fluent-plugin-elasticsearch-timestamp-check 0.2.8 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: aa6ae137a40c8f3ccb7c51a5206c31b828e567be
|
4
|
+
data.tar.gz: 1afe8d16d24bb3f29203c90c356cd2dc837feac8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 273868f46777e729b27cd138a31444c8ec0fc5a5d5419a4299839cdd5cc9573b0bb9175b6344c6bc56f08ace5b065dbea72c6945b9b97ec8ca9cc57623394d47
|
7
|
+
data.tar.gz: 87aa129c73519b198c00e139b23a5c2dae7591e61e8c9d98c9550e39525284f7ed465849b731305720c79cef9b88a9e0d4ee02b7c42a26b5bf5d4b2649c7ab81
|
data/README.md
CHANGED
@@ -19,10 +19,15 @@ elasticsearch.
|
|
19
19
|
such value is detected, it will be converted to iso8601 format for easier
|
20
20
|
consumption of elasticsearch when dynamic mapping is used.**
|
21
21
|
|
22
|
-
*
|
23
|
-
parse that field and conver it to
|
24
|
-
in `@timestamp` field. In
|
25
|
-
is added to the object with
|
22
|
+
* By default, it will check whether fields named `timestamp`, `time`, or
|
23
|
+
`syslog_timestamp` exists, if so it will parse that field and conver it to
|
24
|
+
format '%Y-%m-%dT%H:%M:%S.%L%z' then store it in `@timestamp` field. In
|
25
|
+
addition, a field `fluent_converted_timestamp` is added to the object with
|
26
|
+
the same value.
|
27
|
+
|
28
|
+
* (>=0.3.0) the list of fields can be overriden by setting the
|
29
|
+
`timestamp_fields` parameter. It accepts a list of strings, the default is set
|
30
|
+
to: `['@timestamp', 'timestamp', 'time', 'syslog_timestamp']`
|
26
31
|
|
27
32
|
* If none of the above field exists, it will insert current event time in
|
28
33
|
'%Y-%m-%dT%H:%M:%S.%L%z' format as the `@timestamp` field. A field
|
@@ -1,6 +1,6 @@
|
|
1
1
|
Gem::Specification.new do |spec|
|
2
2
|
spec.name = "fluent-plugin-elasticsearch-timestamp-check"
|
3
|
-
spec.version = "0.
|
3
|
+
spec.version = "0.3.0"
|
4
4
|
spec.authors = ["Richard Li"]
|
5
5
|
spec.email = ["evilcat@wisewolfsolutions.com"]
|
6
6
|
spec.description = %q{fluent filter plugin to ensure @timestamp is in proper format}
|
@@ -7,6 +7,7 @@ module Fluent::Plugin
|
|
7
7
|
Fluent::Plugin.register_filter('elasticsearch_timestamp_check', self)
|
8
8
|
|
9
9
|
config_param :subsecond_precision, :integer, default: 3
|
10
|
+
config_param :timestamp_fields, :array, default: ['@timestamp', 'timestamp', 'time', 'syslog_timestamp'], value_type: :string
|
10
11
|
|
11
12
|
def configure(conf)
|
12
13
|
super
|
@@ -33,7 +34,7 @@ module Fluent::Plugin
|
|
33
34
|
end
|
34
35
|
|
35
36
|
def filter(tag, time, record)
|
36
|
-
|
37
|
+
@timestamp_fields.map do |field|
|
37
38
|
record[field]
|
38
39
|
end.compact.each do |timestamp|
|
39
40
|
begin
|
@@ -58,6 +59,7 @@ module Fluent::Plugin
|
|
58
59
|
$log.debug("Timestamp parsed: #{record['@timestamp']}")
|
59
60
|
break
|
60
61
|
rescue ArgumentError
|
62
|
+
$log.debug("#{field} (#{timestamp}) failed to parse, trying next")
|
61
63
|
end
|
62
64
|
end
|
63
65
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-elasticsearch-timestamp-check
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Richard Li
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2019-02-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: fluentd
|