From 89c1ac86f7886cd0eea9561d25f33b0aeca2cc0a Mon Sep 17 00:00:00 2001 From: Felix Barnsteiner Date: Mon, 16 Sep 2019 16:35:46 +0200 Subject: [PATCH 1/6] Add log.source fields --- CHANGELOG.next.md | 1 + code/go/ecs/log.go | 9 +++++++ docs/field-details.asciidoc | 33 +++++++++++++++++++++++++ generated/beats/fields.ecs.yml | 17 +++++++++++++ generated/csv/fields.csv | 3 +++ generated/ecs/ecs_flat.yml | 29 ++++++++++++++++++++++ generated/ecs/ecs_nested.yml | 29 ++++++++++++++++++++++ generated/elasticsearch/6/template.json | 15 +++++++++++ generated/elasticsearch/7/template.json | 15 +++++++++++ generated/legacy/template.json | 15 +++++++++++ schema.json | 30 ++++++++++++++++++++++ schemas/log.yml | 25 +++++++++++++++++++ 12 files changed, 221 insertions(+) diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md index edc5cf66f4..67889ffaa3 100644 --- a/CHANGELOG.next.md +++ b/CHANGELOG.next.md @@ -10,6 +10,7 @@ Thanks, you're awesome :-) --> ### Bugfixes ### Added +* Added `log.source.file`, `log.source.function` and `log.source.line` fields. #TODO ### Improvements diff --git a/code/go/ecs/log.go b/code/go/ecs/log.go index 492319a8b8..0d4b7a5f1b 100644 --- a/code/go/ecs/log.go +++ b/code/go/ecs/log.go @@ -38,4 +38,13 @@ type Log struct { // The name of the logger inside an application. This is usually the name // of the class which initialized the logger, or can be a custom name. Logger string `ecs:"logger"` + + // The name of the source file which originated the log event. + SourceFile string `ecs:"source.file"` + + // The name of the function or method which originated the log event. + SourceFunction string `ecs:"source.function"` + + // The line number of the file which originated the log event. + SourceLine int32 `ecs:"source.line"` } diff --git a/docs/field-details.asciidoc b/docs/field-details.asciidoc index c9366c1a9b..95eaf2d4ef 100644 --- a/docs/field-details.asciidoc +++ b/docs/field-details.asciidoc @@ -2113,6 +2113,39 @@ example: `Sep 19 08:26:10 localhost My log` // =============================================================== +| log.source.file +| The name of the source file which originated the log event. + +type: keyword + +example: `Bootstrap.java` + +| core + +// =============================================================== + +| log.source.function +| The name of the function or method which originated the log event. + +type: keyword + +example: `init` + +| core + +// =============================================================== + +| log.source.line +| The line number of the file which originated the log event. + +type: integer + +example: `42` + +| core + +// =============================================================== + |===== [[ecs-network]] diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index a0656ab401..26662d5d7c 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -1577,6 +1577,23 @@ This field is not indexed and doc_values are disabled so it can''t be queried but the value can be retrieved from `_source`.' example: Sep 19 08:26:10 localhost My log + - name: source.file + level: core + type: keyword + ignore_above: 1024 + description: The name of the source file which originated the log event. + example: Bootstrap.java + - name: source.function + level: core + type: keyword + ignore_above: 1024 + description: The name of the function or method which originated the log event. + example: init + - name: source.line + level: core + type: integer + description: The line number of the file which originated the log event. + example: 42 - name: network title: Network group: 2 diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv index 3bce47e736..b3b284e285 100644 --- a/generated/csv/fields.csv +++ b/generated/csv/fields.csv @@ -199,6 +199,9 @@ http.version,keyword,extended,1.1,1.2.0-dev log.level,keyword,core,err,1.2.0-dev log.logger,keyword,core,org.elasticsearch.bootstrap.Bootstrap,1.2.0-dev log.original,keyword,core,Sep 19 08:26:10 localhost My log,1.2.0-dev +log.source.file,keyword,core,Bootstrap.java,1.2.0-dev +log.source.function,keyword,core,init,1.2.0-dev +log.source.line,integer,core,42,1.2.0-dev network.application,keyword,extended,aim,1.2.0-dev network.bytes,long,core,368,1.2.0-dev network.community_id,keyword,extended,1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0=,1.2.0-dev diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index 54cf0ca76a..f43323e12a 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -2237,6 +2237,35 @@ log.original: order: 1 short: Original log message with light interpretation only (encoding, newlines). type: keyword +log.source.file: + description: The name of the source file which originated the log event. + example: Bootstrap.java + flat_name: log.source.file + ignore_above: 1024 + level: core + name: source.file + order: 3 + short: The file which originated the log event. + type: keyword +log.source.function: + description: The name of the function or method which originated the log event. + example: init + flat_name: log.source.function + ignore_above: 1024 + level: core + name: source.function + order: 4 + short: The function which originated the log event. + type: keyword +log.source.line: + description: The line number of the file which originated the log event. + example: 42 + flat_name: log.source.line + level: core + name: source.line + order: 5 + short: The line number of the file which originated the log event. + type: integer message: description: 'For log events the message field contains the log message, optimized for viewing in a log viewer. diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index 