Skip to content

Convert Filebeat nginx.error to ECS#10007

Merged
webmat merged 4 commits intoelastic:masterfrom
webmat:ecs-nginx-error-fb
Jan 11, 2019
Merged

Convert Filebeat nginx.error to ECS#10007
webmat merged 4 commits intoelastic:masterfrom
webmat:ecs-nginx-error-fb

Conversation

@webmat
Copy link
Copy Markdown
Contributor

@webmat webmat commented Jan 11, 2019
edited by ruflin
Loading

Caveats

  • There's a lot of juicy unparsed information in the nginx error logs (IP, file path, server address, etc). This conversion doesn't address this.

Renames

  • nginx.error.level => log.level
  • nginx.error.pid => process.pid
  • nginx.error.tid => process.thread.id
  • nginx.error.message => message
  • read_timestamp => event.created

TODO

  • Coerce thread ID, PID, conn ID
  • read_timestamp => event.created
  • Alias renamed fields to their ECS counterpart, not forgetting migration: true
  • Document field migrations in ecs-migration.yml
  • Changelog

@webmat webmat requested review from a team as code owners January 11, 2019 02:17
@webmat webmat changed the title WIP Convert Filebeat nginx.error to ECS Convert Filebeat nginx.error to ECS Jan 11, 2019
@webmat webmat self-assigned this Jan 11, 2019
webmat
webmat commented Jan 11, 2019
View reviewed changes
@webmat webmat force-pushed the ecs-nginx-error-fb branch from 828892a to 644a3f2 Compare January 11, 2019 02:44
@ruflin ruflin mentioned this pull request Jan 11, 2019
Closed
@webmat webmat requested a review from ruflin January 11, 2019 05:03
@webmat webmat merged commit 27f7b15 into elastic:master Jan 11, 2019
@webmat webmat deleted the ecs-nginx-error-fb branch January 11, 2019 18:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ruflin ruflin ruflin approved these changes

Assignees

@webmat webmat

Labels

ecs Filebeat Filebeat module review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@webmat @ruflin