Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Metricbeat] Copy k8s.event.message to message field for ECS #10284

Merged
merged 1 commit into from
Jan 23, 2019
Merged

[Metricbeat] Copy k8s.event.message to message field for ECS #10284

merged 1 commit into from
Jan 23, 2019

Conversation

ruflin
Copy link
Member

@ruflin ruflin commented Jan 23, 2019

The field is not renamed as inside k8s it is used as keyword field and not as text. To keep this the field is copied over.

@ruflin
[Metricbeat] Copy k8s.event.message to message field for ECS
b90bdf3 
The field is not renamed as inside k8s it is used as keyword field and not as text. To keep this the field is copied over.
@ruflin ruflin requested review from webmat and exekias January 23, 2019 12:28
@ruflin ruflin requested a review from a team as a code owner January 23, 2019 12:28
@ruflin ruflin mentioned this pull request Jan 23, 2019
Closed
webmat
webmat reviewed Jan 23, 2019
View reviewed changes
metricbeat/module/kubernetes/event/_meta/fields.yml
@@ -24,6 +24,7 @@
type: keyword
description: >
Message recorded for the given event
copy_to: message
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why copy_to and not renaming the field?

Can these messages wrap another message from a container?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The part I was concerned here is that it's keyword and might be also used in other ways. @exekias will know more here.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah right. Hence why I thought we should make everything keyword (and add mf message.text) ;-)

But this works

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still think message as text was a good call ;-)

webmat
webmat approved these changes Jan 23, 2019
View reviewed changes
Copy link
Contributor

@webmat webmat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, agree with copy_to for this

@ruflin ruflin merged commit 3298765 into elastic:master Jan 23, 2019
@ruflin ruflin deleted the kubernetes-event-ecs branch January 23, 2019 19:22
@ruflin ruflin mentioned this pull request Jan 28, 2019
Closed
@Feder1co5oave Feder1co5oave mentioned this pull request Sep 10, 2019
Closed
@ChrsMark ChrsMark mentioned this pull request Oct 8, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@webmat webmat webmat approved these changes

@exekias exekias Awaiting requested review from exekias

Assignees
No one assigned
Labels
ecs Metricbeat Metricbeat module review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ruflin @webmat