From f81831fe08b02dd60f6235f760e5eab1e5d908b5 Mon Sep 17 00:00:00 2001 From: Nicolas Ruflin Date: Wed, 12 Dec 2018 16:02:11 +0100 Subject: [PATCH] Introduce log.source.address and log.file.path for 7.x compatiblity (#9435) Related to https://github.com/elastic/beats/pull/8902 but adding the fields instead of replacing --- CHANGELOG.asciidoc | 2 ++ filebeat/_meta/fields.common.yml | 10 ++++++++++ filebeat/docs/fields.asciidoc | 20 +++++++++++++++++++ filebeat/include/fields.go | 2 +- filebeat/input/log/harvester.go | 5 +++++ filebeat/input/syslog/input.go | 5 +++++ filebeat/input/syslog/input_test.go | 10 ++++++++++ filebeat/input/tcp/input.go | 5 +++++ filebeat/input/udp/input.go | 5 +++++ .../startup/test/test.log-expected.json | 4 ++-- filebeat/tests/system/test_json.py | 10 +++++----- filebeat/tests/system/test_modules.py | 2 +- 12 files changed, 71 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc index d5411cbc407f..1d1ad95cae3d 100644 --- a/CHANGELOG.asciidoc +++ b/CHANGELOG.asciidoc @@ -99,6 +99,7 @@ https://github.com/elastic/beats/compare/v6.5.0...6.x[Check the HEAD diff] - Added support on Traefik for Common Log Format and Combined Log Format mixed which is the default Traefik format {issue}8015[8015] {issue}6111[6111] {pull}8768[8768]. - Allow to force CRI format parsing for better performance {pull}8424[8424] - Add event.dataset to module events. {pull}9457[9457] +- Add field log.source.address and log.file.path to replace source. {pull}9435[9435] *Heartbeat* @@ -127,6 +128,7 @@ https://github.com/elastic/beats/compare/v6.5.0...6.x[Check the HEAD diff] *Affecting all Beats* *Filebeat* +- Deprecate field source. Will be replaced by log.source.address and log.file.path in 7.0. {pull}9435[9435] *Heartbeat* diff --git a/filebeat/_meta/fields.common.yml b/filebeat/_meta/fields.common.yml index cfb5361d47b5..557e0e2dce75 100644 --- a/filebeat/_meta/fields.common.yml +++ b/filebeat/_meta/fields.common.yml @@ -116,6 +116,16 @@ description: > This field contains the flags of the event. + - name: log.source.address + type: keyword + description: > + Log source address. + + - name: log.file.path + type: keyword + description: > + Log source path. + - name: event.created type: date description: > diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 10d2587c99da..8fcc6b016f02 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -3126,6 +3126,26 @@ Logging level. This field contains the flags of the event. +-- + +*`log.source.address`*:: ++ +-- +type: keyword + +Log source address. + + +-- + +*`log.file.path`*:: ++ +-- +type: keyword + +Log source path. + + -- *`event.created`*:: diff --git a/filebeat/include/fields.go b/filebeat/include/fields.go index 28e1808d5656..496203068eb4 100644 --- a/filebeat/include/fields.go +++ b/filebeat/include/fields.go @@ -31,5 +31,5 @@ func init() { // Asset