Skip to content

Commit

Permalink
Use log.source.address instead of log.source.ip for network inputs (#…
Browse files Browse the repository at this point in the history
…9487)

Sources for network inputs can be of the form host:port, what cannot be
stored in ip fields, use the address field instead.
  • Loading branch information
jsoriano authored Dec 14, 2018

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
1 parent d68ecb8 commit 08b0b9f
Showing 11 changed files with 18 additions and 15 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.asciidoc
Original file line number Diff line number Diff line change
@@ -62,6 +62,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha1...master[Check the HEAD d
- Don't generate incomplete configurations when logs collection is disabled by hints. {pull}9305[9305]
- Stop runners disabled by hints after previously being started. {pull}9305[9305]
- Fix saved objects in filebeat haproxy dashboard. {pull}9417[9417]
- Use `log.source.address` instead of `log.source.ip` for network input sources. {pull}9487[9487]

*Heartbeat*

4 changes: 3 additions & 1 deletion dev-tools/ecs-migration.yml
Original file line number Diff line number Diff line change
@@ -29,7 +29,9 @@
alias: true

- from: source
to: ["log.file.path", "log.source.ip"]
to:
- log.file.path
- log.source.address
alias: false

- from: beat.name
6 changes: 3 additions & 3 deletions filebeat/_meta/fields.common.yml
Original file line number Diff line number Diff line change
@@ -11,11 +11,11 @@
The file from which the line was read. This field contains the absolute path to the file.
For example: `/var/log/system.log`.
- name: log.source.ip
type: ip
- name: log.source.address
type: keyword
required: false
description: >
Source IP from which the log event was read / sent from.
Source address from which the log event was read / sent from.
- name: log.offset
type: long
6 changes: 3 additions & 3 deletions filebeat/docs/fields.asciidoc
Original file line number Diff line number Diff line change
@@ -5667,14 +5667,14 @@ The file from which the line was read. This field contains the absolute path to
--
*`log.source.ip`*::
*`log.source.address`*::
+
--
type: ip
type: keyword
required: False
Source IP from which the log event was read / sent from.
Source address from which the log event was read / sent from.
--
2 changes: 1 addition & 1 deletion filebeat/include/fields.go

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion filebeat/input/syslog/input.go
Original file line number Diff line number Diff line change
@@ -205,7 +205,7 @@ func createEvent(ev *event, metadata inputsource.NetworkMetadata, timezone *time
"message": strings.TrimRight(ev.Message(), "\n"),
"log": common.MapStr{
"source": common.MapStr{
"ip": metadata.RemoteAddr.String(),
"address": metadata.RemoteAddr.String(),
},
},
}
4 changes: 2 additions & 2 deletions filebeat/input/syslog/input_test.go
Original file line number Diff line number Diff line change
@@ -42,7 +42,7 @@ func TestWhenPriorityIsSet(t *testing.T) {
expected := common.MapStr{
"log": common.MapStr{
"source": common.MapStr{
"ip": "127.0.0.1",
"address": "127.0.0.1",
},
},
"message": "hello world",
@@ -75,7 +75,7 @@ func TestWhenPriorityIsNotSet(t *testing.T) {
expected := common.MapStr{
"log": common.MapStr{
"source": common.MapStr{
"ip": "127.0.0.1",
"address": "127.0.0.1",
},
},
"message": "hello world",
2 changes: 1 addition & 1 deletion filebeat/input/tcp/input.go
Original file line number Diff line number Diff line change
@@ -133,7 +133,7 @@ func createEvent(raw []byte, metadata inputsource.NetworkMetadata) *util.Data {
"message": string(raw),
"log": common.MapStr{
"source": common.MapStr{
"ip": metadata.RemoteAddr.String(),
"address": metadata.RemoteAddr.String(),
},
},
},
2 changes: 1 addition & 1 deletion filebeat/input/tcp/input_test.go
Original file line number Diff line number Diff line change
@@ -42,6 +42,6 @@ func TestCreateEvent(t *testing.T) {
assert.NoError(t, err)
assert.Equal(t, string(message), m)

from, _ := event.GetValue("log.source.ip")
from, _ := event.GetValue("log.source.address")
assert.Equal(t, ip, from)
}
2 changes: 1 addition & 1 deletion filebeat/input/udp/input.go
Original file line number Diff line number Diff line change
@@ -76,7 +76,7 @@ func NewInput(
"message": string(data),
"log": common.MapStr{
"source": common.MapStr{
"ip": metadata.RemoteAddr.String(),
"address": metadata.RemoteAddr.String(),
},
},
},
2 changes: 1 addition & 1 deletion filebeat/tests/system/test_syslog.py
Original file line number Diff line number Diff line change
@@ -100,4 +100,4 @@ def assert_syslog(self, syslog):
assert syslog["syslog.priority"] == 13
assert syslog["syslog.severity_label"] == "Notice"
assert syslog["syslog.facility_label"] == "user-level"
assert len(syslog["log.source.ip"]) > 0
assert len(syslog["log.source.address"]) > 0

0 comments on commit 08b0b9f

Please sign in to comment.