fluent-plugin-elasticsearch-timestamp-check 0.2.8 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: aa6ae137a40c8f3ccb7c51a5206c31b828e567be
|
|
4
|
+
data.tar.gz: 1afe8d16d24bb3f29203c90c356cd2dc837feac8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 273868f46777e729b27cd138a31444c8ec0fc5a5d5419a4299839cdd5cc9573b0bb9175b6344c6bc56f08ace5b065dbea72c6945b9b97ec8ca9cc57623394d47
|
|
7
|
+
data.tar.gz: 87aa129c73519b198c00e139b23a5c2dae7591e61e8c9d98c9550e39525284f7ed465849b731305720c79cef9b88a9e0d4ee02b7c42a26b5bf5d4b2649c7ab81
|
data/README.md
CHANGED
|
@@ -19,10 +19,15 @@ elasticsearch.
|
|
|
19
19
|
such value is detected, it will be converted to iso8601 format for easier
|
|
20
20
|
consumption of elasticsearch when dynamic mapping is used.**
|
|
21
21
|
|
|
22
|
-
*
|
|
23
|
-
parse that field and conver it to
|
|
24
|
-
in `@timestamp` field. In
|
|
25
|
-
is added to the object with
|
|
22
|
+
* By default, it will check whether fields named `timestamp`, `time`, or
|
|
23
|
+
`syslog_timestamp` exists, if so it will parse that field and conver it to
|
|
24
|
+
format '%Y-%m-%dT%H:%M:%S.%L%z' then store it in `@timestamp` field. In
|
|
25
|
+
addition, a field `fluent_converted_timestamp` is added to the object with
|
|
26
|
+
the same value.
|
|
27
|
+
|
|
28
|
+
* (>=0.3.0) the list of fields can be overriden by setting the
|
|
29
|
+
`timestamp_fields` parameter. It accepts a list of strings, the default is set
|
|
30
|
+
to: `['@timestamp', 'timestamp', 'time', 'syslog_timestamp']`
|
|
26
31
|
|
|
27
32
|
* If none of the above field exists, it will insert current event time in
|
|
28
33
|
'%Y-%m-%dT%H:%M:%S.%L%z' format as the `@timestamp` field. A field
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |spec|
|
|
2
2
|
spec.name = "fluent-plugin-elasticsearch-timestamp-check"
|
|
3
|
-
spec.version = "0.
|
|
3
|
+
spec.version = "0.3.0"
|
|
4
4
|
spec.authors = ["Richard Li"]
|
|
5
5
|
spec.email = ["evilcat@wisewolfsolutions.com"]
|
|
6
6
|
spec.description = %q{fluent filter plugin to ensure @timestamp is in proper format}
|
|
@@ -7,6 +7,7 @@ module Fluent::Plugin
|
|
|
7
7
|
Fluent::Plugin.register_filter('elasticsearch_timestamp_check', self)
|
|
8
8
|
|
|
9
9
|
config_param :subsecond_precision, :integer, default: 3
|
|
10
|
+
config_param :timestamp_fields, :array, default: ['@timestamp', 'timestamp', 'time', 'syslog_timestamp'], value_type: :string
|
|
10
11
|
|
|
11
12
|
def configure(conf)
|
|
12
13
|
super
|
|
@@ -33,7 +34,7 @@ module Fluent::Plugin
|
|
|
33
34
|
end
|
|
34
35
|
|
|
35
36
|
def filter(tag, time, record)
|
|
36
|
-
|
|
37
|
+
@timestamp_fields.map do |field|
|
|
37
38
|
record[field]
|
|
38
39
|
end.compact.each do |timestamp|
|
|
39
40
|
begin
|
|
@@ -58,6 +59,7 @@ module Fluent::Plugin
|
|
|
58
59
|
$log.debug("Timestamp parsed: #{record['@timestamp']}")
|
|
59
60
|
break
|
|
60
61
|
rescue ArgumentError
|
|
62
|
+
$log.debug("#{field} (#{timestamp}) failed to parse, trying next")
|
|
61
63
|
end
|
|
62
64
|
end
|
|
63
65
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-elasticsearch-timestamp-check
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Richard Li
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2019-02-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: fluentd
|