returns asset data func Asset() string { - return "eJzsfW9z2ziS9/v5FCi/2eRK0eTf5HZz9Vxd1k4m3k0m3sSZffayUzJEQhLGJMABQCuaq/3uT6EBkCAJ/pNoe+Y55VVMkegfGkB3o9HdeISuye4lSvj6G4QUVQl5id7xNVrRhKCIM0WY+gahmMhI0ExRzl6i//wGIYROOVOYMqm/Na8nlBE5/wahFSVJLF/Ca48Qwyl5iSTPRUTgEUJql5GXmvKWi9g+E+SXnAoSv0RK5O7FAF3973JDDMmV4Cnabmi0QWpjEKAtlkgQHM/R5YZKAwa6Amj1a3gpeZIrgjKsNkhxeKjbmxcU3nCByFecZpohV9/eYPFtwtffyp1UJJ0nfH01/6bSP75aSaIq/Us4Wzc6t8KJHNo70yagEyTjQpHYdFEqLJREWNVApERKvK5yWZGvDhZdMy7IAi/5DXmJHu/JeDsrEF+VPNf8NoMBj+yMqKGTShCcDpoCA7ikZ6lpEW03hAEEytZupInQMOQMRZihJUF/kCrmufoD4gL+T4T4QxVeJrjMSKS4mGtw3dzJBImw0o9fzJ/184yyLFfQ5/qUJTeal3rOrgkjQrdZmbhUIpgDZpLe4CQnSMOkK0rigsaKC/j9SpO4QhxAIMrgoSEuSQQP7bC9oQlZEqw0v1bUjhd6cPb64uPr01eXr89eIkkIuoKPgSFXD6v8Kn/ZcyL9TphS7bWeZgtFUyIVTrPuTp4zFGFJLL01kQplNCOwYjIsJDHiqGituoLsOpMzRBWSigsii5b1O1zQNWU4QVf/VbRwhR4IPTclYUovBte8WSKu5YqYfGg4QsvGgce1bmtOSKLmKY/zZMDYFpw0HyC1waocTKBnRrmFjv5rBBX72WAy5lmMFS6F9hA69ovBdOROJnw9X+GIJlTtplMPtkFEviqBI42hmDuZoFxQtQtDcb9OBsU16NaQodPFDUluiP5ikeAlSabSBxrLJk+x0QR4mRDkCHUPyq3DcITmDX0TESnnmeBrMZ1e1AA0ATcetvk24jSebibQ2CMKzYdWnRuVyei6Bh3x4NQj4oZGxJcrIU63UPlkvoa2ag3rmZSQm84J1G7BrLWQhs8Dza4SvJZ93Q9buPBpFz/Ms0gQLb8q0GOsenhe+bZKV3+MOAuqcvvBvFCLfFU0WUgMaWQplR0aCy13hUQ2rfE0w4JKzooGS5Wo2/KmpJbWYX2raczR+QotudogLAiisVajEU6KZjlLdn7bcsPzJNb2ZS5JXWcaPnkG0oi58crYRWt6o7nADVeuKYMVZnkKPLbmrSYPBs9a8DyjbF3DslEqmwsiM84kmUuFVS4XEY9J2ypswfX28vICuXaQ147bOhWbpuePn3dBIAnOJDGm1EgMr82nxrBZErUlYP7/kmsDC7O4xEcZSmmSUG3ncRbX5VEVkbW3Fglha7UZienUborMx27lVbm15HFdB1gEAH2eErXh8fi58tF23XxfF3yw716QSFYahmlin/jbdc+8z0prEz7xHrQAQej8AuE4FkQWwsfQt6Asr8yU5UzbsCjNE0WzhKDzi5vn+sH5xc0L1wqRxZeF5uJC1ZB5w9OB7YIL1YLKtb0mvNa0z6dq217L3xOe8AjDTkKvQde6+73K4JKcnnGU6TnnqaW2we/sG0I/eCq/aNdje0kzZ0rsFlRyf/3vSfXUtIbOP31ARgo0CDrONAitCV9knDI1jNQ7ztZU5TGBJZ5gBX8ECAqyppxNwNKP0JCv9CuM1Kbj4UROteHSQsL2ZJqhsr2pjZQjFROpKPMHqk9OBCVFQFZ0gmrKCw9IRWjsKzZaBEdQdHRC9cVHGGRIioTlSKskacqSCqnytfpYDBAq7bOms9/9omWQcNmbeoeI6RQyXWKmh2SvqOkTNnt3NixyuoXO/pwNiJ4hwufQ3rWIoFwSscBrUoyUPY74LIlA/vOOrWDZhl0hiHGR4iTZ6U2C9TNitBR8q1t1lpf+Vm8fFSlnkNzwLcozbUNuydJtIMGprNvSG7fS5YKFNkjzAimSSoAR7vNriCx1Tj2Pc7A9fInIV0VYTOLDtMBnZrHeECE9z2fJuIBAi4nu+m1B8sVLttlJveGyJANYLO7bAvNjlS39eFL8Mxcj0AxXOO91y6FxQm3jlFJ2W1h0y6OwZFhFm9sapQvd+Cg4NZk5Hk2xrz3dCF5pa+DU7oTH5fxghANx8IwIDIcD9jAziGaVJ0ld0UwK6U2eJBU/ZR0XekBZlOQxkW6gH4ah3q1EGMa+O5YKA0HdrXhoAVWoe5F06/PPH985JZ4JfkO1OQauvoQoon+doS1VGySjDUnJDG24VDOw2DKsNqDT9VtFe3z5M4mUc5gJAi4zyhBXGyJQJsiKfiVyhmQebRCW6Eo3OM9FMv+3K22KFw1ZUTBHfyUkM+4EJfJI5QLsY0mlMv45wsgNEWjHc736vQ4V4zPUGaOhVFZjeCK3DtFb+70bG2v4lJ09IQmWikbziJ/4+4xzhqQ2nCIsiUQY+pDiHRJkRQRSHGEGmzgWf8sFbLFQTAWJVLIzw8NzhbA/i3iKqbVwdevg2NStzwCYtyHcgmt1zd0x75VjwlXrCWX3hHoDESPVGRUThWkiEV5qoARHG//Qd4zlpifddDLoohGZ0iAo6a9Nl0DXmoX+66/0rF/uFJHoQXGeDp5tHMckNp53e2juHQvrf1cay5UWxDZwaEmwKiOH/mz+6ooWiniacobsqS2MBb7BNIGTMsoQThLr39YAKuFEleEG5/+wU2J/4muESBIWu9PxhK9d2IwE73/xFnzm9V8S5YIHTHhALuw