diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md index 8a732d82ee..c34747f5d2 100644 --- a/CHANGELOG.next.md +++ b/CHANGELOG.next.md @@ -11,6 +11,7 @@ Thanks, you're awesome :-) --> ### Added * Added `error.stack_trace` field. #562 +* Added `log.origin.file.name`, `log.origin.function` and `log.origin.file.line` fields. #563 ### Improvements diff --git a/code/go/ecs/log.go b/code/go/ecs/log.go index 492319a8b8..d5498be018 100644 --- a/code/go/ecs/log.go +++ b/code/go/ecs/log.go @@ -38,4 +38,13 @@ type Log struct { // The name of the logger inside an application. This is usually the name // of the class which initialized the logger, or can be a custom name. Logger string `ecs:"logger"` + + // The name of the source file which originated the log event. + OriginFileName string `ecs:"origin.file.name"` + + // The line number of the file which originated the log event. + OriginFileLine int32 `ecs:"origin.file.line"` + + // The name of the function or method which originated the log event. + OriginFunction string `ecs:"origin.function"` } diff --git a/docs/field-details.asciidoc b/docs/field-details.asciidoc index 709abc02f0..66a3bfeacc 100644 --- a/docs/field-details.asciidoc +++ b/docs/field-details.asciidoc @@ -2109,6 +2109,39 @@ example: `org.elasticsearch.bootstrap.Bootstrap` // =============================================================== +| log.origin.file.line +| The line number of the file which originated the log event. + +type: integer + +example: `42` + +| extended + +// =============================================================== + +| log.origin.file.name +| The name of the source file which originated the log event. + +type: keyword + +example: `Bootstrap.java` + +| extended + +// =============================================================== + +| log.origin.function +| The name of the function or method which originated the log event. + +type: keyword + +example: `init` + +| extended + +// =============================================================== + | log.original | This is the original log message and contains the full log message before splitting it up in multiple parts. diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index e7d0f1c6e0..8cc1eee950 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -1567,6 +1567,23 @@ description: The name of the logger inside an application. This is usually the name of the class which initialized the logger, or can be a custom name. example: org.elasticsearch.bootstrap.Bootstrap + - name: origin.file.line + level: extended + type: integer + description: The line number of the file which originated the log event. + example: 42 + - name: origin.file.name + level: extended + type: keyword + ignore_above: 1024 + description: The name of the source file which originated the log event. + example: Bootstrap.java + - name: origin.function + level: extended + type: keyword + ignore_above: 1024 + description: The name of the function or method which originated the log event. + example: init - name: original level: core type: keyword diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv index 68b101f670..d93f31515a 100644 --- a/generated/csv/fields.csv +++ b/generated/csv/fields.csv @@ -199,6 +199,9 @@ http.response.status_code,long,extended,404,1.2.0-dev http.version,keyword,extended,1.1,1.2.0-dev log.level,keyword,core,err,1.2.0-dev log.logger,keyword,core,org.elasticsearch.bootstrap.Bootstrap,1.2.0-dev +log.origin.file.line,integer,extended,42,1.2.0-dev +log.origin.file.name,keyword,extended,Bootstrap.java,1.2.0-dev +log.origin.function,keyword,extended,init,1.2.0-dev log.original,keyword,core,Sep 19 08:26:10 localhost My log,1.2.0-dev network.application,keyword,extended,aim,1.2.0-dev network.bytes,long,core,368,1.2.0-dev diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index cdcd67dce5..8117e86219 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -2227,6 +2227,35 @@ log.logger: order: 2 short: Name of the logger. type: keyword +log.origin.file.line: + description: The line number of the file which originated the log event. + example: 42 + flat_name: log.origin.file.line + level: extended + name: origin.file.line + order: 4 + short: The line number of the file which originated the log event. + type: integer +log.origin.file.name: + description: The name of the source file which originated the log event. + example: Bootstrap.java + flat_name: log.origin.file.name + ignore_above: 1024 + level: extended + name: origin.file.name + order: 3 + short: The file which originated the log event. + type: keyword +log.origin.function: + description: The name of the function or method which originated the log event. + example: init + flat_name: log.origin.function + ignore_above: 1024 + level: extended + name: origin.function + order: 5 + short: The function which originated the log event. + type: keyword log.original: description: 'This is the original log message and contains the full log message before splitting it up in multiple parts. diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index 330e60a21e..f5993c1a85 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -2532,6 +2532,35 @@ log: order: 2 short: Name of the