The vendor fields contained in https://github.com/elastic/beats/tree/master/x-pack/filebeat/input/netflow/decoder/fields are missing from the generated fields.yml. The go generate command declared here is what creates the fields.yml file for the netflow input. Perhaps the other CSV files can be appended to the list of arguments to the command?
|
//go:generate go run fields_gen.go -output _meta/fields.yml --column-name=2 --column-type=3 --header _meta/fields.header.yml decoder/fields/ipfix-information-elements.csv |
This is where the field names are embedded into the source:
|
//go:generate go run gen.go -output zfields_ipfix.go -export IpfixFields --column-id=1 --column-name=2 --column-type=3 ipfix-information-elements.csv |
|
//go:generate go run gen.go -output zfields_cert.go -export CertFields --column-pen=1 --column-id=2 --column-name=3 --column-type=4 cert_pen6871.csv |
|
//go:generate go run gen.go -output zfields_cisco.go -export CiscoFields --column-pen=2 --column-id=3 --column-name=1 --column-type=4 cisco.csv |
|
//go:generate go run gen.go -output zfields_assorted.go -export AssortedFields --column-pen=1 --column-id=2 --column-name=3 --column-type=4 assorted.csv |
The vendor fields contained in https://github.com/elastic/beats/tree/master/x-pack/filebeat/input/netflow/decoder/fields are missing from the generated fields.yml. The
go generatecommand declared here is what creates the fields.yml file for the netflow input. Perhaps the other CSV files can be appended to the list of arguments to the command?beats/x-pack/filebeat/input/netflow/doc.go
Line 7 in b89e5d6
This is where the field names are embedded into the source:
beats/x-pack/filebeat/input/netflow/decoder/fields/doc.go
Lines 7 to 10 in b89e5d6