Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue with drop_fields short-circuiting on unknown field #2664

Closed
Cord-Thomas opened this issue Oct 3, 2016 · 1 comment
Closed

Issue with drop_fields short-circuiting on unknown field #2664

Cord-Thomas opened this issue Oct 3, 2016 · 1 comment
Assignees
@monicasarbu
Labels
bug libbeat :Processors

Comments

@Cord-Thomas
Copy link

There appears to be a bug in the latest winlogbeat. I am trying to skip some fields, so using the drop_fields feature. If there is an event that doesn't contain a field, the beat appears to ignore the remaining fields in the drop_fields list.

For confirmed bugs, please report:

  • Version: 5.0 beta
  • Operating System: Windows 10
  • Steps to Reproduce: using the below snippet in the winlogbeat.yml config. If field "user_made_up" doesn't exist, the remaining fields are ignored

processors:

  • drop_fields:
    fields: [computer_name, user.domain, user_made_up, beat.hostname, ...]

As suggested by @andrewkroh, the following work - each drop_fields is processed separately.

processors:

  • drop_fields:
    fields:
    • computer_name
  • drop_fields:
    fields:
    • beat.hostname
  • drop_fields:
    fields:
    • user.domain
  • drop_fields:
    fields:
    • user.name
@andrewkroh andrewkroh changed the title Issue with winlogbeats configuration - drop_fields is short-circuiting Issue with drop_fields short-circuiting on unknown field Oct 3, 2016
@monicasarbu monicasarbu self-assigned this Oct 4, 2016
@monicasarbu monicasarbu mentioned this issue Oct 5, 2016
Merged
@monicasarbu
Copy link
Contributor

@Cord-Thomas Thank you for posting the issue. I think I fixed the issue with the PR #2685

@tsg tsg closed this as completed Oct 7, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@monicasarbu monicasarbu

Labels
bug libbeat :Processors
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tsg @andrewkroh @monicasarbu @Cord-Thomas