Skip to content

Commit

Permalink
checkpoint: elastic#11894 normalize filds according to ECS
Browse files Browse the repository at this point in the history
impacted fields:

- checkpoint.last_hit_time
- checkpoint.creation_time
- checkpoint.duration
  • Loading branch information
srilumpa committed Dec 19, 2024
1 parent 904875c commit a60d5f6
Showing 1 changed file with 26 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -410,7 +410,7 @@ processors:
allow_duplicates: false
- append:
field: event.type
value:
value:
- start
allow_duplicates: false
if: ctx.checkpoint?.action == 'Log In' || ctx.checkpoint?.operation == 'Log In'
Expand Down Expand Up @@ -1076,6 +1076,29 @@ processors:
formats: ["ISO8601", "UNIX"]
target_field: event.end
if: "ctx.checkpoint?.lastupdatetime != null"
- date:
field: checkpoint.last_hit_time
formats: ["ISO8601", "UNIX"]
target_field: event.end
if: "ctx.checkpoint?.last_hit_time != null"
- date:
field: checkpoint.creation_time
formats: ["ISO8601", "UNIX"]
target_field: event.start
if: "ctx.checkpoint?.creation_time != null"
- rename:
field: checkpoint.duration
target_field: event.duration
ignore_missing: true
- convert:
field: event.duration
type: integer
ignore_missing: trur
- script:
tag: event_duration_conversion_to_long
lang: painless
source: ctx.event.duration = ctx.event.duration * 1000000000L
if: ctx?.event?.duration != null
- rename:
field: checkpoint.message
target_field: message
Expand Down Expand Up @@ -1264,6 +1287,8 @@ processors:
- checkpoint.hll_key
- checkpoint.segment_time
- checkpoint.lastupdatetime
- checkpoint.last_hit_time
- checkpoint.creation_time
- checkpoint.endpoint_ip
- checkpoint.origin_ip
- syslog5424_ts
Expand Down

0 comments on commit a60d5f6

Please sign in to comment.