2nSZm9jJzLmziEag0ZwK6Tar0n4wrvzEz4d2kLt+/5MhF/RQ4ZiBAYBXACiiFWiWooYlr3mRaTZZ0nWM6bHDwonLBCBy+BNV15dQHgHu8EzljxX6ogkbRlPzK2QA07s3bRFO1JTrA1HQdTOehQQEn5QHSSUXMeEdvwViald7Lqsp7hVn6Kl/nUqGnL9QGPX385MUMPXn68tl3L797Nn/27Okw7pozreLgzSxDvUAEibiIawE51U6p3rPKV2JJlcBiB+8ablllrOd7RoQZKNDgWrkIzCSOKm4dzaeG3NfSocJHo+ntI/PHYsR5SiGrwGQv1tSy0B71cz4hCuugqS/aDrH0R04C2jNUPX9xHFP9Lk4QZSuuV7Y9LDV05LxHD1VjAFEoDrADVgnNtjNvEAi6oofbiqZ1/8jQm0TlWSnaz1o3rZtpYlVUlPA8LnXUqf7T6X/dTYVjrHBYbb23vxpXT1T5VFp1aUUQjuMFvLBwTbojZy5atZh+dQ5fzV2z9YVNop7VW3HPVhDO0QWXkuqJCzpJwqk2iZ7O0DoiM8QFiumaKpzwiGDWCCYtsFEmFWYRWdCepXNuX0TnZw6SViIoxdGGsvrSDVHo10wFDV+vD6NiX1h486zgs3o6T0lM87Sb+nvThDmeH0Xcmjkm5shTeQWCXD4iWKpHT6IeQeo1hEAj0lLbUWngUFmquY4pB7KxGNUCiv3l0dfhU89+orF8z/k6IWaltVM3DuZuAtZj3NM/u9BjHl3D+rEr/cz9HWjc/AYBDFr8Jgkpg+jMb3rNyg0XamE0QBmOhFm04cLRe1Ss8pbI9wIWGrWfKOKY5/Rgny/9JSdeYDSNQ1K9IJeG1Mfe/iZorjg7MgC0IbHMaaKQf6rVhDLB8WpB0xx0tNOCKEDZoFaxJVC3PdGD5Rw4YegUk1ZP5nLKvjV/BRo518aAN1FtbHNV9JRzUz/vnZmW9rh5efiYOGdEczQmmulGQAQmORbRhioCrprD+1BpDj0g8/Ucff3ji8WL5zOERTpDWRbNUEoz+bAJhct5lmClTfrDkHz4hFxDFkNEmOJyhvJlzlQ+Q1vKYr5tAdH0nu6HwbYTpLHCKU12B5MwzdhOChJvsJqhmCwpZjO0EoQsZdzV2wPiFN5RCYf/5xePvBCDOoEUR4d10pHZYBFvsSAlsRnKZQ7nmO9fnfoYnBy5zpdEMKIgScBKk7/6zwJky98LM7hq05aNIl+WdKvF8qNeAVQBjca523g8gXrwOJDx2Mi2IKn8UNHkUbrgMfp8fhY+pJIZjqbrVNlik5jegU3KQd1iCwuHKtdhhExrKMVZkxJmjCvwf01GzmsyTHNKg8WjG1Vsly6yE5hsQbqmXSthcIajDXlaipeTV+bJSVi62F/Re5cyVBUb1q8VEgslJTTGpeIIOieNedomQHCkRVODaV2BWmHbUjovjrPJHI63l5cXZ5YOxI10B3D5oTcpV2RRUU5dw9qDE7AmlDDlHa/Mg5QhDKQRX3QQZReWY7brcOgGHsYlljRCOFcbE2Rv/NjWCR4EV4mPHoKs2M5+//pyPGgXUQ5B3C62Osg0kUzLrgrlzx/fhclulMoWTfNtAvpAt2HQocoMNTHtzdCwFofgGMpFwHzVSejTX/J4t5CEqTmcYw1F4BzooY8GoGN5uiRCG2jm9MwFkxNxA8FklTj/MNtWRAgibmG4XNNhwn74XJVqzS08gOSpn/CTs0etwW/oA0t2yGajIlqGwTSaNJ+9NkfQkuh9FcqSfE2ZPTfzzgi5gAftYqIRR1jtcF3Aj+2x7W4ZlWhPo6fqbdlTzOJAN8OqA3WF61UZEJ5nA9iAQtmF9QC5NlD1iJgqpsBaHQEo7YuUawVVi4iZFFRfyFwbqHrkXBXUwaOX9cXOteEKmAVDYLUHzo0EzlqC6drw8rqEH4J2DyzNOKd2RIs7Xwbj0N31ehiFbs8JeLtD2ozXruIK6Ff9j7KYfK1mOI/E/MGVf/AUr4k8WZIVF0ZR6S4sd7b4xCP95iPzptE3YQW6Jrxl63GI7vye8PMLONPWNpieA2usNkSQWG8FSIw4s6FpdvPjorwaHQ/oWdP4IJXaaG8fFduRZOPza9JJ6aXetMPqyL+ZDFgzI6cNTzAtx8cRTs4ZxaKkJVmnDVNbxs5k7DE7OC+Ppw1JOJlnUhxRmeLTw4/bnTKNzJ86Cj+GBu3jjHljfTAuJcc4YUy7o5wvfjGHIRwYsEErClRA2249NwJsfBQR+GumhdFMtjRUmoFrlm9tbph6gBE6YDdplvB6TeJuhmQ07PnZz89gDybQ+VmYmpqUmtpA2Yo2YpWaSlV6e4+1LbuUCR7nkRfrWuGzc+zmMVWx79eFBy1uXePOBWenszBMA8UqG+7ndYTRGDdvfaXXqKMOn68pc1hl8QEy5h1l+VdDHwq2oB+4ggBmF9gsCIp5lKeE6XWljR20JBHOazaf2pCdeXnHcEoj0GQ3WOy07WaaL0OihzuRIy7iRS2kbuD06SLqGb9JvMB5Y6n0tP/GCGTK6hVfwPJOYkv8/KwsalJs+aDYFFK80Si0Aa2GoTKynRoqI9sC6tzj2vlZpShLCKzAEUGrHOIGXMu87KV+ZC1bKmwVGrVD0QZrOx49SOh1U08vic1KFZyrh+0DJsd6PnvHSxIJe7rpR2xarHrASqxzdK5qA4UUJZVkFfMP+qF4bcCWO7+xYBck+SUnrOGKO0SV+AvTNW/90i2e3yjaQyObPWUE+wlkUwAkjyjYB5B15RWWCpFtqushBspZo35YsO3bbJwqkh50NAANQCYL62KQfm08Gf2Vq4HJYhphRaQNjYSfeF7UqFBc4aSOq7kNgApi9i0q0a9E8EewH/8PhK0/ga/QY5QSzKRNZDFJSUIqaLRl3j0e3zvTJhZr0JhOJNqMjggnSeth1Hhagsg8UV7RQkcDPZC5ObLlAq0wTXJBWsTp/TpKrozhM9eWh7brrxpNdhxMHB0md7UFryCCKpBtYO7EM8EqWaDrxgkvOrqT9nEn3bH7xO7ciL9+vQ1c5XnLPq7yThmkE9qn1cmg4du11ijiQPRZpYETP4Zcv33ivVmcKZ3c/P2Hv8j/fnbS2NbV+V3oXRaTr92Uz/Ur8HqY5srWnnykiFSPoJD0WPq0NSrLUqdxmDb+8P36bLv8/HF1+uN3//7qU/TL8nS9HU5ebrCIO8kXNVzh1TCKx8MJgpLaf9Pd6anDu8bperUzsKD1W9UC4y4v053eQB13AfnwkHQIaexcIJotVjRRRJzUqJSc0F/Vf21f8MWC0tR7t+YA3+UZ2b34BivEoygXkBuKGWe7lOdyYaLMFjFhlMSzWljVQpsx8Lj2lvlzLTBT+u+IM2YKogefuc8UTjNtjiyKKgIiZwvsNWT/Nh+0M69KfzwbzfD18/Hv4Hnx6h40Bh49aP7iikV9fP3pEr26OHcfP/RnSfGdKU4bEXpTWmjla3rrzkjycAY6LFlAqOwD45OLtJmu/6ZS5tb96ki1865sZ2++WWdw7xT0/Ma1Ov1NprUDfvKnp/MnL/44fzJ//jQMuWZLF9s9QVlEs8YZaxNo8SZ6oDew+vOHZsmYBVBbFu1YF8XCGs/cWsZyG1bfDjOfGKR6HpGvJMo7mRkluVREvEw5o4qLb1NMG93ph5oL2osTZj9hMZhV6PPH81ZQ3y6+Zji6/laSKBdU7b5deOwe7t4uDSuYW4MFpJuLI7h4mhAsPkWCJ4mtoTueh5bsYsnjXS9W/VKjBAtdIcL0ZqsDqf4wjK1y4lJGgJn7SYJlV/dVvcWut5nkMsKH/v1pcVlDNU47RNInm21wI1Ri78229eTbO0MipLgGBiTG7mxvb7vmW8Dfn7rkPy0pgkC94bcVQBaSRK3QVgnHe+6TTmtICoLgMhSmtopx3vwF32B0Q4XKceLnKYaBy0jky4XcpUueLJReE1Af/Lb6gS4wlFWhKaRQ2yLhKEoIhloMeYYMFgRYAt6zGnCIe70D4ANwA5Re3FuCrxeCrOTCOkUB/y0iv9SYZQYhSAVFgGEimAmLiPQ61RUmKXCSkGQhiIwwuyvUHr9TLK7h/gZ6Q2xuEThjE4JwliVeToNUPMuaTjP/uB9LuchZwu3tQnfQE0MN5guDAxAAMZD7UZb7pfubGENCeSDGC3s4f3rx2cxxO1+IWHGRmju+nAAKQGwX2ageJR5mMupl9MCO6H+1TvBcSRqbzcg1EYwkoQ54gmUn7wElZXWQqBOlIDi5C5iXcKZhr46og1a8rA5o3L+FloJtC1yaB+d4lFG5Cbv0f75JFyJnLUuwvSNDokCoK0D8lx/fWzSmvrBdbTOEJcKmeT3LjcnddbhnAkvkAs56FlrKtAmPvZF/j8USryvctFTtCZOmaochJDSKiaxFIGgXh3lqFmsIivNrPcQGlMXZicurW1WFsFfozfenEGRjVO+6heSG4MlOjd4SnCGcFCXjMYvduNBfR9uy+pvF9bJVqFOmyDqQ0TJM9QAs3fmiCOE1TTikUrUrGq2Zbg3SZwlhOTjrAOPHTqxJONNuj4H7kMQu5A7i4aMozzCLdr/9EYTB4ysI/fB68BsYzlae9o/ujudsPeX4/kM3+Dsf4V29D7+BMe7gaxhdGYwjbipEq+6ZTyaJ011d2zzgqM+Brhs40oyzevhuldw7uODTvlf17JReHz4n82iezt8Thc+wwqdwgxocENkb6apftimuoOemjsiorlCDzdnf5aeBSdO1Vk7MEH5/2u7uCru6QqswvFoKmc2aG5QqljqlLhQdkVuFNbFtBrpNTrAczgW/IWJDcMcdHCdtkys00hVCxcJJ+LYaOFtbOeZ3FxcHFu7r+gF0k/6Xp4+f/PHR4xePnv7p8snjl49fvHzyfPanZ89++nL+w5sP6Kcv5qTUNDG3IOa/5ETsfkJfbhY//mXz848/oS8pUYJGcB77Yv5s/viRbnf++MX86Yufvjz+CUzCL8/n36Xypxn8sYAr4eSX5/C3Npw3VMkvT/70/Nl3+tEuI/LLTzNTGw7+AxDgmOnL3z6//viPxeXb1z8s3ry+PH1btAGnpfLLE/0+XP/15X/+eQJo/3ny8n/+eZJiFW0WOEnMn0vOpfrnycsn88f/+te/fpodIm8grFt0C5u1LcDQNhuCzF4RVR29fhGjGdyBBIx0qgo73froYb8GzGrD9+zx41SGoNQyDgocehS7gOjfxyyN9i7DPOkg9UlhRWE1jKHX0i9vLnaRNEEd+q02mvWJPLLP5lZBGLIuHAnfdo/riEUygktwK/LCgOyA91q/ZvviB9xNME6eoOlbDrAW3E2Vdq/aguD505GL0Um3LgxmW0bVpESNOOwlq8eektjEmrQBeDoOgOC5ojUNXaX90bzRNszy8ZO3//30b3++/tPP2+drtcZvFBu3PGiHQj6PJ5E6PRLgsmPpxzzqouUKU+JM8K87L6rMPmmJJ7O/NiLJjOew8H0UraLxQWQN06R5a2GjjbPyFX+JH6Bua/cI1ui1XBPo19r0yYLFFZpBWccMumgl0OCQPWSpB5VW2qtV8YWyWM2G2mPGLhqh9Q3uVrvZmuRY7aYXAW2u5/BSFmPuktqacQJjB7SH1+GcSRt0z6iiRdLk5emFFy+l7Rs73YMX7HXPI91W5s2lDrIlyXnvDHPEVwIuLI4HTwz3AXrABUrgihsiHlo8ReAT1O