode 100644
index 00000000000000..26fd6d112c1bdc
--- /dev/null
+++ b/changelog.d/22003-gelf-semantic-meaning.enhancement.md
@@ -0,0 +1,3 @@
+Set the semantic meaning for `host` & `timestamp` when decoding gelf messages.
+
+authors: apollo13
diff --git a/lib/codecs/src/decoding/format/gelf.rs b/lib/codecs/src/decoding/format/gelf.rs
index c37924072ffa69..4c64306b15c2aa 100644
--- a/lib/codecs/src/decoding/format/gelf.rs
+++ b/lib/codecs/src/decoding/format/gelf.rs
@@ -64,10 +64,18 @@ impl GelfDeserializerConfig {
             [log_namespace],
         )
         .with_event_field(&owned_value_path!(VERSION), Kind::bytes(), None)
-        .with_event_field(&owned_value_path!(HOST), Kind::bytes(), None)
-        .with_event_field(&owned_value_path!(SHORT_MESSAGE), Kind::bytes(), None)
+        .with_event_field(&owned_value_path!(HOST), Kind::bytes(), Some("host"))
+        .with_event_field(
+            &owned_value_path!(SHORT_MESSAGE),
+            Kind::bytes(),
+            Some("message"),
+        )
         .optional_field(&owned_value_path!(FULL_MESSAGE), Kind::bytes(), None)
-        .optional_field(&owned_value_path!(TIMESTAMP), Kind::timestamp(), None)
+        .optional_field(
+            &owned_value_path!(TIMESTAMP),
+            Kind::timestamp(),
+            Some("timestamp"),
+        )
         .optional_field(&owned_value_path!(LEVEL), Kind::integer(), None)
         .optional_field(&owned_value_path!(FACILITY), Kind::bytes(), None)
         .optional_field(&owned_value_path!(LINE), Kind::integer(), None)
@@ -287,12 +295,22 @@ mod tests {
             log.get(HOST),
             Some(&Value::Bytes(Bytes::from_static(b"example.org")))
         );
+        assert_eq!(
+            log.get_by_meaning("host"),
+            Some(&Value::Bytes(Bytes::from_static(b"example.org")))
+        );
         assert_eq!(
             log.get(log_schema().message_key_target_path().unwrap()),
             Some(&Value::Bytes(Bytes::from_static(
                 b"A short message that helps you identify what is going on"
             )))
         );
+        assert_eq!(
+            log.get_by_meaning("message"),
+            Some(&Value::Bytes(Bytes::from_static(
+                b"A short message that helps you identify what is going on"
+            )))
+        );
         assert_eq!(
             log.get(FULL_MESSAGE),
             Some(&Value::Bytes(Bytes::from_static(
@@ -301,6 +319,7 @@ mod tests {
         );
         let dt = DateTime::from_timestamp(1385053862, 307_200_000).expect("invalid timestamp");
         assert_eq!(log.get(TIMESTAMP), Some(&Value::Timestamp(dt)));
+        assert_eq!(log.get_by_meaning("timestamp"), Some(&Value::Timestamp(dt)));
         assert_eq!(log.get(LEVEL), Some(&Value::Integer(1)));
         assert_eq!(
             log.get(FACILITY),