Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add log.file.path to capture the log file path, following Filebeat convention. #802

Merged
merged 2 commits into from
Mar 26, 2020
Merged

Add log.file.path to capture the log file path, following Filebeat convention. #802

merged 2 commits into from
Mar 26, 2020

Conversation

webmat
Copy link
Contributor

@webmat webmat commented Mar 25, 2020
edited
Loading

A few points to note about this PR:

  • This is not nesting all of file.* at log.file.*, this is adding a single field only: log.file.path. If I remember correctly, it's the first time we do this.
    • If there's a need for more file.* fields we could add them, but so far that need has not arisen.
  • This approach also made it possible to tailor the field description to this specific use case.
  • Where file.path has a text multi-field which may be useful for threat hunting in arbitrary file paths, log.file.path does not. The thinking is that these log files are controlled by operators and aren't "user data" in which we're likely to do threat hunting. This is something we can add later if needed.
  • This PR also adjusts the field description for log.origin.file.name to disambiguate: log.origin.file.* are fields to capture source code file details, in application logging use cases.

Closes #770

@webmat webmat self-assigned this Mar 25, 2020
@webmat webmat added the 1.6.0 label Mar 25, 2020
@webmat webmat mentioned this pull request Mar 25, 2020
Closed
@webmat
Copy link
Contributor Author

webmat commented Mar 25, 2020

FYI @roncohen @ruflin

dainperkins
dainperkins approved these changes Mar 26, 2020
View reviewed changes
Copy link
Contributor

@dainperkins dainperkins left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good

@webmat webmat merged commit 97e0ae2 into elastic:master Mar 26, 2020
dcode pushed a commit to dcode/ecs that referenced this pull request Apr 15, 2020
@dcode
Add log.file.path to capture the log file path, following Filebeat …
d9fa89b 
…convention. (elastic#802)
@roncohen roncohen mentioned this pull request Apr 22, 2020
Merged
7 tasks
felixbarny added a commit to felixbarny/apm-agent-java that referenced this pull request Apr 23, 2020
@felixbarny
Use log.file instead of file
61cbbc8 
See also elastic/ecs#802
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@roncohen roncohen roncohen approved these changes

@dainperkins dainperkins dainperkins approved these changes

Assignees

@webmat webmat

Labels
1.6.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Introduce log.file.path and friends
3 participants
@webmat @roncohen @dainperkins