Filebeat HAproxy Default log format added #8428
Conversation
| @@ -40,5 +40,23 @@ | |||
| description: raw_request_line is the complete HTTP request line, including the method, request and HTTP version string. | |||
| type: text | |||
|
|
|||
|
|
|||
| - name: default | |||
There was a problem hiding this comment.
Don't namespace fields depending on the matching pattern, some fields can be common between them, like probably frontend_name.
There was a problem hiding this comment.
TCP format PR is also open and waiting and I think I did a better naming there. Let's move on to finish and close this two and then I'll quickly open a new one to write proper naming?
There was a problem hiding this comment.
After opening a new PR with both PRs, what prevents us on using a proper naming? I'd do it before merging.
| "@timestamp": "2018-09-20T15:42:59.000Z", | ||
| "fileset.module": "haproxy", | ||
| "fileset.name": "log", | ||
| "haproxy.client_ip": "127.0.0.1", |
There was a problem hiding this comment.
Using local IPs can be a good trick to mitigate #8400 🙂 but also will avoid the presence of geoip fields, and I think that we want at least to test that they are present 🤔
There was a problem hiding this comment.
To clarify this point, we may want to use a public IP here, what would be more similar to a real event. Using a public IP will fill the geoip data (using a local IP won't, and this is why I said that it wouldn't be then affected by #8400).
sayden
force-pushed
the
feature/haproxy-filebeat-default-log-format
branch
from
e50caaf
to
b02c8ca
Compare
sayden
added
enhancement
needs_backport
|
This branch will need an update. |
sayden
force-pushed
the
feature/haproxy-filebeat-default-log-format
branch
from
b02c8ca
to
fd9e9d2
Compare
|
Continues here #8637 |
urso
removed
the
needs_backport
Refer to this Issue for more details elastic/integrations#3250
Integration tests are passing and I'm uploading after a
make updateand amake filebeat.testbut removing whatever is written in the HAProxy http expectedjsonthat makes the tests fail