We can reorganize this processor so the fetchers return the cluster data under the cloud name and the orchestrator data under orchestrator, so we don't need to make so much mangling of this meta.
Originally posted by @jsoriano in #26056 (comment)
We could change the format of the metadata that are returned to sth like this:
{
"cloud": {},
"orchestrator": {},
"other.ecs.fields": {},
}
With this, the data manipulation at
|
func (p *addCloudMetadata) Run(event *beat.Event) (*beat.Event, error) { |
|
meta := p.getMeta() |
|
if len(meta) == 0 { |
|
return event, nil |
|
} |
|
|
|
// If cloud key exists in event already and overwrite flag is set to false, this processor will not overwrite the |
|
// cloud fields. For example aws module writes cloud.instance.* to events already, with overwrite=false, |
|
// add_cloud_metadata should not overwrite these fields with new values. |
|
if !p.initData.overwrite { |
|
cloudValue, _ := event.GetValue("cloud") |
|
if cloudValue != nil { |
|
err := p.extractECSMeta(event, meta) |
|
if err != nil { |
|
return nil, err |
|
} |
|
return event, nil |
|
} |
|
} |
|
|
|
err := p.extractECSMeta(event, meta) |
|
if err != nil { |
|
return nil, err |
|
} |
|
_, err = event.PutValue("cloud", meta) |
|
return event, err |
|
} |
would be more smooth.
We can reorganize this processor so the fetchers return the cluster data under the
cloudname and the orchestrator data underorchestrator, so we don't need to make so much mangling of this meta.Originally posted by @jsoriano in #26056 (comment)
We could change the format of the metadata that are returned to sth like this:
With this, the data manipulation at
beats/libbeat/processors/add_cloud_metadata/add_cloud_metadata.go
Lines 115 to 141 in 8a8c6d1