logger. type: keyword + origin.file.line: + description: The line number of the file which originated the log event. + example: 42 + flat_name: log.origin.file.line + level: extended + name: origin.file.line + order: 4 + short: The line number of the file which originated the log event. + type: integer + origin.file.name: + description: The name of the source file which originated the log event. + example: Bootstrap.java + flat_name: log.origin.file.name + ignore_above: 1024 + level: extended + name: origin.file.name + order: 3 + short: The file which originated the log event. + type: keyword + origin.function: + description: The name of the function or method which originated the log event. + example: init + flat_name: log.origin.function + ignore_above: 1024 + level: extended + name: origin.function + order: 5 + short: The function which originated the log event. + type: keyword original: description: 'This is the original log message and contains the full log message before splitting it up in multiple parts. diff --git a/generated/elasticsearch/6/template.json b/generated/elasticsearch/6/template.json index 8f9020a16b..a8209ef9b7 100644 --- a/generated/elasticsearch/6/template.json +++ b/generated/elasticsearch/6/template.json @@ -946,6 +946,25 @@ "ignore_above": 1024, "type": "keyword" }, + "origin": { + "properties": { + "file": { + "properties": { + "line": { + "type": "integer" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "function": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, "original": { "doc_values": false, "ignore_above": 1024, diff --git a/generated/elasticsearch/7/template.json b/generated/elasticsearch/7/template.json index 4e870dac6c..6994831602 100644 --- a/generated/elasticsearch/7/template.json +++ b/generated/elasticsearch/7/template.json @@ -945,6 +945,25 @@ "ignore_above": 1024, "type": "keyword" }, + "origin": { + "properties": { + "file": { + "properties": { + "line": { + "type": "integer" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "function": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, "original": { "doc_values": false, "ignore_above": 1024, diff --git a/generated/legacy/template.json b/generated/legacy/template.json index 1d382fa1ce..8cbd414b2b 100644 --- a/generated/legacy/template.json +++ b/generated/legacy/template.json @@ -643,6 +643,25 @@ "ignore_above": 1024, "type": "keyword" }, + "origin": { + "properties": { + "file": { + "properties": { + "line": { + "type": "long" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "function": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, "original": { "doc_values": false, "ignore_above": 1024, diff --git a/schema.json b/schema.json index b09b60d090..08b353bb32 100644 --- a/schema.json +++ b/schema.json @@ -1535,6 +1535,36 @@ "required": false, "type": "keyword" }, + "log.origin.file.line": { + "description": "The line number of the file which originated the log event.", + "example": "42", + "footnote": "", + "group": 2, + "level": "extended", + "name": "log.origin.file.line", + "required": false, + "type": "integer" + }, + "log.origin.file.name": { + "description": "The name of the source file which originated the log event.", + "example": "Bootstrap.java", + "footnote": "", + "group": 2, + "level": "extended", + "name": "log.origin.file.name", + "required": false, + "type": "keyword" + }, + "log.origin.function": { + "description": "The name of the function or method which originated the log event.", + "example": "init", + "footnote": "", + "group": 2, + "level": "extended", + "name": "log.origin.function", + "required": false, + "type": "keyword" + }, "log.original": { "description": "This is the original log message and contains the full log message before splitting it up in multiple parts.\nIn contrast to the `message` field which can contain an extracted part of the log message, this field contains the original, full log message. It can have already some modifications applied like encoding or new lines removed to clean up the log message.\nThis field is not indexed and doc_values are disabled so it can't be queried but the value can be retrieved from `_source`.", "example": "Sep 19 08:26:10 localhost My log", diff --git a/schemas/log.yml b/schemas/log.yml index 3bc05c30a2..cd7ead5de3 100644 --- a/schemas/log.yml +++ b/schemas/log.yml @@ -43,3 +43,28 @@ short: Name of the logger. description: > The name of the logger inside an application. This is usually the name of the class which initialized the logger, or can be a custom name. + + - name: origin.file.name + level: extended + type: keyword + example: Bootstrap.java + short: The file which originated the log event. + description: > + The name of the source file which originated the log event. + + - name: origin.file.line + level: extended + type: integer + example: 42 + short: The line number of the file which originated the log event. + description: > + The line number of the file which originated the log event. + + - name: origin.function + level: extended + type: keyword + example: init + short: The function which originated the log event. + description: > + The name of the function or method which originated the log event. +