24d1686bbe..e56f19627b 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -2542,6 +2542,35 @@ log: order: 1 short: Original log message with light interpretation only (encoding, newlines). type: keyword + source.file: + description: The name of the source file which originated the log event. + example: Bootstrap.java + flat_name: log.source.file + ignore_above: 1024 + level: core + name: source.file + order: 3 + short: The file which originated the log event. + type: keyword + source.function: + description: The name of the function or method which originated the log event. + example: init + flat_name: log.source.function + ignore_above: 1024 + level: core + name: source.function + order: 4 + short: The function which originated the log event. + type: keyword + source.line: + description: The line number of the file which originated the log event. + example: 42 + flat_name: log.source.line + level: core + name: source.line + order: 5 + short: The line number of the file which originated the log event. + type: integer group: 2 name: log prefix: log. diff --git a/generated/elasticsearch/6/template.json b/generated/elasticsearch/6/template.json index ebd7821c2f..0f0a659267 100644 --- a/generated/elasticsearch/6/template.json +++ b/generated/elasticsearch/6/template.json @@ -945,6 +945,21 @@ "ignore_above": 1024, "index": false, "type": "keyword" + }, + "source": { + "properties": { + "file": { + "ignore_above": 1024, + "type": "keyword" + }, + "function": { + "ignore_above": 1024, + "type": "keyword" + }, + "line": { + "type": "integer" + } + } } } }, diff --git a/generated/elasticsearch/7/template.json b/generated/elasticsearch/7/template.json index 6ddcb32921..8fc82e0526 100644 --- a/generated/elasticsearch/7/template.json +++ b/generated/elasticsearch/7/template.json @@ -944,6 +944,21 @@ "ignore_above": 1024, "index": false, "type": "keyword" + }, + "source": { + "properties": { + "file": { + "ignore_above": 1024, + "type": "keyword" + }, + "function": { + "ignore_above": 1024, + "type": "keyword" + }, + "line": { + "type": "integer" + } + } } } }, diff --git a/generated/legacy/template.json b/generated/legacy/template.json index 0e6cab1b38..568d274306 100644 --- a/generated/legacy/template.json +++ b/generated/legacy/template.json @@ -643,6 +643,21 @@ "ignore_above": 1024, "index": false, "type": "keyword" + }, + "source": { + "properties": { + "file": { + "ignore_above": 1024, + "type": "keyword" + }, + "function": { + "ignore_above": 1024, + "type": "keyword" + }, + "line": { + "type": "long" + } + } } } }, diff --git a/schema.json b/schema.json index 97863730c7..94c0916a63 100644 --- a/schema.json +++ b/schema.json @@ -1534,6 +1534,36 @@ "name": "log.original", "required": false, "type": "(not indexed)" + }, + "log.source.file": { + "description": "The name of the source file which originated the log event.", + "example": "Bootstrap.java", + "footnote": "", + "group": 2, + "level": "core", + "name": "log.source.file", + "required": false, + "type": "keyword" + }, + "log.source.function": { + "description": "The name of the function or method which originated the log event.", + "example": "init", + "footnote": "", + "group": 2, + "level": "core", + "name": "log.source.function", + "required": false, + "type": "keyword" + }, + "log.source.line": { + "description": "The line number of the file which originated the log event.", + "example": "42", + "footnote": "", + "group": 2, + "level": "core", + "name": "log.source.line", + "required": false, + "type": "integer" } }, "group": 2, diff --git a/schemas/log.yml b/schemas/log.yml index 3bc05c30a2..19a56d3344 100644 --- a/schemas/log.yml +++ b/schemas/log.yml @@ -43,3 +43,28 @@ short: Name of the logger. description: > The name of the logger inside an application. This is usually the name of the class which initialized the logger, or can be a custom name. + + - name: source.file + level: core + type: keyword + example: Bootstrap.java + short: The file which originated the log event. + description: > + The name of the source file which originated the log event. + + - name: source.function + level: core + type: keyword + example: init + short: The function which originated the log event. + description: > + The name of the function or method which originated the log event. + + - name: source.line + level: core + type: integer + example: 42 + short: The line number of the file which originated the log event. + description: > + The line number of the file which originated the log event. + From 3d0c917bbbc34c63448f40a10689654c235e3015 Mon Sep 17 00:00:00 2001 From: Felix Barnsteiner Date: Mon, 16 Sep 2019 16:43:56 +0200 Subject: [PATCH 2/6] Update PR number in changelog --- CHANGELOG.next.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md index 67889ffaa3..678ee5b9f7 100644 --- a/CHANGELOG.next.md +++ b/CHANGELOG.next.md @@ -10,7 +10,7 @@ Thanks, you're awesome :-) --> ### Bugfixes ### Added -* Added `log.source.file`, `log.source.function` and `log.source.line` fields. #TODO +* Added `log.source.file`, `log.source.function` and `log.source.line` fields. #563 ### Improvements From 60b1ee11cbc66c2304d34d681b53fffa7288dc7a Mon Sep 17 00:00:00 2001 From: Felix Barnsteiner Date: Tue, 17 Sep 2019 11:07:00 +0200 Subject: [PATCH 3/6] Rename source to origin --- CHANGELOG.next.md | 2 +- code/go/ecs/log.go | 6 +-- docs/field-details.asciidoc | 36 +++++++-------- generated/beats/fields.ecs.yml | 34 +++++++-------- generated/csv/fields.csv | 6 +-- generated/ecs/ecs_flat.yml | 58 ++++++++++++------------- generated/ecs/ecs_nested.yml | 58 ++++++++++++------------- generated/elasticsearch/6/template.json | 14 +++--- generated/elasticsearch/7/template.json | 14 +++--- generated/legacy/template.json | 14 +++--- schema.json | 32 +++++++------- schemas/log.yml | 6 +-- 12 files changed, 140 insertions(+), 140 deletions(-) diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md index 678ee5b9f7..211636b1ef 100644 --- a/CHANGELOG.next.md +++ b/CHANGELOG.next.md @@ -10,7 +10,7 @@ Thanks, you're awesome :-) --> ### Bugfixes ### Added -* Added `log.source.file`, `log.source.function` and `log.source.line` fields. #563 +* Added `log.origin.file`, `log.origin.function` and `log.origin.line` fields. #563 ### Improvements diff --git a/code/go/ecs/log.go b/code/go/ecs/log.go index 0d4b7a5f1b..86793452e9 100644 --- a/code/go/ecs/log.go +++ b/code/go/ecs/log.go @@ -40,11 +40,11 @@ type Log struct { Logger string `ecs:"logger"` // The name of the source file which originated the log event. - SourceFile string `ecs:"source.file"` + OriginFile string `ecs:"origin.file"` // The name of the function or method which originated the log event. - SourceFunction string `ecs:"source.function"` + OriginFunction string `ecs:"origin.function"` // The line number of the file which originated the log event. - SourceLine int32 `ecs:"source.line"` + OriginLine int32 `ecs:"origin.line"` } diff --git a/docs/field-details.asciidoc b/docs/field-details.asciidoc index 95eaf2d4ef..7f14ed6dce 100644 --- a/docs/field-details.asciidoc +++ b/docs/field-details.asciidoc @@ -2098,22 +2098,7 @@ example: `org.elasticsearch.bootstrap.Bootstrap` // =============================================================== -| log.original -| This is the original log message and contains the full log message before splitting it up in multiple parts. - -In contrast to the `message` field which can contain an extracted part of the log message, this field contains the original, full log message. It can have already some modifications applied like encoding or new lines removed to clean up the log message. - -This field is not indexed and doc_values are disabled so it can't be queried but the value can be retrieved from `_source`. - -type: keyword - -example: `Sep 19 08:26:10 localhost My log` - -| core - -// =============================================================== - -| log.source.file +| log.origin.file | The name of the source file which originated the log event. type: keyword @@ -2124,7 +2109,7 @@ example: `Bootstrap.java` // =============================================================== -| log.source.function +| log.origin.function | The name of the function or method which originated the log event. type: keyword @@ -2135,7 +2120,7 @@ example: `init` // =============================================================== -| log.source.line +| log.origin.line | The line number of the file which originated the log event. type: integer @@ -2146,6 +2131,21 @@ example: `42` // =============================================================== +| log.original +| This is the original log message and contains the full log message before splitting it up in multiple parts. + +In contrast to the `message` field which can contain an extracted part of the log message, this field contains the original, full log message. It can have already some modifications applied like encoding or new lines removed to clean up the log message. + +This field is not indexed and doc_values are disabled so it can't be queried but the value can be retrieved from `_source`. + +type: keyword + +example: `Sep 19 08:26:10 localhost My log` + +| core + +// =============================================================== + |===== [[ecs-network]] diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index 26662d5d7c..491baabe9f 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -1562,6 +1562,23 @@ description: The name of the logger inside an application. This is usually the name of the class which initialized the logger, or can be a custom name. example: org.elasticsearch.bootstrap.Bootstrap + - name: origin.file + level: core + type: keyword + ignore_above: 1024 + description: The name of the source file which originated the log event. + example: Bootstrap.java + - name: origin.function + level: core + type: keyword + ignore_above: 1024 + description: The name of the function or method which originated the log event. + example: init + - name: origin.line + level: core + type: integer + description: The line number of the file which originated the log event. + example: 42 - name: original level: core type: keyword @@ -1577,23 +1594,6 @@ This field is not indexed and doc_values are disabled so it can''t be queried but the value can be retrieved from `_source`.' example: Sep 19 08:26:10 localhost My log - - name: source.file - level: core - type: keyword - ignore_above: 1024 - description: The name of the source file which originated the log event. - example: Bootstrap.java - - name: source.function - level: core - type: keyword - ignore_above: 1024 - description: The name of the function or method which originated the log event. - example: init - - name: source.line - level: core - type: integer - description: The line number of the file which originated the log event. - example: 42 - name: network title: Network group: 2 diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv index b3b284e285..e7e98c9b47 100644 --- a/generated/csv/fields.csv +++ b/generated/csv/fields.csv @@ -198,10 +198,10 @@ http.response.status_code,long,extended,404,1.2.0-dev http.version,keyword,extended,1.1,1.2.0-dev log.level,keyword,core,err,1.2.0-dev log.logger,keyword,core,org.elasticsearch.bootstrap.Bootstrap,1.2.0-dev +log.origin.file,keyword,core,Bootstrap.java,1.2.0-dev +log.origin.function,keyword,core,init,1.2.0-dev +log.origin.line,integer,core,42,1.2.0-dev log.original,keyword,core,Sep 19 08:26:10 localhost My log,1.2.0-dev -log.source.file,keyword,core,Bootstrap.java,1.2.0-dev -log.source.function,keyword,core,init,1.2.0-dev -log.source.line,integer,core,42,1.2.0-dev network.application,keyword,extended,aim,1.2.0-dev network.bytes,long,core,368,1.2.0-dev network.community_id,keyword,extended,1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0=,1.2.0-dev diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index f43323e12a..5887b5443d 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -2216,6 +2216,35 @@ log.logger: order: 2 short: Name of the logger. type: keyword +log.origin.file: + description: The name of the source file which originated the log event. + example: Bootstrap.java + flat_name: log.origin.file + ignore_above: 1024 + level: core + name: origin.file + order: 3 + short: The file which originated the log event. + type: keyword +log.origin.function: + description: The name of the function or method which originated the log event. + example: init + flat_name: log.origin.function + ignore_above: 1024 + level: core + name: origin.function + order: 4 + short: The function which originated the log event. + type: keyword +log.origin.line: + description: The line number of the file which originated the log event. + example: 42 + flat_name: log.origin.line + level: core + name: origin.line + order: 5 + short: The line number of the file which originated the log event. + type: integer log.original: description: 'This is the original log message and contains the full log message before splitting it up in multiple parts. @@ -2237,35 +2266,6 @@ log.original: order: 1 short: Original log message with light interpretation only (encoding, newlines). type: keyword -log.source.file: - description: The name of the source file which originated the log event. - example: Bootstrap.java - flat_name: log.source.file - ignore_above: 1024 - level: core - name: source.file - order: 3 - short: The file which originated the log event. - type: keyword -log.source.function: - description: The name of the function or method which originated the log event. - example: init - flat_name: log.source.function - ignore_above: 1024 - level: core - name: source.function - order: 4 - short: The function which originated the log event. - type: keyword -log.source.line: - description: The line number of the file which originated the log event. - example: 42 - flat_name: log.source.line - level: core - name: source.line - order: 5 - short: The line number of the file which originated the log event. - type: integer message: description: 'For log events the message field contains the log message, optimized for viewing in a log viewer. diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index e56f19627b..1fcd4c2dfe 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -2521,6 +2521,35 @@ log: order: 2 short: Name of the logger. type: keyword + origin.file: + description: The name of the source file which originated the log event. + example: Bootstrap.java + flat_name: log.origin.file + ignore_above: 1024 + level: core + name: origin.file + order: 3 + short: The file which originated the log event. + type: keyword + origin.function: + description: The name of the function or method which originated the log event. + example: init + flat_name: log.origin.function + ignore_above: 1024 + level: core + name: origin.function + order: 4 + short: The function which originated the log event. + type: keyword + origin.line: + description: The line number of the file which originated the log event. + example: 42 + flat_name: log.origin.line + level: core + name: origin.line + order: 5 + short: The line number of the file which originated the log event. + type: integer original: description: 'This is the original log message and contains the full log message before splitting it up in multiple parts. @@ -2542,35 +2571,6 @@ log: order: 1 short: Original log message with light interpretation only (encoding, newlines). type: keyword - source.file: - description: The name of the source file which originated the log event. - example: Bootstrap.java - flat_name: log.source.file - ignore_above: 1024 - level: core - name: source.file - order: 3 - short: The file which originated the log event. - type: keyword - source.function: - description: The name of the function or method which originated the log event. - example: init - flat_name: log.source.function - ignore_above: 1024 - level: core - name: source.function - order: 4 - short: The function which originated the log event. - type: keyword - source.line: - description: The line number of the file which originated the log event. - example: 42 - flat_name: log.source.line - level: core - name: source.line - order: 5 - short: The line number of the file which originated the log event. - type: integer group: 2 name: log prefix: log. diff --git a/generated/elasticsearch/6/template.json b/generated/elasticsearch/6/template.json index 0f0a659267..c84e5e83d8 100644 --- a/generated/elasticsearch/6/template.json +++ b/generated/elasticsearch/6/template.json @@ -940,13 +940,7 @@ "ignore_above": 1024, "type": "keyword" }, - "original": { - "doc_values": false, - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "source": { + "origin": { "properties": { "file": { "ignore_above": 1024, @@ -960,6 +954,12 @@ "type": "integer" } } + }, + "original": { + "doc_values": false, + "ignore_above": 1024, + "index": false, + "type": "keyword" } } }, diff --git a/generated/elasticsearch/7/template.json b/generated/elasticsearch/7/template.json index 8fc82e0526..5b2f2d37f5 100644 --- a/generated/elasticsearch/7/template.json +++ b/generated/elasticsearch/7/template.json @@ -939,13 +939,7 @@ "ignore_above": 1024, "type": "keyword" }, - "original": { - "doc_values": false, - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "source": { + "origin": { "properties": { "file": { "ignore_above": 1024, @@ -959,6 +953,12 @@ "type": "integer" } } + }, + "original": { + "doc_values": false, + "ignore_above": 1024, + "index": false, + "type": "keyword" } } }, diff --git a/generated/legacy/template.json b/generated/legacy/template.json index 568d274306..6885ba69b5 100644 --- a/generated/legacy/template.json +++ b/generated/legacy/template.json @@ -638,13 +638,7 @@ "ignore_above": 1024, "type": "keyword" }, - "original": { - "doc_values": false, - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "source": { + "origin": { "properties": { "file": { "ignore_above": 1024, @@ -658,6 +652,12 @@ "type": "long" } } + }, + "original": { + "doc_values": false, + "ignore_above": 1024, + "index": false, + "type": "keyword" } } }, diff --git a/schema.json b/schema.json index 94c0916a63..9d68cfc911 100644 --- a/schema.json +++ b/schema.json @@ -1525,45 +1525,45 @@ "required": false, "type": "keyword" }, - "log.original": { - "description": "This is the original log message and contains the full log message before splitting it up in multiple parts.\nIn contrast to the `message` field which can contain an extracted part of the log message, this field contains the original, full log message. It can have already some modifications applied like encoding or new lines removed to clean up the log message.\nThis field is not indexed and doc_values are disabled so it can't be queried but the value can be retrieved from `_source`.", - "example": "Sep 19 08:26:10 localhost My log", - "footnote": "", - "group": 2, - "level": "core", - "name": "log.original", - "required": false, - "type": "(not indexed)" - }, - "log.source.file": { + "log.origin.file": { "description": "The name of the source file which originated the log event.", "example": "Bootstrap.java", "footnote": "", "group": 2, "level": "core", - "name": "log.source.file", + "name": "log.origin.file", "required": false, "type": "keyword" }, - "log.source.function": { + "log.origin.function": { "description": "The name of the function or method which originated the log event.", "example": "init", "footnote": "", "group": 2, "level": "core", - "name": "log.source.function", + "name": "log.origin.function", "required": false, "type": "keyword" }, - "log.source.line": { + "log.origin.line": { "description": "The line number of the file which originated the log event.", "example": "42", "footnote": "", "group": 2, "level": "core", - "name": "log.source.line", + "name": "log.origin.line", "required": false, "type": "integer" + }, + "log.original": { + "description": "This is the original log message and contains the full log message before splitting it up in multiple parts.\nIn contrast to the `message` field which can contain an extracted part of the log message, this field contains the original, full log message. It can have already some modifications applied like encoding or new lines removed to clean up the log message.\nThis field is not indexed and doc_values are disabled so it can't be queried but the value can be retrieved from `_source`.", + "example": "Sep 19 08:26:10 localhost My log", + "footnote": "", + "group": 2, + "level": "core", + "name": "log.original", + "required": false, + "type": "(not indexed)" } }, "group": 2, diff --git a/schemas/log.yml b/schemas/log.yml index 19a56d3344..97767bf441 100644 --- a/schemas/log.yml +++ b/schemas/log.yml @@ -44,7 +44,7 @@ description: > The name of the logger inside an application. This is usually the name of the class which initialized the logger, or can be a custom name. - - name: source.file + - name: origin.file level: core type: keyword example: Bootstrap.java @@ -52,7 +52,7 @@ description: > The name of the source file which originated the log event. - - name: source.function + - name: origin.function level: core type: keyword example: init @@ -60,7 +60,7 @@ description: > The name of the function or method which originated the log event. - - name: source.line + - name: origin.line level: core type: integer example: 42 From ea47d83f572b5e9c51513869af7e938379e05c25 Mon Sep 17 00:00:00 2001 From: Felix Barnsteiner Date: Wed, 18 Sep 2019 14:31:20 +0200 Subject: [PATCH 4/6] Reuse existing file schema for log.origin --- code/go/ecs/log.go | 8 ++++---- docs/field-details.asciidoc | 22 ++++++++++----------- generated/beats/fields.ecs.yml | 12 ++++++------ generated/csv/fields.csv | 4 ++-- generated/ecs/ecs_flat.yml | 26 ++++++++++++------------- generated/ecs/ecs_nested.yml | 26 ++++++++++++------------- generated/elasticsearch/6/template.json | 14 ++++++++----- generated/elasticsearch/7/template.json | 14 ++++++++----- generated/legacy/template.json | 14 ++++++++----- schema.json | 24 +++++++++++------------ schemas/log.yml | 20 +++++++++---------- 11 files changed, 98 insertions(+), 86 deletions(-) diff --git a/code/go/ecs/log.go b/code/go/ecs/log.go index 86793452e9..d5498be018 100644 --- a/code/go/ecs/log.go +++ b/code/go/ecs/log.go @@ -40,11 +40,11 @@ type Log struct { Logger string `ecs:"logger"` // The name of the source file which originated the log event. - OriginFile string `ecs:"origin.file"` + OriginFileName string `ecs:"origin.file.name"` + + // The line number of the file which