Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use dots in field names and make filters pluggable #1623

Merged
merged 6 commits into from
May 19, 2016

Conversation

monicasarbu
Copy link
Contributor

@monicasarbu monicasarbu commented May 12, 2016

This PR includes the following changes:

  • Each filtering action is a plugin, so you can easily add a new action to the filtering
  • Add drop_event action
  • Be able to pass fields that contain . in the condition:

    equals:
    process.pid: 34443
  • Add a sample example in libbeat.yml
  • Add system tests for Topbeat, Packetbeat, Filebeat, Metricbeat

I will update the documentation in a separate PR as well as system tests for Metricbeat.

@monicasarbu monicasarbu mentioned this pull request May 12, 2016
17 tasks
@monicasarbu monicasarbu force-pushed the use_dots_field_in_condition branch from 3ce4f07 to cf3bc65 Compare May 12, 2016 10:36
@monicasarbu monicasarbu force-pushed the use_dots_field_in_condition branch 2 times, most recently from a684b5d to 006a567 Compare May 18, 2016 08:53
# exported event:
# event -> filter1 -> event1 -> filter2 ->event2 ...
# Supported actions: drop_fields, drop_event, include_fields
# filters:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove the space in front of the config options which should be uncommented. makes it easy to see difference between config and docs

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good spot. Thanks

@monicasarbu monicasarbu force-pushed the use_dots_field_in_condition branch 2 times, most recently from c6730f2 to 3c34957 Compare May 18, 2016 12:37
@urso
Copy link

urso commented May 18, 2016

LGTM

@monicasarbu
Copy link
Contributor Author

@ruflin I have updated the filters implementation at the Metricbeat module level with the latest changes.

# Supported actions: drop_fields, drop_event, include_fields
#filters:
#- drop_fields:
# equals:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if the indentation will be correct, if someone removes all 4 # here? I think one more space for the last 3 is needed?

@monicasarbu monicasarbu force-pushed the use_dots_field_in_condition branch from b0fb996 to 9779a43 Compare May 19, 2016 09:06
@tsg tsg merged commit 234c177 into elastic:master May 19, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants