diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc index bbda9ccdee3..77ec853c95d 100644 --- a/CHANGELOG.asciidoc +++ b/CHANGELOG.asciidoc @@ -88,6 +88,7 @@ https://github.com/elastic/beats/compare/v5.1.1...master[Check the HEAD diff] - Disabled date detection in Elasticsearch index templates. Date fields must be explicitly defined in index templates. {pull}3528[3528] - Using environment variables in the configuration file is now GA, instead of experimental. {pull}3525[3525] - Initialize a beats UUID from file on startup. {pull}3615[3615] +- Add new `add_locale` processor to export the local timezone with an event. {pull}3902[3902] *Filebeat* diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index eb5550bec47..de7655f0358 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -304,6 +304,12 @@ The name of the Beat sending the log messages. If the Beat name is set in the co The hostname as returned by the operating system on which the Beat is running. +[float] +=== beat.timezone + +The timezone as returned by the operating system on which the Beat is running. + + [float] === beat.version diff --git a/filebeat/filebeat.full.yml b/filebeat/filebeat.full.yml index f3caf49222a..b7c383779e8 100644 --- a/filebeat/filebeat.full.yml +++ b/filebeat/filebeat.full.yml @@ -419,6 +419,11 @@ filebeat.prospectors: #processors: #- add_cloud_metadata: # +# The following example enriches each event with the local timezone. +# +#processors: +#- add_locale: +# #================================ Outputs ====================================== diff --git a/heartbeat/docs/fields.asciidoc b/heartbeat/docs/fields.asciidoc index 7bee2fdef6b..58b338ca337 100644 --- a/heartbeat/docs/fields.asciidoc +++ b/heartbeat/docs/fields.asciidoc @@ -36,6 +36,12 @@ The name of the Beat sending the log messages. If the Beat name is set in the co The hostname as returned by the operating system on which the Beat is running. +[float] +=== beat.timezone + +The timezone as returned by the operating system on which the Beat is running. + + [float] === beat.version diff --git a/heartbeat/heartbeat.full.yml b/heartbeat/heartbeat.full.yml index a30820786b9..d6355208c21 100644 --- a/heartbeat/heartbeat.full.yml +++ b/heartbeat/heartbeat.full.yml @@ -267,6 +267,11 @@ heartbeat.scheduler: #processors: #- add_cloud_metadata: # +# The following example enriches each event with the local timezone. +# +#processors: +#- add_locale: +# #================================ Outputs ====================================== diff --git a/libbeat/_meta/config.full.yml b/libbeat/_meta/config.full.yml index dfd7e493b44..547d92882ba 100644 --- a/libbeat/_meta/config.full.yml +++ b/libbeat/_meta/config.full.yml @@ -69,6 +69,11 @@ #processors: #- add_cloud_metadata: # +# The following example enriches each event with the local timezone. +# +#processors: +#- add_locale: +# #================================ Outputs ====================================== diff --git a/libbeat/_meta/fields.common.yml b/libbeat/_meta/fields.common.yml index e21047c38b5..0992f0ce645 100644 --- a/libbeat/_meta/fields.common.yml +++ b/libbeat/_meta/fields.common.yml @@ -15,6 +15,10 @@ description: > The hostname as returned by the operating system on which the Beat is running. + - name: beat.timezone + description: > + The timezone as returned by the operating system on which the Beat is + running. - name: beat.version description: > The version of the beat that generated this event. diff --git a/libbeat/beat/beat.go b/libbeat/beat/beat.go index be9289b5fa8..a5099c84fc5 100644 --- a/libbeat/beat/beat.go +++ b/libbeat/beat/beat.go @@ -63,6 +63,7 @@ import ( // Register default processors. _ "github.com/elastic/beats/libbeat/processors/actions" _ "github.com/elastic/beats/libbeat/processors/add_cloud_metadata" + _ "github.com/elastic/beats/libbeat/processors/add_locale" // Register default monitoring reporting _ "github.com/elastic/beats/libbeat/monitoring/report/elasticsearch" diff --git a/libbeat/docs/processors-config.asciidoc b/libbeat/docs/processors-config.asciidoc index b7a71bc17c9..277bd7ec685 100644 --- a/libbeat/docs/processors-config.asciidoc +++ b/libbeat/docs/processors-config.asciidoc @@ -253,6 +253,7 @@ not: The supported processors are: * <> + * <> * <> * <> * <> @@ -340,6 +341,23 @@ _GCE_ } ------------------------------------------------------------------------------- +[[add-locale]] +=== add_locale + +The `add_locale` processor enriches each event with the machine's time zone. + +The simple configuration below enables the processor. + +[source,yaml] +------------------------------------------------------------------------------- +processors: +- add_locale: +------------------------------------------------------------------------------- + +NOTE: Please consider that `add_locale` differentiates between DST and regular time. +For example `CET` and `CEST`. + + [[decode-json-fields]] === decode_json_fields diff --git a/libbeat/processors/add_locale/add_locale.go b/libbeat/processors/add_locale/add_locale.go new file mode 100644 index 00000000000..9c7ecef5407 --- /dev/null +++ b/libbeat/processors/add_locale/add_locale.go @@ -0,0 +1,29 @@ +package actions + +import ( + "time" + + "github.com/elastic/beats/libbeat/common" + "github.com/elastic/beats/libbeat/processors" +) + +type addLocale struct{} + +func init() { + processors.RegisterPlugin("add_locale", newAddLocale) +} + +func newAddLocale(c common.Config) (processors.Processor, error) { + return addLocale{}, nil +} + +func (l addLocale) Run(event common.MapStr) (common.MapStr, error) { + zone, _ := time.Now().Zone() + event.Put("beat.timezone", zone) + + return event, nil +} + +func (l addLocale) String() string { + return "add_locale" +} diff --git a/libbeat/processors/add_locale/add_locale_test.go b/libbeat/processors/add_locale/add_locale_test.go new file mode 100644 index 00000000000..3d2b31a9396 --- /dev/null +++ b/libbeat/processors/add_locale/add_locale_test.go @@ -0,0 +1,59 @@ +package actions + +import ( + "testing" + "time" + + "github.com/elastic/beats/libbeat/common" + "github.com/elastic/beats/libbeat/logp" + "github.com/stretchr/testify/assert" +) + +func TestExportTimeZone(t *testing.T) { + var testConfig = common.NewConfig() + + input := common.MapStr{} + + zone, _ := time.Now().In(time.Local).Zone() + + actual := getActualValue(t, testConfig, input) + + expected := common.MapStr{ + "beat": map[string]string{ + "timezone": zone, + }, + } + + assert.Equal(t, expected.String(), actual.String()) +} + +func getActualValue(t *testing.T, config *common.Config, input common.MapStr) common.MapStr { + if testing.Verbose() { + logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"*"}) + } + + p, err := newAddLocale(*config) + if err != nil { + logp.Err("Error initializing add_locale") + t.Fatal(err) + } + + actual, err := p.Run(input) + + return actual +} + +func BenchmarkConstruct(b *testing.B) { + var testConfig = common.NewConfig() + + input := common.MapStr{} + + p, err := newAddLocale(*testConfig) + if err != nil { + b.Fatal(err) + } + + for i := 0; i < b.N; i++ { + _, err = p.Run(input) + } +} diff --git a/metricbeat/docs/fields.asciidoc b/metricbeat/docs/fields.asciidoc index e05d039e8ec..ab9856f8c72 100644 --- a/metricbeat/docs/fields.asciidoc +++ b/metricbeat/docs/fields.asciidoc @@ -383,6 +383,12 @@ The name of the Beat sending the log messages. If the Beat name is set in the co The hostname as returned by the operating system on which the Beat is running. +[float] +=== beat.timezone + +The timezone as returned by the operating system on which the Beat is running. + + [float] === beat.version diff --git a/metricbeat/metricbeat.full.yml b/metricbeat/metricbeat.full.yml index c13f3ac39d8..09ea01c96d3 100644 --- a/metricbeat/metricbeat.full.yml +++ b/metricbeat/metricbeat.full.yml @@ -404,6 +404,11 @@ metricbeat.modules: #processors: #- add_cloud_metadata: # +# The following example enriches each event with the local timezone. +# +#processors: +#- add_locale: +# #================================ Outputs ====================================== diff --git a/packetbeat/docs/fields.asciidoc b/packetbeat/docs/fields.asciidoc index 5009ceb677b..e553e41afd3 100644 --- a/packetbeat/docs/fields.asciidoc +++ b/packetbeat/docs/fields.asciidoc @@ -375,6 +375,12 @@ The name of the Beat sending the log messages. If the Beat name is set in the co The hostname as returned by the operating system on which the Beat is running. +[float] +=== beat.timezone + +The timezone as returned by the operating system on which the Beat is running. + + [float] === beat.version diff --git a/packetbeat/packetbeat.full.yml b/packetbeat/packetbeat.full.yml index 24b5b64a1a6..dfe32e1ef80 100644 --- a/packetbeat/packetbeat.full.yml +++ b/packetbeat/packetbeat.full.yml @@ -524,6 +524,11 @@ packetbeat.protocols: #processors: #- add_cloud_metadata: # +# The following example enriches each event with the local timezone. +# +#processors: +#- add_locale: +# #================================ Outputs ====================================== diff --git a/winlogbeat/docs/fields.asciidoc b/winlogbeat/docs/fields.asciidoc index 7826b431a75..7085b9e7512 100644 --- a/winlogbeat/docs/fields.asciidoc +++ b/winlogbeat/docs/fields.asciidoc @@ -37,6 +37,12 @@ The name of the Beat sending the log messages. If the Beat name is set in the co The hostname as returned by the operating system on which the Beat is running. +[float] +=== beat.timezone + +The timezone as returned by the operating system on which the Beat is running. + + [float] === beat.version diff --git a/winlogbeat/winlogbeat.full.yml b/winlogbeat/winlogbeat.full.yml index 1348daf70e7..3f0a96611a5 100644 --- a/winlogbeat/winlogbeat.full.yml +++ b/winlogbeat/winlogbeat.full.yml @@ -98,6 +98,11 @@ winlogbeat.event_logs: #processors: #- add_cloud_metadata: # +# The following example enriches each event with the local timezone. +# +#processors: +#- add_locale: +# #================================ Outputs ======================================