Skip to content

Provide ecs-v1 grok patterns #97

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Jan 31, 2022
Merged

Provide ecs-v1 grok patterns #97

merged 7 commits into from
Jan 31, 2022

Conversation

cosmo0920
Copy link
Collaborator

@cosmo0920 cosmo0920 commented Oct 12, 2021
edited
Loading

logstash-patterns-core starts to provide Elastic Common Schema (ECS) v1 compatible grok patterns.
fluent-plugin-grok-parser also should provide such grok patterns.

For backward compatibility, we specify the legacy ones by default.

@cosmo0920
Update submodule
900b222 
Signed-off-by: Hiroshi Hatake <hatake@calyptia.com>
@cosmo0920
Import new pattern series
37a0de7 
Signed-off-by: Hiroshi Hatake <hatake@calyptia.com>
@cosmo0920
Avoid to use deprecated grok patterns
a6cba17 
Signed-off-by: Hiroshi Hatake <hatake@calyptia.com>
@cosmo0920
Add testcase for ecs-v1 compatible grok pattern series
587f941 
Signed-off-by: Hiroshi Hatake <hatake@calyptia.com>
@cosmo0920
Add grok_pattern_series parameter docs
e1b3ad2 
Signed-off-by: Hiroshi Hatake <hatake@calyptia.com>
@cosmo0920 cosmo0920 requested review from ashie and kenhys October 12, 2021 06:43
@cosmo0920 cosmo0920 self-assigned this Oct 12, 2021
kenhys
kenhys reviewed Oct 12, 2021
View reviewed changes
@cosmo0920
test: Avoid to use deprecated pattern names
84e8976 
Signed-off-by: Hiroshi Hatake <hatake@calyptia.com>
@cosmo0920 cosmo0920 marked this pull request as draft October 13, 2021 05:14
@cosmo0920
Copy link
Collaborator Author

cosmo0920 commented Oct 13, 2021
edited
Loading

I've found that ecs-v1 version of grok pattern is not usable with current format on Fluentd.
We need to investigate how it works further.

@cosmo0920
Handle ECS v1 fields as dot notated fileds
18f99ff 
Signed-off-by: Hiroshi Hatake <hatake@calyptia.com>
@cosmo0920 cosmo0920 marked this pull request as ready for review October 13, 2021 06:43
@cosmo0920
Copy link
Collaborator Author

cosmo0920 commented Oct 13, 2021
edited
Loading

I've found that ecs-v1 version of grok pattern is not usable with current format on Fluentd.
We need to investigate how it works further.

Now, fixed.

@ashie
Copy link
Member

ashie commented Jan 27, 2022

Oops, sorry I overlooked this until now...

kenhys
kenhys approved these changes Jan 31, 2022
View reviewed changes
Copy link

@kenhys kenhys left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@cosmo0920 cosmo0920 merged commit 74658f9 into fluent:master Jan 31, 2022
@cosmo0920 cosmo0920 deleted the provide-ecs-v1-grok-patterns branch January 31, 2022 05:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kenhys kenhys kenhys approved these changes

@ashie ashie Awaiting requested review from ashie

Assignees

@cosmo0920 cosmo0920

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cosmo0920 @ashie @kenhys