New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for fields and protocol lookups in port_name. #8157
Conversation
Hi @a-bali, thanks for the PR. I wrote port_name to fill a specific need of the sflow input plugin so I'm curious how you are reusing it. I'm not opposed to changing it but I want to have a better idea of the problem you're trying to solve. Could you describe how you use port_name? Where did your data with ports as fields come from? Have you considered using the converter processor to change the field to tag or tag to field? |
Thank you for writing this plugin. I'm processing firewall logs with the tail input plugin and a grok pattern that parses the various fields in the log. I am using the port_name plugin (and others) to enrich/transform this data for reporting and visualization.
I guess that is an option, but it would require additional steps and I saw that other processor plugins (e.g. reverse_dns) also support using fields/tags in the input/output. Also the PR contains functionality to use a dedicated field to specify the protocol (tcp/udp) which I have in the firewall log. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good, but there's a couple small changes, as well we should probably support uint64
Co-authored-by: Steven Soroka <ssoroka78@gmail.com>
Improve functionality of the
port_name
plugin by:Documentation and tests are updated accordingly.
Required for all PRs: