Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding the event.action field #26

Merged
merged 3 commits into from
Jun 22, 2018
+18 −0
Merged

Adding the event.action field #26

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
12e7e59
Adding the event.action field.
nick-george Jun 19, 2018
bd12705
Updating after feedback
nick-george Jun 19, 2018
a982607
Fixing after failed test
nick-george Jun 19, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -165,6 +165,7 @@ The event fields are used for context information about the data itself.
| <a name="event.id"></a>`event.id` | Unique ID to describe the event. | keyword | | `8a4f500d` |
| <a name="event.category"></a>`event.category` | Event category.<br/>This can be a user defined category. | keyword | | `metrics` |
| <a name="event.type"></a>`event.type` | A type given to this kind of event which can be used for grouping.<br/>This is normally defined by the user. | keyword | | `nginx-stats-metrics` |
| <a name="event.action"></a>`event.action` | The action taken by the event.<br/>This is normally defined by the user. | keyword | | `reject` |
| <a name="event.module"></a>`event.module` | Name of the module this data is coming from.<br/>This information is coming from the modules used in Beats or Logstash. | keyword | | `mysql` |
| <a name="event.dataset"></a>`event.dataset` | Name of the dataset.<br/>The concept of a `dataset` (fileset / metricset) is used in Beats as a subset of modules. It contains the information which is currently stored in metricset.name and metricset.module or fileset.name. | keyword | | `stats` |
| <a name="event.severity"></a>`event.severity` | Severity describes the severity of the event. What the different severity values mean can very different between use cases. It's up to the implementer to make sure severities are consistent across events. | long | | `7` |
Expand Down
1 change: 1 addition & 0 deletions schema.csv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ device.version,keyword,0,
error.code,keyword,0,
error.id,keyword,0,
error.message,text,0,
event.action,keyword,0,reject
event.category,keyword,0,metrics
event.created,date,0,
event.dataset,keyword,0,stats
Expand Down
8 changes: 8 additions & 0 deletions schemas/event.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,14 @@
This is normally defined by the user.
example: nginx-stats-metrics

- name: action
type: keyword
description: >
The action taken by the event.

This is normally defined by the user.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you add a use case example here like one of the example discussed in #21.

example: reject

- name: module
type: keyword
description: >
Expand Down
4 changes: 4 additions & 0 deletions template.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -204,6 +204,10 @@
},
"event": {
"properties": {
"action": {
"ignore_above": 1024,
"type": "keyword"
},
"category": {
"ignore_above": 1024,
"type": "keyword"
Expand Down