-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding Cisco support for the Syslog parser #10760
Conversation
Add support for the "sequence" number in the log format send by cisco devices. Fixes: elastic#10654
@webmat I am currently extracting the sequence number generated from Cisco switch (syslog variant), I've looked at ECS, I saw there was a proposal to add an |
@andrewkroh I've made the changes, I think that should be ok |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thanks for adding this. 🥇
@@ -81,7 +81,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d | |||
- The `elasticsearch/deprecation` fileset now indexes the `component` field under `elasticsearch` instead of `elasticsearch.server`. {pull}10445[10445] | |||
- Remove field `kafka.log.trace.full` from kafka.log fielset. {pull}10398[10398] | |||
- Change field `kafka.log.class` for kafka.log fileset from text to keyword. {pull}10398[10398] | |||
- Address add_kubernetes_metadata processor issue where old source field is | |||
- Address add_kubernetes_metadata processor issue where old source field is |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this change intended?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, I presume I wont be the only one removing the additional space, I propose we make the change :)
jenkins test this please |
Yes, I like this change. I've made a note to introduce officially to ECS. I agree with the datatype and the name. Go for it! |
Hi @ph Is there any chance this can be backported to 6.7? |
@inqueue I can backport it, in retrospect is more of a bug than a new feature. |
* Adding Cisco support for the Syslog parser Add support for the "sequence" number in the log format send by Cisco switch devices. Fixes: elastic#10654 (cherry picked from commit dd92b6f)
- Added `event.code` (See elastic/beats#10333) - Added `event.sequence` (See #129, elastic/beats#10760) - Added `event.provider` (See #321) - Note: Beats modules currently put the Syslog "programname" in `process.name` which is sometimes accurate, sometimes not (e.g. "kernel"). event.provider would be a better field for this. - Explain event.module and event.dataset without mentioning Beats
Adding Cisco support for the Syslog parser * Adding Cisco support for the Syslog parser Add support for the "sequence" number in the log format send by Cisco switch devices. Fixes: elastic#10654, elastic#15979 (cherry picked from commit dd92b6f)
Adding Cisco support for the Syslog parser * Adding Cisco support for the Syslog parser Add support for the "sequence" number in the log format send by Cisco switch devices. Fixes: #10654, #15979 (cherry picked from commit dd92b6f) Co-authored-by: Pier-Hugues Pellerin <[email protected]>
Add support for the "sequence" number in the log format send by cisco devices.
The number will be extracted to "event.sequence"
Fixes: #10654