4vL9qugWugWOLoegwI+34QwxZLJIktj6s4SjHzCg97Y1KWbApdqgI/DAaktzmu/pPiXmSUR9IAC177ZXTlFlNVnLtWkk+qMwI0pjv09a0FewBi23GXgdxgQXkutY7NyeAlWYb76eYmw+RywqpDQaTCy4RK76obhpOmq6YLMbh7FqK6CQ6ArBfvguC8lCo7XSprzLt5nkpEzFvzgYCAZcD02xnJUTjcCrN8v49xnCFzkRvkJurN+vAu2NU4gJnl6Fp94NKitkT4d//b2igQA2wr53sl3IDQUHCOtbePzlL6g0TrhC+N2TwCJx0hYY1UtReRmGu4qhK+V6ZD5YBFs0hAhWTlihGXl77cobevLsCIrN960uxrbd/VnDr1zV/ws+pYbUgBwG4KHVc891eDUj0LbHRI3OjMLyOn5uESOVNme9Uzvbr8vp0ZXoOPVFvumg4T7MxOGkyyO/+oJ/eoO++oQucjsaMiEdZfmOP9Ipl2SOJRf6bYXoyu3MRRY3JLgtxw7oYr0AxLnxpMxY1drUdNnUhEajdMC6mqYcm1ScHMPUxWPZhEb23KwV0kpPocrvgLyMJSULZaUMXid0oepjXsNryvIUT8plAIgQzmoZueaqD6TWfiRF15RZxB5glTFWy8AqrJHc01I+LrZ4bhPXBzlzIdyGIbMyFKq54nALnBLE7K8vtuuzMh1oZpvS9UqWiSuGnJK1bUhHCtvdgpyHykzia13yHyNSOCEhY5plJZogKYYmejle3X9R1iK9461DR0LVqXuaE/MNkKlYmpTb+i/OCDy9MLxAWU+H3YILlRqtXEuEiINqBwHPvPhwoM1DR3Kvn2UOi43Xlhw+sFSbC3vaoUdw54KsadM2vxncuQ1qhAAaLmXaMhiqsjK5u+AQMd1o84U7kgeoPFr+nISjsf4BecoBPd2P+BagsniIA1Yss7GC8Xrvi+NtheLmloOqXgODsfiHhDcEzEyNIJxQ0l5uOitToIFOfEcdiYPaU1fWI/Kl82rZ3AOJHUhln7qyI8PJXVFZyozRSi4fO0+e0+0/ROJ4gVwBv/hlTspglYmlRJ17V7nicmW2vYNDHvTjxLvHmCty6XdZHQRsxIzV6zIcb+LEH6K9/PYer7qQ2PZ8U72qz3K+u7Mun9oDugg5PHaOFFd90ac9bosV6QFFOYIYVtad3VM+dmll4lmaBzyIViL4naEqv1TRWX5U7Vbxuv5shCFJxzobq3C4lQOk1D3OmXy8AX8GDaS8gXMVa4j0VjvWCl51dq1Y3RKk+Sqp6bQbV6MOr1lxrF4X2asBtVzGacigJ3VuE8qHRhyePdQ4RXioj6ePsDPKaXRQ+jVntGG0IQnAe+kT02PrUTsbDDvTXEayiDQwsCRxHJVHXCRwmv2EAt/vffBEp7IEwjytbYOw8+hwctx8Hmx+66IkWL4XEcVVAkJsv8oOKObbf52I5A+6MKya5wBFe07uvTaCrVTyZdFUp+YVXGj8LNdAamdaX21pd1JWmnAxe6avgEuHYyQyeMKxoR/T8/zmaGTrZYMMrWJyhQeP4kElTRCCcn912JtqCI6QEZ1b2TTDd/nGP/y+cYZIbl05wohKeZpXCcaf/LZppT5FT6Wvz80/BKz+fnn4oUCZg6QbVO26/zbEHtV1Zu0EB3foufhrDHvX32uHrKe/suy11G3919x+vxKmQhrNiWZLgd+kDB7uKhjAtmLfe+NUK9OlJJRgCA+LCu/ODf9HWOt3DL5WW5Z+1bLfd2Fd99X50ooVAJVvngWxOHEpf50nO0h6lvKXv2dHr6fzeXfqNe+s7NF9pUT7MoQxvulpGgitzC6tTNmtWp9/KUSYX7ioSHox4nwMK8KAOrxuDkzYVJOj1vfdpbLMt7SFqS5+/x1tOgC/9QcQWu6zLM1/jqpalOWTjTutXLhks1/djpVq3PHeh0Y/id3sgKsAuX5W8JupEm7ciPV7oekp4futI1P17pqo5Xuh6vdO2FdbzS1UN0vNL1eKUr/Dte6Xq80nXkpDxe6Rpk0fFK1+OVrh2e+fF3ut63qxGoT+wEtsR7fcD3eyhhqU/cd0u8t+/36Sw6HsdUyN6321sQLDlbZBvRVkb+UKe/bh+Z9ltPpPLbcPjCaaVXcDrjPOlIuTragkdb8GgLHm3BCbG03U93jVfXfsToX/XfLdEm8Ft5F3oosMQ1hw4PFz3wJnADNuFriPwfbIcqmhKpcDpSyLrq4fBpGZ3tyLckLJMbUtf0ZQ2ov7/6+EO93OSwiCLT8H0Hy6GKWAzVWz1IrZ4WwWheHRB7v7bmfwuQBDeu09q383BxCjQ4CgJcLT6VckfoEm4qp6xjvg3QpgG2oGkET41L5mL1Lj6h3tmK+vx8A2Ah9N6WtshwWcIJ0LXDWeXJaJ/jICxwtXKeJI499dF0wpouMfOltXnQIq7Nj93x/UWL6HcrsCe9HeCvhmf9NwTUSxMcSPfU5m9Ds3o2GiCt+9b6FfiGtLnhpvaTebgIVhBM+FoqLP2Lad2jlknlfu6eVl67aPKJZYG+84BW2TBi0vlRrXrJuUZH+a6m1aktJ/16YYQIdRkTB+5aC1PCiUdLf+Zym4XZ1UNa7ju+fv6zeb0t+tXNmAkhmjYRF1bFbIt7RGvXx3bdzjLRwIWrIYqcMZNvqkl5ADV3e+AlfL2Afgxf7T0Yr4m53MCcWUG0/NqUMSuwB5KOC6HXqDM+esE1mziurOPKuvOV1b6qxqP7iLcoztOsOMd2Z8RNIkW0CXjGJnY0VorEAoEu2qp5JfMhM8Ze8VrSfonOWZYrOUNv4IJuOUMfcqWf6Dl1ymMStd33xPn1grJQbe79HdGvoYw9VIuCS