Skip to content

Commit

Permalink
Set log.original and event.original as message fields
Browse files Browse the repository at this point in the history
  • Loading branch information
@weltenwort
weltenwort committed Jun 15, 2021
1 parent 42aa7f5 commit 4daf7a6
Show file tree
Hide file tree
Showing 2 changed files with 181 additions and 25 deletions.
142 changes: 142 additions & 0 deletions x-pack/plugins/infra/server/services/log_entries/message/builtin_rules/generic.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,50 @@ describe('Generic Rules', () => {
});

describe('log.original fallback', () => {
test('includes the event.dataset and log.level if present', () => {
const flattenedDocument = {
'@timestamp': ['2016-12-26T16:22:13.000Z'],
'event.dataset': ['generic.test'],
'log.level': ['TEST_LEVEL'],
'log.original': ['TEST_MESSAGE'],
};

expect(format(flattenedDocument, {})).toMatchInlineSnapshot(`
Array [
Object {
"constant": "[",
},
Object {
"field": "event.dataset",
"highlights": Array [],
"value": Array [
"generic.test",
],
},
Object {
"constant": "][",
},
Object {
"field": "log.level",
"highlights": Array [],
"value": Array [
"TEST_LEVEL",
],
},
Object {
"constant": "] ",
},
Object {
"field": "log.original",
"highlights": Array [],
"value": Array [
"TEST_MESSAGE",
],
},
]
`);
});

test('includes the event.dataset if present', () => {
const flattenedDocument = {
'@timestamp': ['2016-12-26T16:22:13.000Z'],
Expand Down Expand Up @@ -186,4 +230,102 @@ describe('Generic Rules', () => {
`);
});
});

describe('event.original fallback', () => {
test('includes the event.dataset and log.level if present', () => {
const flattenedDocument = {
'@timestamp': ['2016-12-26T16:22:13.000Z'],
'event.dataset': ['generic.test'],
'log.level': ['TEST_LEVEL'],
'event.original': ['TEST_MESSAGE'],
};

expect(format(flattenedDocument, {})).toMatchInlineSnapshot(`
Array [
Object {
"constant": "[",
},
Object {
"field": "event.dataset",
"highlights": Array [],
"value": Array [
"generic.test",
],
},
Object {
"constant": "][",
},
Object {
"field": "log.level",
"highlights": Array [],
"value": Array [
"TEST_LEVEL",
],
},
Object {
"constant": "] ",
},
Object {
"field": "event.original",
"highlights": Array [],
"value": Array [
"TEST_MESSAGE",
],
},
]
`);
});

test('includes the event.dataset if present', () => {
const flattenedDocument = {
'@timestamp': ['2016-12-26T16:22:13.000Z'],
'event.dataset': ['generic.test'],
'event.original': ['TEST_MESSAGE'],
};

expect(format(flattenedDocument, {})).toMatchInlineSnapshot(`
Array [
Object {
"constant": "[",
},
Object {
"field": "event.dataset",
"highlights": Array [],
"value": Array [
"generic.test",
],
},
Object {
"constant": "] ",
},
Object {
"field": "event.original",
"highlights": Array [],
"value": Array [
"TEST_MESSAGE",
],
},
]
`);
});

test('includes the original message', () => {
const flattenedDocument = {
'@timestamp': ['2016-12-26T16:22:13.000Z'],
'event.original': ['TEST_MESSAGE'],
};

expect(format(flattenedDocument, {})).toMatchInlineSnapshot(`
Array [
Object {
"field": "event.original",
"highlights": Array [],
"value": Array [
"TEST_MESSAGE",
],
},
]
`);
});
});
});
64 changes: 39 additions & 25 deletions x-pack/plugins/infra/server/services/log_entries/message/builtin_rules/generic.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,15 +7,17 @@

import { LogMessageFormattingRule } from '../rule_types';

const BUILTIN_GENERIC_MESSAGE_FIELDS = ['message', '@message'];
const BUILTIN_GENERIC_MESSAGE_FIELDS = ['message', '@message', 'log.original', 'event.original'];

export const getGenericRules = (genericMessageFields: string[]) => [
...Array.from(new Set([...genericMessageFields, ...BUILTIN_GENERIC_MESSAGE_FIELDS])).reduce<
export const getGenericRules = (genericMessageFields: string[]) =>
Array.from(new Set([...genericMessageFields, ...BUILTIN_GENERIC_MESSAGE_FIELDS])).reduce<
LogMessageFormattingRule[]
>((genericRules, fieldName) => [...genericRules, ...createGenericRulesForField(fieldName)], []),
>((genericRules, fieldName) => [...genericRules, ...createGenericRulesForField(fieldName)], []);

const createGenericRulesForField = (fieldName: string) => [
{
when: {
exists: ['event.dataset', 'log.original'],
exists: ['event.dataset', 'log.level', fieldName, 'error.stack_trace.text'],
},
format: [
{
Expand All @@ -24,30 +26,29 @@ export const getGenericRules = (genericMessageFields: string[]) => [
{
field: 'event.dataset',
},
{
constant: '][',
},
{
field: 'log.level',
},
{
constant: '] ',
},
{
field: 'log.original',
field: fieldName,
},
{
constant: '\n',
},
],
},
{
when: {
exists: ['log.original'],
},
format: [
{
field: 'log.original',
field: 'error.stack_trace.text',
},
],
},
];

const createGenericRulesForField = (fieldName: string) => [
{
when: {
exists: ['event.dataset', 'log.level', fieldName, 'error.stack_trace.text'],
exists: ['event.dataset', 'log.level', fieldName],
},
format: [
{
Expand All @@ -68,6 +69,25 @@ const createGenericRulesForField = (fieldName: string) => [
{
field: fieldName,
},
],
},
{
when: {
exists: ['event.dataset', fieldName, 'error.stack_trace.text'],
},
format: [
{
constant: '[',
},
{
field: 'event.dataset',
},
{
constant: '] ',
},
{
field: fieldName,
},
{
constant: '\n',
},
Expand All @@ -78,7 +98,7 @@ const createGenericRulesForField = (fieldName: string) => [
},
{
when: {
exists: ['event.dataset', 'log.level', fieldName],
exists: ['event.dataset', fieldName],
},
format: [
{
Expand All @@ -87,12 +107,6 @@ const createGenericRulesForField = (fieldName: string) => [
{
field: 'event.dataset',
},
{
constant: '][',
},
{
field: 'log.level',
},
{
constant: '] ',
},
Expand Down

0 comments on commit 4daf7a6

Please sign in to comment.