originated the log event. + OriginFileLine int32 `ecs:"origin.file.line"` // The name of the function or method which originated the log event. OriginFunction string `ecs:"origin.function"` - - // The line number of the file which originated the log event. - OriginLine int32 `ecs:"origin.line"` } diff --git a/docs/field-details.asciidoc b/docs/field-details.asciidoc index 7f14ed6dce..dd50953b9a 100644 --- a/docs/field-details.asciidoc +++ b/docs/field-details.asciidoc @@ -2098,34 +2098,34 @@ example: `org.elasticsearch.bootstrap.Bootstrap` // =============================================================== -| log.origin.file -| The name of the source file which originated the log event. +| log.origin.file.line +| The line number of the file which originated the log event. -type: keyword +type: integer -example: `Bootstrap.java` +example: `42` | core // =============================================================== -| log.origin.function -| The name of the function or method which originated the log event. +| log.origin.file.name +| The name of the source file which originated the log event. type: keyword -example: `init` +example: `Bootstrap.java` | core // =============================================================== -| log.origin.line -| The line number of the file which originated the log event. +| log.origin.function +| The name of the function or method which originated the log event. -type: integer +type: keyword -example: `42` +example: `init` | core diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index 491baabe9f..c23321cf9b 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -1562,7 +1562,12 @@ description: The name of the logger inside an application. This is usually the name of the class which initialized the logger, or can be a custom name. example: org.elasticsearch.bootstrap.Bootstrap - - name: origin.file + - name: origin.file.line + level: core + type: integer + description: The line number of the file which originated the log event. + example: 42 + - name: origin.file.name level: core type: keyword ignore_above: 1024 @@ -1574,11 +1579,6 @@ ignore_above: 1024 description: The name of the function or method which originated the log event. example: init - - name: origin.line - level: core - type: integer - description: The line number of the file which originated the log event. - example: 42 - name: original level: core type: keyword diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv index e7e98c9b47..c8eb574207 100644 --- a/generated/csv/fields.csv +++ b/generated/csv/fields.csv @@ -198,9 +198,9 @@ http.response.status_code,long,extended,404,1.2.0-dev http.version,keyword,extended,1.1,1.2.0-dev log.level,keyword,core,err,1.2.0-dev log.logger,keyword,core,org.elasticsearch.bootstrap.Bootstrap,1.2.0-dev -log.origin.file,keyword,core,Bootstrap.java,1.2.0-dev +log.origin.file.line,integer,core,42,1.2.0-dev +log.origin.file.name,keyword,core,Bootstrap.java,1.2.0-dev log.origin.function,keyword,core,init,1.2.0-dev -log.origin.line,integer,core,42,1.2.0-dev log.original,keyword,core,Sep 19 08:26:10 localhost My log,1.2.0-dev network.application,keyword,extended,aim,1.2.0-dev network.bytes,long,core,368,1.2.0-dev diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index 5887b5443d..42314c620d 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -2216,13 +2216,22 @@ log.logger: order: 2 short: Name of the logger. type: keyword -log.origin.file: +log.origin.file.line: + description: The line number of the file which originated the log event. + example: 42 + flat_name: log.origin.file.line + level: core + name: origin.file.line + order: 4 + short: The line number of the file which originated the log event. + type: integer +log.origin.file.name: description: The name of the source file which originated the log event. example: Bootstrap.java - flat_name: log.origin.file + flat_name: log.origin.file.name ignore_above: 1024 level: core - name: origin.file + name: origin.file.name order: 3 short: The file which originated the log event. type: keyword @@ -2233,18 +2242,9 @@ log.origin.function: ignore_above: 1024 level: core name: origin.function - order: 4 + order: 5 short: The function which originated the log event. type: keyword -log.origin.line: - description: The line number of the file which originated the log event. - example: 42 - flat_name: log.origin.line - level: core - name: origin.line - order: 5 - short: The line number of the file which originated the log event. - type: integer log.original: description: 'This is the original log message and contains the full log message before splitting it up in multiple parts. diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index 1fcd4c2dfe..909f3e0eb1 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -2521,13 +2521,22 @@ log: order: 2 short: Name of the logger. type: keyword - origin.file: + origin.file.line: + description: The line number of the file which originated the log event. + example: 42 + flat_name: log.origin.file.line + level: core + name: origin.file.line + order: 4 + short: The line number of the file which originated the log event. + type: integer + origin.file.name: description: The name of the source file which originated the log event. example: Bootstrap.java - flat_name: log.origin.file + flat_name: log.origin.file.name ignore_above: 1024 level: core - name: origin.file + name: origin.file.name order: 3 short: The file which originated the log event. type: keyword @@ -2538,18 +2547,9 @@ log: ignore_above: 1024 level: core name: origin.function - order: 4 + order: 5 short: The function which originated the log event. type: