Skip to content

Commit

Permalink
Fix filebeat elasticsearch module ingest timezone (elastic#13367) (el…
Browse files Browse the repository at this point in the history
…astic#13494)

(cherry picked from commit 871ce17)

Co-authored-by: Kent Wang <pragkent@gmail.com>
  • Loading branch information
jsoriano and pragkent authored Sep 5, 2019
1 parent b58c82b commit cec0445
Show file tree
Hide file tree
Showing 13 changed files with 129 additions and 76 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Fix filebeat autodiscover fileset hint for container input. {pull}13296[13296]
- Fix incorrect references to index patterns in AWS and CoreDNS dashboards. {pull}13303[13303]
- Fix timezone parsing of system module ingest pipelines. {pull}13308[13308]
- Fix timezone parsing of elasticsearch module ingest pipelines. {pull}13367[13367]
- Change iis url path grok pattern from URIPATH to NOTSPACE. {issue}12710[12710] {pull}13225[13225] {issue}7951[7951] {pull}13378[13378]
- Add timezone information to apache error fileset. {issue}12772[12772] {pull}13304[13304]
- Fix timezone parsing of nginx module ingest pipelines. {pull}13369[13369]
Expand Down
10 changes: 10 additions & 0 deletions filebeat/module/elasticsearch/audit/ingest/pipeline-json.json
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,16 @@
"target_field": "log.level",
"ignore_missing": true
}
},
{
"date": {
"field": "elasticsearch.audit.@timestamp",
"target_field": "@timestamp",
"formats": [
"ISO8601"
],
"ignore_failure": true
}
}
],
"on_failure": [
Expand Down
22 changes: 22 additions & 0 deletions filebeat/module/elasticsearch/audit/ingest/pipeline-plaintext.json
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,28 @@
"field": "elasticsearch.audit.sub_action",
"ignore_missing": true
}
},
{
"date": {
"field": "elasticsearch.audit.@timestamp",
"target_field": "@timestamp",
"formats": [
"yyyy-MM-dd'T'HH:mm:ss,SSS"
],
"ignore_failure": true
}
},
{
"date": {
"if": "ctx.event.timezone != null",
"field": "elasticsearch.audit.@timestamp",
"target_field": "@timestamp",
"formats": [
"yyyy-MM-dd'T'HH:mm:ss,SSS"
],
"timezone": "{{ event.timezone }}",
"on_failure": [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}]
}
}
],
"on_failure": [
Expand Down
19 changes: 0 additions & 19 deletions filebeat/module/elasticsearch/audit/ingest/pipeline.json
Original file line number Diff line number Diff line change
Expand Up @@ -30,25 +30,6 @@
"name": "{< IngestPipeline "pipeline-json" >}"
}
},
{
"date": {
"field": "elasticsearch.audit.@timestamp",
"target_field": "@timestamp",
"formats": [
"ISO8601"
],
"ignore_failure": true
}
},
{
"date": {
"if": "ctx.event.timezone != null",
"field": "@timestamp",
"formats": ["ISO8601"],
"timezone": "{{ event.timezone }}",
"on_failure": [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}]
}
},
{
"remove": {
"field": "elasticsearch.audit.@timestamp"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,16 @@
"field": "elasticsearch.deprecation.message",
"target_field": "message"
}
},
{
"date": {
"field": "elasticsearch.deprecation.timestamp",
"target_field": "@timestamp",
"formats": [
"ISO8601"
],
"ignore_failure": true
}
}
]
}
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,28 @@
"\\[%{TIMESTAMP_ISO8601:elasticsearch.deprecation.timestamp}\\]\\[%{LOGLEVEL:log.level}%{SPACE}*\\]\\[%{DATA:elasticsearch.component}%{SPACE}*\\] %{GREEDYMULTILINE:message}"
]
}
},
{
"date": {
"field": "elasticsearch.deprecation.timestamp",
"target_field": "@timestamp",
"formats": [
"yyyy-MM-dd'T'HH:mm:ss,SSS"
],
"ignore_failure": true
}
},
{
"date": {
"if": "ctx.event.timezone != null",
"field": "elasticsearch.deprecation.timestamp",
"target_field": "@timestamp",
"formats": [
"yyyy-MM-dd'T'HH:mm:ss,SSS"
],
"timezone": "{{ event.timezone }}",
"on_failure": [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}]
}
}
]
}
19 changes: 0 additions & 19 deletions filebeat/module/elasticsearch/deprecation/ingest/pipeline.json
