add ecs support #228
add ecs support #228
Conversation
docs/index.asciidoc
Outdated
| ==== Event Metadata and the Elastic Common Schema (ECS) | ||
| This plugin adds cloudfront metadata to event. | ||
| By default, the value is stored in the root level. | ||
| When ECS is enabled, it is stored in the `@metadata`. |
There was a problem hiding this comment.
| When ECS is enabled, it is stored in the `@metadata`. | |
| When ECS is enabled, the value is stored in the `@metadata`. |
docs/index.asciidoc
Outdated
| |======================================================================= | ||
| | disabled | v1 | Availability | Description | ||
|
|
||
| | cloudfront_fields | [@metadata][s3][cloudfront][fields] | available when the file is a cloudfront metadata | columns name of metadata |
There was a problem hiding this comment.
| | cloudfront_fields | [@metadata][s3][cloudfront][fields] | available when the file is a cloudfront metadata | columns name of metadata | |
| | cloudfront_fields | [@metadata][s3][cloudfront][fields] | available when the file contains cloudfront metadata | columns name of metadata |
There was a problem hiding this comment.
I don't understand this wording. Maybe "When the file contains cloudfront metadata?"
If I don't have the wording right, please let me know. We can work together to find the right wording.
There was a problem hiding this comment.
my word metadata is not accurate. It should be a log file specific to CloudFront, which records the access details.
cloudfront_fields and cloudfront_version are only available for CloudFront log.
So, may be change it to "available when the file is a CloudFront log"
docs/index.asciidoc
Outdated
| | disabled | v1 | Availability | Description | ||
|
|
||
| | cloudfront_fields | [@metadata][s3][cloudfront][fields] | available when the file is a cloudfront metadata | columns name of metadata | ||
| | cloudfront_version | [@metadata][s3][cloudfront][version] | available when the file is a cloudfront metadata | version of metadata |
There was a problem hiding this comment.
| | cloudfront_version | [@metadata][s3][cloudfront][version] | available when the file is a cloudfront metadata | version of metadata | |
| | cloudfront_version | [@metadata][s3][cloudfront][version] | available when the file contains cloudfront metadata | version of metadata |
There was a problem hiding this comment.
Same comment as previous
| * Default value depends on which version of Logstash is running: | ||
| ** When Logstash provides a `pipeline.ecs_compatibility` setting, its value is used as the default | ||
| ** Otherwise, the default value is `disabled`. | ||
|
|
There was a problem hiding this comment.
| Controls this plugin's compatibility with the | |
| {ecs-ref}[Elastic Common Schema (ECS)]. | |
| See <<plugins-{type}s-{plugin}-ecs_metadata,ECS mapping>> for detailed information. |
| @@ -31,6 +31,20 @@ Files ending in `.gz` are handled as gzip'ed files. | |||
|
|
|||
| Files that are archived to AWS Glacier will be skipped. | |||
|
|
|||
| ==== Event Metadata and the Elastic Common Schema (ECS) | |||
There was a problem hiding this comment.
| ==== Event Metadata and the Elastic Common Schema (ECS) | |
| [id="plugins-{type}s-{plugin}-ecs_compatibility"] | |
| ==== Event Metadata and the Elastic Common Schema (ECS) |
There was a problem hiding this comment.
Changes in code and specs look good.
I've left a few suggestions in docs, and we should probably get 👀 from @karenzone before we merge.
docs/index.asciidoc
Outdated
| Here’s how ECS compatibility mode affects output. | ||
| [cols="<l,<l,e,<e"] | ||
| |======================================================================= | ||
| | disabled | v1 | Availability | Description |
There was a problem hiding this comment.
| | disabled | v1 | Availability | Description | |
| | ECS disabled | ECS v1 | Availability | Description |
docs/index.asciidoc
Outdated
| |======================================================================= | ||
| | disabled | v1 | Availability | Description | ||
|
|
||
| | cloudfront_fields | [@metadata][s3][cloudfront][fields] | available when the file is a cloudfront metadata | columns name of metadata |
There was a problem hiding this comment.
| | cloudfront_fields | [@metadata][s3][cloudfront][fields] | available when the file is a cloudfront metadata | columns name of metadata | |
| | cloudfront_fields | [@metadata][s3][cloudfront][fields] | available when the file is a cloudfront metadata | column names of metadata |
spec/inputs/s3_spec.rb
Outdated
| ecs_compatibility_matrix(:disabled, :v1) do |ecs_select| | ||
| before(:each) do | ||
| allow_any_instance_of(described_class).to receive(:ecs_compatibility).and_return(ecs_compatibility) | ||
| # subject.register |
There was a problem hiding this comment.
| # subject.register |
the |
|
Regarding:
@kaisecheng Using examples to illustrate concepts is one of many areas where you excel. If you believe that an example would add more confusion, then I agree that we shouldn't add one. |
There was a problem hiding this comment.
@kaisecheng I suggested two more fixes inline. One was the result of my error in suggesting a heading anchor that was already in use.
Co-authored-by: Karen Metts <[email protected]>
Co-authored-by: Karen Metts <[email protected]>
This PR adds ECS support and maps the following
Closed: #196