keyword - origin.line: - description: The line number of the file which originated the log event. - example: 42 - flat_name: log.origin.line - level: core - name: origin.line - order: 5 - short: The line number of the file which originated the log event. - type: integer original: description: 'This is the original log message and contains the full log message before splitting it up in multiple parts. diff --git a/generated/elasticsearch/6/template.json b/generated/elasticsearch/6/template.json index c84e5e83d8..6371017d11 100644 --- a/generated/elasticsearch/6/template.json +++ b/generated/elasticsearch/6/template.json @@ -943,15 +943,19 @@ "origin": { "properties": { "file": { - "ignore_above": 1024, - "type": "keyword" + "properties": { + "line": { + "type": "integer" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } }, "function": { "ignore_above": 1024, "type": "keyword" - }, - "line": { - "type": "integer" } } }, diff --git a/generated/elasticsearch/7/template.json b/generated/elasticsearch/7/template.json index 5b2f2d37f5..d887c5082b 100644 --- a/generated/elasticsearch/7/template.json +++ b/generated/elasticsearch/7/template.json @@ -942,15 +942,19 @@ "origin": { "properties": { "file": { - "ignore_above": 1024, - "type": "keyword" + "properties": { + "line": { + "type": "integer" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } }, "function": { "ignore_above": 1024, "type": "keyword" - }, - "line": { - "type": "integer" } } }, diff --git a/generated/legacy/template.json b/generated/legacy/template.json index 6885ba69b5..8e53e9d8e3 100644 --- a/generated/legacy/template.json +++ b/generated/legacy/template.json @@ -641,15 +641,19 @@ "origin": { "properties": { "file": { - "ignore_above": 1024, - "type": "keyword" + "properties": { + "line": { + "type": "long" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } }, "function": { "ignore_above": 1024, "type": "keyword" - }, - "line": { - "type": "long" } } }, diff --git a/schema.json b/schema.json index 9d68cfc911..afe068950d 100644 --- a/schema.json +++ b/schema.json @@ -1525,13 +1525,23 @@ "required": false, "type": "keyword" }, - "log.origin.file": { + "log.origin.file.line": { + "description": "The line number of the file which originated the log event.", + "example": "42", + "footnote": "", + "group": 2, + "level": "core", + "name": "log.origin.file.line", + "required": false, + "type": "integer" + }, + "log.origin.file.name": { "description": "The name of the source file which originated the log event.", "example": "Bootstrap.java", "footnote": "", "group": 2, "level": "core", - "name": "log.origin.file", + "name": "log.origin.file.name", "required": false, "type": "keyword" }, @@ -1545,16 +1555,6 @@ "required": false, "type": "keyword" }, - "log.origin.line": { - "description": "The line number of the file which originated the log event.", - "example": "42", - "footnote": "", - "group": 2, - "level": "core", - "name": "log.origin.line", - "required": false, - "type": "integer" - }, "log.original": { "description": "This is the original log message and contains the full log message before splitting it up in multiple parts.\nIn contrast to the `message` field which can contain an extracted part of the log message, this field contains the original, full log message. It can have already some modifications applied like encoding or new lines removed to clean up the log message.\nThis field is not indexed and doc_values are disabled so it can't be queried but the value can be retrieved from `_source`.", "example": "Sep 19 08:26:10 localhost My log", diff --git a/schemas/log.yml b/schemas/log.yml index 97767bf441..36a8fe8d6f 100644 --- a/schemas/log.yml +++ b/schemas/log.yml @@ -44,7 +44,7 @@ description: > The name of the logger inside an application. This is usually the name of the class which initialized the logger, or can be a custom name. - - name: origin.file + - name: origin.file.name level: core type: keyword example: Bootstrap.java @@ -52,15 +52,7 @@ description: > The name of the source file which originated the log event. - - name: origin.function - level: core - type: keyword - example: init - short: The function which originated the log event. - description: > - The name of the function or method which originated the log event. - - - name: origin.line + - name: origin.file.line level: core type: integer example: 42 @@ -68,3 +60,11 @@ description: > The line number of the file which originated the log event. + - name: origin.function + level: core + type: keyword + example: init + short: The function which originated the log event. + description: > + The name of the function or method which originated the log event. + From 75c32b4461777c21aaae595517f0fd7e1bcf195a Mon Sep 17 00:00:00 2001 From: Felix Barnsteiner Date: Thu, 19 Sep 2019 10:59:35 +0200 Subject: [PATCH 5/6] Adjust changelog --- CHANGELOG.next.