Original file line number Diff line number Diff line change
Expand Up @@ -30,25 +30,6 @@
"name": "{< IngestPipeline "pipeline-json" >}"
}
},
{
"date": {
"field": "elasticsearch.deprecation.timestamp",
"target_field": "@timestamp",
"formats": [
"ISO8601"
],
"ignore_failure": true
}
},
{
"date": {
"if": "ctx.event.timezone != null",
"field": "@timestamp",
"formats": ["ISO8601"],
"timezone": "{{ event.timezone }}",
"on_failure": [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}]
}
},
{
"remove": {
"field": "elasticsearch.deprecation.timestamp"
Expand Down
10 changes: 10 additions & 0 deletions filebeat/module/elasticsearch/server/ingest/pipeline-json.json
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,16 @@
"remove": {
"field": "elasticsearch.server.message"
}
},
{
"date": {
"field": "elasticsearch.server.timestamp",
"target_field": "@timestamp",
"formats": [
"ISO8601"
],
"ignore_failure": true
}
}
]
}
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,28 @@
"%{LOG_HEADER}%{SPACE}((\\[%{INDEXNAME:elasticsearch.index.name}\\]|\\[%{INDEXNAME:elasticsearch.index.name}\\/%{DATA:elasticsearch.index.id}\\]))?%{SPACE}%{GREEDYMULTILINE:message}"
]
}
},
{
"date": {
"field": "elasticsearch.server.timestamp",
"target_field": "@timestamp",
"formats": [
"yyyy-MM-dd'T'HH:mm:ss,SSS"
],
"ignore_failure": true
}
},
{
"date": {
"if": "ctx.event.timezone != null",
"field": "elasticsearch.server.timestamp",
"target_field": "@timestamp",
"formats": [
"yyyy-MM-dd'T'HH:mm:ss,SSS"
],
"timezone": "{{ event.timezone }}",
"on_failure": [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}]
}
}
]
}
19 changes: 0 additions & 19 deletions filebeat/module/elasticsearch/server/ingest/pipeline.json
Original file line number Diff line number Diff line change
Expand Up @@ -54,25 +54,6 @@
"ignore_missing": true
}
},
{
"date": {
"field": "elasticsearch.server.timestamp",
"target_field": "@timestamp",
"formats": [
"ISO8601"
],
"ignore_failure": true
}
},
{
"date": {
"if": "ctx.event.timezone != null",
"field": "@timestamp",
"formats": ["ISO8601"],
"timezone": "{{ event.timezone }}",
"on_failure": [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}]
}
},
{
"remove": {
"field": "elasticsearch.server.timestamp"
Expand Down
10 changes: 10 additions & 0 deletions filebeat/module/elasticsearch/slowlog/ingest/pipeline-json.json
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,16 @@
"remove": {
"field": "elasticsearch.slowlog.message"
}
},
{
"date": {
"field": "elasticsearch.slowlog.timestamp",
"target_field": "@timestamp",
"formats": [
"ISO8601"
],
"ignore_failure": true
}
}
]
}
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,28 @@
"separator": ",",
"ignore_missing": true
}
},
{
"date": {
"field": "elasticsearch.slowlog.timestamp",
"target_field": "@timestamp",
"formats": [
"yyyy-MM-dd'T'HH:mm:ss,SSS"
],
"ignore_failure": true
}
},
{
"date": {
"if": "ctx.event.timezone != null",
"field": "elasticsearch.slowlog.timestamp",
"target_field": "@timestamp",
"formats": [
"yyyy-MM-dd'T'HH:mm:ss,SSS"
],
"timezone": "{{ event.timezone }}",
"on_failure": [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}]
}
}
],
"on_failure": [
Expand Down
19 changes: 0 additions & 19 deletions filebeat/module/elasticsearch/slowlog/ingest/pipeline.json
Original file line number Diff line number Diff line change
Expand Up @@ -30,25 +30,6 @@
"name": "{< IngestPipeline "pipeline-json" >}"
}
},
{
"date": {
"field": "elasticsearch.slowlog.timestamp",
"target_field": "@timestamp",
"formats": [
"ISO8601"
],
"ignore_failure": true
}
},
{
"date": {
"if": "ctx.event.timezone != null",
"field": "@timestamp",
"formats": ["ISO8601"],
"timezone": "{{ event.timezone }}",
"on_failure": [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}]
}
},
{
"remove": {
"field": "elasticsearch.slowlog.timestamp"
Expand Down

0 comments on commit cec0445

Please sign in to comment.