75supVzUQ4JBna4GGaNKJdbgwXEulDZ4cywwC3B0uNn9CdzNaVREpVRRRFnK7q2l4n2A1oEldRh+uvRf1aRVSCZfAdbnakebzHoP9Y0Tjlb83jpWcb2yfBUrPf6g7M/96djlbTQmJSsqvnqUevNyTpQiQcOftsQhFD0ZAX2TU77TalAQ8q78KOdVx63ibhuR1UPojc5g3oAOEERVmTNBf3V3nzUA+70w/v3r344GwmRNVb0AMOHfFW9cCijCrPYVBgdBSrU7BAjw/pgOt1XnhRza3Mnf0m8lfl+9+lv74avS00KPqmuTLnhQi2MNHmJlMjbdreOPNo3f7IFAOpYsdOHalSBjI/YuEtPuTHxFjRsUI5Xu68gmN/0/Lv5v8+fWsPbldMxFiWN5+gNF/Y9G0ogUSYoh4oy3pcNCsA5WKtlDLutvkhbjv17jgNs3nJHR7u3Gvd9HjDhJrJnLmsKo6ZyIGFgQEcNMQgEhfJeEdz9ZnLhIfG0PRVoPDFI9YF+lvucDtJuFNqiTRvhBUOCGMqLFqYDYnKAtUCYT32Zb1lcp0SjbfjZQRf6Jjy6vhW8OOW5zTKrYt5iqlnq9gYagJY+S1KGVcx1C41WjZVM5UH9FXwrIWtsItFbTazSrZeF8KzZ3rF4AI0WipSRqZRBAJGMMBsGqE0LHgImZ/SrpyMVviaslHFXn15flr9edYFrXv41LHavuBOsRXhMyXmvJOz5WTHJLXVr77E1ZV89e+8H/fc4ew8+2dPec+TRIfZeAAC686oZJZA9amcUcWELvUEITgEsBB454V4x85WpLagpeIqGyDk6VxBBBvceoCWJcC7hgkJzhpya6y1MXUcyQ0siaUykVxuvQbFsflYhZcbKlcNM6DVBV//30RsutljEJNb/u5qjT4QgnEhTEPOq4MlVKFjuFoObTxuBzeYQGSr9ZfkyoVFDYVcRwyheGebP0fkKMV5+2KBXcgkLVwhUWas5YOtaHILeYNW0HEJAmhQBWKu99pstmnGMKq6Qvc8A7/uOaP6dZtzfW+GVY8L81Anzn48J88eE+WPC/DFh/pgwf0yYPybMH5OkQvw6Jkkdk6SOSVL3ljBfOuXGH8JOHJtoLv00gRUPyHw9N5BmyBVGftgShDSZS/iiOCQlTNEVJQI9uDg/a6GrJnRF2yNfR7Ytkam4/GEy0qelB7yP/PSntcS/5tX527l0JwfO4/7BPGnxuVtfN/macaHKY5Mr285Vd85gSQ0dnisgiMyT/stHOpcoOJVX4T6Z9lFKlNAqXA1dqNN7K32law83N1iVxTmNbxZiUFu8LVFA6R0A6g0XiLJIwMVPeq+NFZ6hFItriB7WVpSJHy4KieI4bpziIVNUM+U3JAbnf4QZWhK4bJmv0Al8czJDJ/adk5n+4EQynMkNVy2V2zdcqkW5uqYdCU9WOXkOx/WVOqp2llsTmEoXvtxUeT9o0zNJdkVDTc1YOJEY/QqH0ROJos/Vk0c7u2AO+afmSFIW2WDwjEebOfos7Ql1xNMsV+7U7eq/vIPKiCd52la3FSeExVgEO5PvPTo2kFW4e32LqDxjqSaJuyCdpgSOxo3Zb9e7HbLiGDLjUq0FqcaeXZiHowPQyu/2PJWsoEH7x41Wgdx26Gj9WLSNDe7fbyYCjabkV9598Vw7qV+t9CrI3k2Ym29OheVH0/FbRpzhOKVsVLyZy0BoNFv4fLHCy2Z1l5JmujMB1qNJBlseFln35tXlq3dTx9XFoRD5rgihEs+zx/PHo+Ccudh3vkJ4bDxISffT63evTy/Rv6E3Hz+8hzGU/zEKx9/sbQv27sf7Cji00lqQuHKLykf9d4uMht+6U1pdc+jeE6UN2EJaDhSW023RLr1Y1vMzp00NqtCdzGXs1tQ5arrFKn1XS3+OTitm41WKpSLiaoauZIJviP5PtKFJfIUeaM388ezNt68+vEFbYe5dhN8ezkK26ZU2JCgjydXwMN6p0gUb3YIMTt2ZGyKWXEK/zNVHV2AXX9nrjlqw3spibLQ6YeTvJxfaC2Eo5g7xG216ai1upsANxQgjRtSWi2tvwz7UqojSMcEbgyLc0hSzGBHI9Wo7D3YKYz7ZrRtvgVVsjaiCuFekuMNg7V+DC5LfItGdZjap9CilRoeyuiYTXhamqV6TXXVL5higt6Ldg4PFlEUmINpXrHOtJKW59DkMKsJJoiFZjWZOeTyV9gkeDN93mAb23G8U1NEhYZAhCKgrDjJXmyn3G+8oy79Cq2WW1p1nvcAdvDguUWk83RWUWi4QGZg5AL6iPahmgq8FTve3D/YmPKm8uSgFjgMGvjLpykf1A5peUw7KfTssQwXcOWVyRukQNHFYEikeSI716UpZj/HY+4jVrkRp7pSMtDb69Omt7jdlBpUcdr7ZlcM/YEusGVMjXDerTl7BTcvGz/gG06RwM56zG5zQ+GTuvROgkRLMJMJI5hBmvcoTQ25etmDfsQNjY0VsGJnLaC6OmwMk7JF/ga/eXtlFrBRJM4U2WKIVvFznc2fo6giW1sJkbTRqnbkZllIrzRPgqAk5via7kzZUjVN+NwkDPwyCWhaFruUxVfmlNXCKm4e0hcUmeJaRuBnWPTE+zdnSjLVDrM1fnhFmbhBLUxJTrEiyc6jaQAfKPHcGzowBDMWeD2KppGuGVS6aE34QjuLzwsVrgZmw9muyayMcCibpknUDAI0OKbmyS1qvonlLRoH5N3VsSTi6pD2+ZESESf+5/KCT+VFxJsNiF24PGVWNeYYGh3bcGixDtpNb/XE5k6Hrj84ZFJ8zJEJnBL+GRumMiUuZjGWt0Sk+HpnH/BYtNmOnFWm+7qBfU71yW9eRVlwtpMb8K7zSYBb98OESTh/zmBPRjJcdpBsqgQ66tQhLo6J0s8W2u9tAUo0LzAdSv7z8h6cUKxRpm/PBU9rbPY2yyJaVjKkgkeJidwCIYJJAMU6C8z1tcYXFmii7TeGeJ6QOUG6pijaBI3OveEsaUm/DWFXz0oEfUUPo2SFp3DgO71Zvdc1Zwnsuu6D2GcSoMktuSShbmyCO1knT2McPtja7yJ+ftRpykxOEQeyguAmlCwxoV3+HVjyJvbARRrbQwVb7eEMCFYgHEIvJCueJMg10kAtOceDAvcxxR/nOJ7lvOGkuAZBbmHOtAEqPVYC855K9rUoqpmnPXXvPHlKL5859pEPo3pKXdBDpxtSbwh06hPIdOkTt8YcSmKzotXf+cWmejAu8sh/1V+Ur6aFDTjyC9NC9lH5wUA4p/hAc8IlKGAQpd0bSjD8P8INlwPVveAFBqb/DagMA7jYCW89NHvHHN6foyfMnz2yQq9pVXWstouFYAeFYAeFYAaGFaccKCOxYAeE3WwFhmdMkRHMiTND8qOIHx4oMx4oMx4oMx4oMx4oM6FiRoeP4/FiRwf47VmQ4VmT4/74iQxUJbMMXMIsn3OR6RYENBRkkvxKcKcLidh/Rfv5Qfw07GiB0wjttHF1rEG1Ojh4MQQS5KC6oss3b82Pn+KDgWzT1Ub/5fwEAAP//0WyDBg==" + return "" } diff --git a/filebeat/input/log/harvester.go b/filebeat/input/log/harvester.go index f531404752a4..52731f97ef35 100644 --- a/filebeat/input/log/harvester.go +++ b/filebeat/input/log/harvester.go @@ -310,6 +310,11 @@ func (h *Harvester) Run() error { fields := common.MapStr{ "source": state.Source, "offset": startingOffset, // Offset here is the offset before the starting char. + "log": common.MapStr{ + "file": common.MapStr{ + "path": state.Source, + }, + }, } fields.DeepUpdate(message.Fields) diff --git a/filebeat/input/syslog/input.go b/filebeat/input/syslog/input.go index 29b2325359fa..1aeac3975216 100644 --- a/filebeat/input/syslog/input.go +++ b/filebeat/input/syslog/input.go @@ -204,6 +204,11 @@ func createEvent(ev *event, metadata inputsource.NetworkMetadata, timezone *time f := common.MapStr{ "message": strings.TrimRight(ev.Message(), "\n"), "source": metadata.RemoteAddr.String(), + "log": common.MapStr{ + "source": common.MapStr{ + "address": metadata.RemoteAddr.String(), + }, + }, } syslog := common.MapStr{} diff --git a/filebeat/input/syslog/input_test.go b/filebeat/input/syslog/input_test.go index 706da1b87379..939d06150cdd 100644 --- a/filebeat/input/syslog/input_test.go +++ b/filebeat/input/syslog/input_test.go @@ -55,6 +55,11 @@ func TestWhenPriorityIsSet(t *testing.T) { "facility_label": "user-level", "priority": 13, }, + "log": common.MapStr{ + "source": common.MapStr{ + "address": "127.0.0.1", + }, + }, } assert.Equal(t, expected, event.Fields) @@ -77,6 +82,11 @@ func TestWhenPriorityIsNotSet(t *testing.T) { }, "event": common.MapStr{}, "syslog": common.MapStr{}, + "log": common.MapStr{ + "source": common.MapStr{ + "address": "127.0.0.1", + }, + }, } assert.Equal(t, expected, event.Fields) diff --git a/filebeat/input/tcp/input.go b/filebeat/input/tcp/input.go index ffbd293b30ae..eac60f86ac96 100644 --- a/filebeat/input/tcp/input.go +++ b/filebeat/input/tcp/input.go @@ -126,6 +126,11 @@ func createEvent(raw []byte, metadata inputsource.NetworkMetadata) *util.Data { Fields: common.MapStr{ "message": string(raw), "source": metadata.RemoteAddr.String(), + "log": common.MapStr{ + "source": common.MapStr{ + "address": metadata.RemoteAddr.String(), + }, + }, }, } return data diff --git a/filebeat/input/udp/input.go b/filebeat/input/udp/input.go index b897e1440c26..2387103d6fc9 100644 --- a/filebeat/input/udp/input.go +++ b/filebeat/input/udp/input.go @@ -75,6 +75,11 @@ func NewInput( Fields: common.MapStr{ "message": string(data), "source": metadata.RemoteAddr.String(), + "log": common.MapStr{ + "source": common.MapStr{ + "address": metadata.RemoteAddr.String(), + }, + }, }, } forwarder.Send(e) diff --git a/filebeat/module/icinga/startup/test/test.log-expected.json b/filebeat/module/icinga/startup/test/test.log-expected.json index ee4dfc139938..be7a016f527c 100644 --- a/filebeat/module/icinga/startup/test/test.log-expected.json +++ b/filebeat/module/icinga/startup/test/test.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2018-12-11T08:08:07.894Z", + "@timestamp": "2018-12-12T11:22:05.182Z", "event.dataset": "icinga.startup", "fileset.module": "icinga", "fileset.name": "startup", @@ -12,7 +12,7 @@ "prospector.type": "log" }, { - "@timestamp": "2018-12-11T08:08:07.894Z", + "@timestamp": "2018-12-12T11:22:05.182Z", "event.dataset": "icinga.startup", "fileset.module": "icinga", "fileset.name": "startup", diff --git a/filebeat/tests/system/test_json.py b/filebeat/tests/system/test_json.py index 1d6b0bee8e19..7680d9111447 100644 --- a/filebeat/tests/system/test_json.py +++ b/filebeat/tests/system/test_json.py @@ -41,7 +41,7 @@ def test_docker_logs_filtering(self): """ self.render_config_template( path=os.path.abspath(self.working_dir) + "/log/*", - json=dict(message_key="log", keys_under_root=True), + json=dict(message_key="log"), exclude_lines=["windows"] ) @@ -59,10 +59,10 @@ def test_docker_logs_filtering(self): output = self.read_output() assert len(output) == 19 - assert all("log" in o for o in output) - assert all("time" in o for o in output) - assert all(o["stream"] == "stdout" for o in output) - assert all("windows" not in o["log"] for o in output) + assert all("json.log" in o for o in output) + assert all("json.time" in o for o in output) + assert all(o["json.stream"] == "stdout" for o in output) + assert all("windows" not in o["json.log"] for o in output) def test_simple_json_overwrite(self): """ diff --git a/filebeat/tests/system/test_modules.py b/filebeat/tests/system/test_modules.py index fa6bd3448ff9..4a3b39aa28a2 100644 --- a/filebeat/tests/system/test_modules.py +++ b/filebeat/tests/system/test_modules.py @@ -194,7 +194,7 @@ def clean_keys(obj): # The create timestamps area always new time_keys = ["read_timestamp", "event.created"] # source path and beat.version can be different for each run - other_keys = ["source", "beat.version"] + other_keys = ["source", "log.file.path", "beat.version"] for key in host_keys + time_keys + other_keys: delete_key(obj, key)