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md index 211636b1ef..4be6566d18 100644 --- a/CHANGELOG.next.md +++ b/CHANGELOG.next.md @@ -10,7 +10,7 @@ Thanks, you're awesome :-) --> ### Bugfixes ### Added -* Added `log.origin.file`, `log.origin.function` and `log.origin.line` fields. #563 +* Added `log.origin.file.name`, `log.origin.function` and `log.origin.file.line` fields. #563 ### Improvements From f2a19d3c90bf8ca7f5c5f30c16755fe1bda572a6 Mon Sep 17 00:00:00 2001 From: Felix Barnsteiner Date: Thu, 19 Sep 2019 11:31:39 +0200 Subject: [PATCH 6/6] Make fields extended --- docs/field-details.asciidoc | 6 +++--- generated/beats/fields.ecs.yml | 6 +++--- generated/csv/fields.csv | 6 +++--- generated/ecs/ecs_flat.yml | 6 +++--- generated/ecs/ecs_nested.yml | 6 +++--- schema.json | 6 +++--- schemas/log.yml | 6 +++--- 7 files changed, 21 insertions(+), 21 deletions(-) diff --git a/docs/field-details.asciidoc b/docs/field-details.asciidoc index dd50953b9a..b6a0f5c93a 100644 --- a/docs/field-details.asciidoc +++ b/docs/field-details.asciidoc @@ -2105,7 +2105,7 @@ type: integer example: `42` -| core +| extended // =============================================================== @@ -2116,7 +2116,7 @@ type: keyword example: `Bootstrap.java` -| core +| extended // =============================================================== @@ -2127,7 +2127,7 @@ type: keyword example: `init` -| core +| extended // =============================================================== diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index c23321cf9b..85e57b71d2 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -1563,18 +1563,18 @@ name of the class which initialized the logger, or can be a custom name. example: org.elasticsearch.bootstrap.Bootstrap - name: origin.file.line - level: core + level: extended type: integer description: The line number of the file which originated the log event. example: 42 - name: origin.file.name - level: core + level: extended type: keyword ignore_above: 1024 description: The name of the source file which originated the log event. example: Bootstrap.java - name: origin.function - level: core + level: extended type: keyword ignore_above: 1024 description: The name of the function or method which originated the log event. diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv index c8eb574207..5f2abc57cd 100644 --- a/generated/csv/fields.csv +++ b/generated/csv/fields.csv @@ -198,9 +198,9 @@ http.response.status_code,long,extended,404,1.2.0-dev http.version,keyword,extended,1.1,1.2.0-dev log.level,keyword,core,err,1.2.0-dev log.logger,keyword,core,org.elasticsearch.bootstrap.Bootstrap,1.2.0-dev -log.origin.file.line,integer,core,42,1.2.0-dev -log.origin.file.name,keyword,core,Bootstrap.java,1.2.0-dev -log.origin.function,keyword,core,init,1.2.0-dev +log.origin.file.line,integer,extended,42,1.2.0-dev +log.origin.file.name,keyword,extended,Bootstrap.java,1.2.0-dev +log.origin.function,keyword,extended,init,1.2.0-dev log.original,keyword,core,Sep 19 08:26:10 localhost My log,1.2.0-dev network.application,keyword,extended,aim,1.2.0-dev network.bytes,long,core,368,1.2.0-dev diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index 42314c620d..1a48649151 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -2220,7 +2220,7 @@ log.origin.file.line: description: The line number of the file which originated the log event. example: 42 flat_name: log.origin.file.line - level: core + level: extended name: origin.file.line order: 4 short: The line number of the file which originated the log event. @@ -2230,7 +2230,7 @@ log.origin.file.name: example: Bootstrap.java flat_name: log.origin.file.name ignore_above: 1024 - level: core + level: extended name: origin.file.name order: 3 short: The file which originated the log event. @@ -2240,7 +2240,7 @@ log.origin.function: example: init flat_name: log.origin.function ignore_above: 1024 - level: core + level: extended name: origin.function order: 5 short: The function which originated the log event. diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index 909f3e0eb1..226396d65c 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -2525,7 +2525,7 @@ log: description: The line number of the file which originated the log event. example: 42 flat_name: log.origin.file.line - level: core + level: extended name: origin.file.line order: 4 short: The line number of the file which originated the log event. @@ -2535,7 +2535,7 @@ log: example: Bootstrap.java flat_name: log.origin.file.name ignore_above: 1024 - level: core + level: extended name: origin.file.name order: 3 short: The file which originated the log event. @@ -2545,7 +2545,7 @@ log: example: init flat_name: log.origin.function ignore_above: 1024 - level: core + level: extended name: origin.function order: 5 short: The function which originated the log event. diff --git a/schema.json b/schema.json index afe068950d..2bd3d97de2 100644 --- a/schema.json +++ b/schema.json @@ -1530,7 +1530,7 @@ "example": "42", "footnote": "", "group": 2, - "level": "core", + "level": "extended", "name": "log.origin.file.line", "required": false, "type": "integer" @@ -1540,7 +1540,7 @@ "example": "Bootstrap.java", "footnote": "", "group": 2, - "level": "core", + "level": "extended", "name": "log.origin.file.name", "required": false, "type": "keyword" @@ -1550,7 +1550,7 @@ "example": "init", "footnote": "", "group": 2, - "level": "core", + "level": "extended", "name": "log.origin.function", "required": false, "type": "keyword" diff --git a/schemas/log.yml b/schemas/log.yml index 36a8fe8d6f..cd7ead5de3 100644 --- a/schemas/log.yml +++ b/schemas/log.yml @@ -45,7 +45,7 @@ The name of the logger inside an application. This is usually the name of the class which initialized the logger, or can be a custom name. - name: origin.file.name - level: core + level: extended type: keyword example: Bootstrap.java short: The file which originated the log event. @@ -53,7 +53,7 @@ The name of the source file which originated the log event. - name: origin.file.line - level: core + level: extended type: integer example: 42 short: The line number of the file which originated the log event. @@ -61,7 +61,7 @@ The line number of the file which originated the log event. - name: origin.function - level: core + level: extended type: keyword example: init short: The function which originated the log event.