New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow 'metadata' to an event that is not sent on output. #1834
Comments
+1 to @metadata as the field name. I think it fits our schema naming quite well, and will not likely collide with anything else. |
And the use case for me is |
👍 to @metadata here as well. In general, I've got my colleagues fairly educated on avoiding field names matching "@*" as a policy when generating custom logs, as the existing reserved fields follow that convention. |
@torrancew I'm open to possibly allowing logstash to do that policing for you. That is, having Logstash validate any attempts to use @-named fields and warn or otherwise do something for you to validate. |
+1 on the metadata idea and |
Really like this. Grok is another place where this could make a difference. Currently we extract a |
@avleen +1, there's some performance and configuration-complexity benefits here for users, I think, because you can use |
This makes @metadata basically a way to store data along with an event that is *NOT* included when serialized to an output. Use cases: - For elasticsearch output, set the index, type, document_id, routing key, etc with metadata and you won't be burdened by storing a filed named 'index' in your document! - For elasticsearch input, we can set @metadata fields for the index/type/document_id instead of polluting the event data itself. - No need for "short-lived fields" such as timestamps. For example, a common pattern is to use grok to capture a timestamp text and give that to the date filter and finally use mutate to remove that captured text field. - Provide a kind of scratch space for events that are not part of the event data. Fixes elastic#1834
This makes @metadata basically a way to store data along with an event that is *NOT* included when serialized to an output. Use cases: - For elasticsearch output, set the index, type, document_id, routing key, etc with metadata and you won't be burdened by storing a filed named 'index' in your document! - For elasticsearch input, we can set @metadata fields for the index/type/document_id instead of polluting the event data itself. - No need for "short-lived fields" such as timestamps. For example, a common pattern is to use grok to capture a timestamp text and give that to the date filter and finally use mutate to remove that captured text field. - Provide a kind of scratch space for events that are not part of the event data. Fixes #1834 Fixes #1836
Originally from: https://logstash.jira.com/browse/LOGSTASH-1798
It would be great to have arbitrary metadata for an event, which isn't passed through the output and specifically not made available to the encoding/serialization phase.
Example use case:
Proposed syntax is simply a fieldref namespace "[@metadata]". Anything under this is considered metadata and not show up normally through JSON or other serialization.
Example use (once #1644 is merged)
The text was updated successfully, but these errors were encountered: