From f54fd6ee77db458b1d409309ff5ddd5ba025f2d2 Mon Sep 17 00:00:00 2001 From: Christoph Wurm Date: Fri, 1 Mar 2019 21:19:25 +0000 Subject: [PATCH 1/3] Refactor --- libbeat/template/processor.go | 34 ++++++++++++++++------------------ 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/libbeat/template/processor.go b/libbeat/template/processor.go index b4f6a04c0e81..8df4bc2ab505 100644 --- a/libbeat/template/processor.go +++ b/libbeat/template/processor.go @@ -100,6 +100,11 @@ func (p *Processor) Process(fields common.Fields, path string, output common.Map mapping = p.other(&field) } + switch field.Type { + case "", "keyword", "text": + addToDefaultFields(&field) + } + if len(mapping) > 0 { output.Put(common.GenerateKey(field.Name), mapping) } @@ -107,6 +112,17 @@ func (p *Processor) Process(fields common.Fields, path string, output common.Map return nil } +func addToDefaultFields(f *common.Field) { + fullName := f.Name + if f.Path != "" { + fullName = f.Path + "." + f.Name + } + + if f.Index == nil || (f.Index != nil && *f.Index) { + defaultFields = append(defaultFields, fullName) + } +} + func (p *Processor) other(f *common.Field) common.MapStr { property := getDefaultProperties(f) if f.Type != "" { @@ -173,15 +189,6 @@ func (p *Processor) ip(f *common.Field) common.MapStr { func (p *Processor) keyword(f *common.Field) common.MapStr { property := getDefaultProperties(f) - fullName := f.Name - if f.Path != "" { - fullName = f.Path + "." + f.Name - } - - if f.Index == nil || (f.Index != nil && *f.Index) { - defaultFields = append(defaultFields, fullName) - } - property["type"] = "keyword" switch f.IgnoreAbove { @@ -209,15 +216,6 @@ func (p *Processor) keyword(f *common.Field) common.MapStr { func (p *Processor) text(f *common.Field) common.MapStr { properties := getDefaultProperties(f) - fullName := f.Name - if f.Path != "" { - fullName = f.Path + "." + f.Name - } - - if f.Index == nil || (f.Index != nil && *f.Index) { - defaultFields = append(defaultFields, fullName) - } - properties["type"] = "text" if p.EsVersion.IsMajor(2) { From 641dda565b308eb02b9ac43a870e5ff6845c0dd1 Mon Sep 17 00:00:00 2001 From: Christoph Wurm Date: Fri, 1 Mar 2019 21:52:57 +0000 Subject: [PATCH 2/3] Add ip to default_field. --- libbeat/template/processor.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libbeat/template/processor.go b/libbeat/template/processor.go index 8df4bc2ab505..4e25bcec03f2 100644 --- a/libbeat/template/processor.go +++ b/libbeat/template/processor.go @@ -101,7 +101,7 @@ func (p *Processor) Process(fields common.Fields, path string, output common.Map } switch field.Type { - case "", "keyword", "text": + case "", "keyword", "text", "ip": addToDefaultFields(&field) } From a33c5583d24006a2e5fd5357694efdd78a554e99 Mon Sep 17 00:00:00 2001 From: Christoph Wurm Date: Fri, 1 Mar 2019 21:53:16 +0000 Subject: [PATCH 3/3] Changelog --- CHANGELOG.next.asciidoc | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 474365e0e939..c0b1821b7985 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -218,6 +218,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add if/then/else support to processors. {pull}10744[10744] - Add `community_id` processor for computing network flow hashes. {pull}10745[10745] - Add output test to kafka output {pull}10834[10834] +- Add ip fields to default_field in Elasticsearch template. {pull}11035[11035] *Auditbeat*