Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add additional log.syslog fields #1793

Merged
merged 7 commits into from
Mar 1, 2022
Merged

Add additional log.syslog fields #1793

merged 7 commits into from
Mar 1, 2022

Conversation

taylor-swanson
Copy link
Contributor

  • Add additional fields for RFC 5424 messages (log.syslog.version,
    log.syslog.msgid, log.syslog.data)
  • Add log.syslog.hostname, log.syslog.appname, and log.syslog.procid
    for hostname, process name, and process ID fields present in syslog
    messages, respectively. These fields are added since it is not always
    known that user wants these values copied to the more general ECS fields
    (host.hostname, process.name, process.pid).

@taylor-swanson
Add additional log.syslog fields
818b16b 
- Add additional fields for RFC 5424 messages (log.syslog.version,
log.syslog.msgid, log.syslog.data)
- Add log.syslog.hostname, log.syslog.appname, and log.syslog.procid
for hostname, process name, and process ID fields present in syslog
messages, respectively. These fields are added since it is not always
known that user wants these values copied to the more general ECS fields
(host.hostname, process.name, process.pid).
@taylor-swanson
Update changelog with PR number
9b6f9d2
@taylor-swanson
Merge branch 'main' into log-syslog-fields
9693ac5
@taylor-swanson taylor-swanson mentioned this pull request Feb 23, 2022
Merged
5 tasks
andrewkroh
andrewkroh reviewed Feb 23, 2022
View reviewed changes
ebeahan
ebeahan reviewed Feb 24, 2022
View reviewed changes
ebeahan
ebeahan approved these changes Feb 28, 2022
View reviewed changes
Copy link
Member

@ebeahan ebeahan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks for making the adjustments.

Should these changes go into 8.2?

@taylor-swanson
Copy link
Contributor Author

LGTM! Thanks for making the adjustments.

Should these changes go into 8.2?

If we could do that, that would be great! The associated syslog parser/processor is also targeting 8.2.

@taylor-swanson taylor-swanson merged commit e7f66e2 into elastic:main Mar 1, 2022
@taylor-swanson taylor-swanson deleted the log-syslog-fields branch March 1, 2022 18:41
kgeller pushed a commit to kgeller/ecs that referenced this pull request Mar 1, 2022
@taylor-swanson @kgeller
Add additional log.syslog fields (elastic#1793)
bd69968 
- Add additional fields for RFC 5424 messages (log.syslog.version,
log.syslog.msgid, log.syslog.data)
- Add log.syslog.hostname, log.syslog.appname, and log.syslog.procid
for hostname, process name, and process ID fields present in syslog
messages, respectively. These fields are added since it is not always
known that user wants these values copied to the more general ECS fields
(host.hostname, process.name, process.pid).
- Updating changelog entry to 8.2

Co-authored-by: Kylie Geller <[email protected]>
# Conflicts:
#	experimental/generated/csv/fields.csv
#	generated/csv/fields.csv
@kgeller kgeller mentioned this pull request Mar 1, 2022
Merged
kgeller added a commit that referenced this pull request Mar 1, 2022
@kgeller
Add additional log.syslog fields (#1793) (#1805)
396be41
@fgierlinger fgierlinger mentioned this pull request Apr 6, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh left review comments

@ebeahan ebeahan ebeahan approved these changes

Assignees
No one assigned
Labels
8.2.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@taylor-swanson @andrewkroh @ebeahan @kgeller