Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cherry-pick #7991 to 6.x: Add tag "truncated" to "log.flags" if incoming line is longer than configured limit #8165

Merged
merged 2 commits into from
Sep 3, 2018
Merged

Cherry-pick #7991 to 6.x: Add tag "truncated" to "log.flags" if incoming line is longer than configured limit #8165

merged 2 commits into from
Sep 3, 2018

Conversation

kvch
Copy link
Contributor

@kvch kvch commented Aug 30, 2018

Cherry-pick of PR #7991 to 6.x branch. Original message:

A new field is added to store the flags of an event named "log.flags".
If a message is truncated, "truncated" flag is added to the list.

Example event with "truncated" flag:

{
  "@timestamp": "2018-08-16T13:00:46.759Z",
  "@metadata": {
    "beat": "filebeat",
    "type": "doc",
    "version": "7.0.0-alpha1"
  },
  "host": {
    "name": "sleipnir"
  },
  "source": "/home/n/test.log",
  "offset": 33,
  "log": {
    "flags": [
       "truncated"
    ],
  },
  "message": "test line",
  "prospector": {
    "type": "log"
  },
  "input": {
    "type": "log"
  },
  "beat": {
    "hostname": "sleipnir",
    "version": "7.0.0-alpha1",
    "name": "sleipnir"
  }
}

Blocks #7997
Closes #7022

@kvch kvch added backport review in progress Pull request is currently in progress. blocked and removed review labels Aug 30, 2018
@kvch
Copy link
Contributor Author

kvch commented Aug 30, 2018

It is blocked by #8166

urso
urso reviewed Aug 30, 2018
View reviewed changes
CHANGELOG.asciidoc Outdated
- Keep raw user agent information after parsing as user_agent_raw in Filebeat modules. {pull}7823[7832]
- Make docker input check if container strings are empty {pull}7960[7960]
- Add tag "truncated" to "log.flags" if incoming line is longer than configured limit. {pull}7991[7991]

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you double check these entries?

kvch and others added 2 commits August 31, 2018 09:51
@kvch
Add tag "truncated" to "log.flags" if incoming line is longer than co…
06cc06e 
…nfigured limit (elastic#7991)

A new field is added to store the flags of an event named "log.flags".
If a message is truncated, "truncated" flag is added to the list.

Example event with "truncated" flag:

{
  "@timestamp": "2018-08-16T13:00:46.759Z",
  "@metadata": {
    "beat": "filebeat",
    "type": "doc",
    "version": "7.0.0-alpha1"
  },
  "host": {
    "name": "sleipnir"
  },
  "source": "/home/n/test.log",
  "offset": 33,
  "log": {
    "flags": [
       "truncated"
    ],
  },
  "message": "test line",
  "prospector": {
    "type": "log"
  },
  "input": {
    "type": "log"
  },
  "beat": {
    "hostname": "sleipnir",
    "version": "7.0.0-alpha1",
    "name": "sleipnir"
  }
}

Closes elastic#7022
(cherry picked from commit 0884236)
@kvch
fix changelog && rebase
6c79028
@kvch kvch added review and removed blocked in progress Pull request is currently in progress. labels Aug 31, 2018
@kvch
Copy link
Contributor Author

kvch commented Sep 3, 2018

jenkins test this

@kvch
Copy link
Contributor Author

kvch commented Sep 3, 2018

Failing tests are unrelated.

@kvch kvch merged commit 74ac00e into elastic:6.x Sep 3, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@urso urso urso left review comments

@jsoriano jsoriano jsoriano approved these changes

Assignees
No one assigned
Labels
backport review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@kvch @jsoriano @urso