-
Notifications
You must be signed in to change notification settings - Fork 456
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ecs logs integration #2972
Ecs logs integration #2972
Conversation
💔 Build Failed
Expand to view the summary
Build stats
Steps errorsExpand to view the steps failures
|
Hi! We just realized that we haven't looked into this PR in a while. We're sorry! We're labeling this issue as |
Hi! This PR has been stale for a while and we're going to close it as part of our cleanup procedure. We appreciate your contribution and would like to apologize if we have not been able to review it, due to the current heavy load of the team. Feel free to re-open this PR if you think it should stay open and is worth rebasing. Thank you for your contribution! |
What does this PR do?
ECS Logs
integration aiming at simplifying the life of users who want to ingest a log file that's produced by one of our ECS logging libraries.logfile
input (should usefilestream
later)stackTraceAsArray
setting of ecs-logging-java.gz
files by default from file patterns that include a wildcard at the end to match rolled over files. Example:app.log
,app.log.1
,app.log.2.gz
logs-ecs_router-default
data streamlogs-${data_stream.dataset:generic}-${data_stream.namespace:default}
. So if the logs containdata_stream.dataset: foo
(orevent.dataset: foo
), they will be sent tologs-foo-default
.Checklist
changelog.yml
file.TODOs/open questions
filestream
instead oflogfile
inputstackTraceAsArray
option (if line does not start with{
).gz
Blocked by
Follow ups
foo
foo.bar
(foo used both as scalar and object type). https://github.com/elastic/observability-dev/issues/1661Author's Checklist
How to test this PR locally
Related issues
Screenshots