Skip to content

Commit

Permalink
Rename log.message to log.original
Browse files Browse the repository at this point in the history
log.message was confused with message. To bring it in line with #102 the field log.message was renamed to log.original.
  • Loading branch information
ruflin committed Aug 28, 2018
1 parent 21c5b0f commit c306a6d
Show file tree
Hide file tree
Showing 5 changed files with 14 additions and 10 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ All notable changes to this project will be documented in this file based on the
* Change structure of URL. #7
* Rename `url.href` `multi_field`. #18
* Rename `geoip.*` to `geo`.
* Rename log.message to log.original. #92

### Bugfixes

Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -276,7 +276,7 @@ Fields which are specific to log events.
| <a name="log.level"></a>log.level | Log level of the log event.<br/>Some examples are `WARN`, `ERR`, `INFO`. | keyword | | `ERR` |
| <a name="log.line"></a>log.line | Line number the log event was collected from. | long | | `18` |
| <a name="log.offset"></a>log.offset | Offset of the beginning of the log event. | long | | `12` |
| <a name="log.message"></a>log.message | This is the log message and contains the full log message before splitting it up in multiple parts.<br/>In contrast to the `message` field which can contain an extracted part of the log message, this field contains the original, full log message. It can have already some modifications applied like encoding or new lines removed to clean up the log message.<br/>This field is not indexed and doc_values are disabled so it can't be queried but the value can be retrieved from `_source`. | keyword | | `Sep 19 08:26:10 localhost My log` |
| <a name="log.original"></a>log.original | This is the original log message and contains the full log message before splitting it up in multiple parts.<br/>In contrast to the `message` field which can contain an extracted part of the log message, this field contains the original, full log message. It can have already some modifications applied like encoding or new lines removed to clean up the log message.<br/>This field is not indexed and doc_values are disabled so it can't be queried but the value can be retrieved from `_source`. | keyword | | `Sep 19 08:26:10 localhost My log` |


## <a name="network"></a> Network fields
Expand Down
2 changes: 1 addition & 1 deletion schema.csv
Original file line number Diff line number Diff line change
Expand Up @@ -92,8 +92,8 @@ kubernetes.namespace,keyword,0,
kubernetes.pod.name,keyword,0,
log.level,keyword,0,ERR
log.line,long,0,18
log.message,keyword,1,Sep 19 08:26:10 localhost My log
log.offset,long,0,12
log.original,keyword,1,Sep 19 08:26:10 localhost My log
network.direction,keyword,0,inbound
network.forwarded_ip,ip,0,192.1.1.2
network.inbound.bytes,long,0,184
Expand Down
9 changes: 6 additions & 3 deletions schemas/log.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,15 +21,18 @@
description: >
Offset of the beginning of the log event.
example: 12
- name: message
- name: original
type: keyword
phase: 1
example: "Sep 19 08:26:10 localhost My log"
index: false
# TODO: Best would be to disable ignore_above completely
ignore_above: 32766
doc_values: false
description: >
This is the log message and contains the full log message before
splitting it up in multiple parts.
This is the original log message and contains the full log message
before splitting it up in multiple parts.
In contrast to the `message` field which can contain an extracted part
of the log message, this field contains the original, full log message.
Expand Down
10 changes: 5 additions & 5 deletions template.json
Original file line number Diff line number Diff line change
Expand Up @@ -478,14 +478,14 @@
"line": {
"type": "long"
},
"message": {
"offset": {
"type": "long"
},
"original": {
"doc_values": false,
"ignore_above": 1024,
"ignore_above": 32766,
"index": false,
"type": "keyword"
},
"offset": {
"type": "long"
}
}
},
Expand Down

0 comments on commit c306a6d

Please sign in to comment.