Add syslog support for ISO8601 format timestamp#10736
Add syslog support for ISO8601 format timestamp#10736kaiyan-sheng merged 3 commits intoelastic:masterfrom kaiyan-sheng:suse_timestamp
Conversation
sayden
left a comment
There was a problem hiding this comment.
Looks good! Tested locally. Error seems unrelated
| @@ -0,0 +1,28 @@ | |||
| [ | |||
| { | |||
| "ecs.version": "1.0.0-beta2", | |||
There was a problem hiding this comment.
I don't see an @timestamp in the output here. Do I miss something?
There was a problem hiding this comment.
@ruflin unfortunately all the timestamps got removed in https://github.com/elastic/beats/pull/10736/files/5c8b9d3205efc146891117823f724935600ed372#diff-7f560f729ae36bb40472cb039fedc34fL42
There was a problem hiding this comment.
Sorry, regarding to the @timestamp field: https://github.com/elastic/beats/blob/master/filebeat/tests/system/test_modules.py#L220 because timestamp got removed from system.syslog metricset
There was a problem hiding this comment.
I see. I now understand why it happens. The problem now is that the log file above actually has timestamps with the year inside but we don't test it. This becomes especially important as we just added a pattern to support year but the tests we have to confirm it works, don't do that.
Is there an easy way to fix this?
ruflin
left a comment
There was a problem hiding this comment.
I had a chat with @kaiyan-sheng about the missing timestamp. We decided to merge it as is but follow up with a convention or something similar to make it possible in the future to have here the timestamps generated.
This PR is to add support for syslog which has ISO8601 format timestamps. For example:
Suse Format:
2018-08-14T14:30:02.203151+02:00 linux-sqrz systemd[4179]: Stopped target Basic System.
2018-08-14T14:30:02.203251+02:00 linux-sqrz systemd[4179]: Stopped target Paths.
closes #8716