forked from ViaQ/elasticsearch-templates
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpipeline_metadata.yml
141 lines (123 loc) · 3.75 KB
/
pipeline_metadata.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
namespace:
name: pipeline_metadata
type: group
description: >
Metadata related to ViaQ log collection pipeline.
Everything about log collector, normalizers, mappings goes here.
Data in this subgroup is stored for troublehsooting purposes mostly.
fields:
- name: "@version"
type: string
example: TODO
description: >
Version of “com.redhat.viaq” mapping the document is intended to adhere by the normalizer. It must be set by the normalizer.
The value must correspond to the [_meta][version].
- name: collector
type: group
description: >
The section contains metadata specific to the collector.
fields:
- name: hostname
type: string
description: >
FQDN of the collector. It might be different from the FQDN of the actual emitter of the logs.
- name: name
type: string
description: >
Name of the collector.
- name: version
type: string
description: >
Version of the collector
- name: ipaddr4
type: ip
description: >
IP address v4 of the collector server, can be an array.
fields:
- name: raw
ignore_above: 256
type: string
norms:
enabled: false
- name: ipaddr6
type: string
description: >
IP address v6 of the collector server, can be an array.
- name: inputname
type: string
description: >
how the log message was received on the collector whether it was TCP/UDP, or maybe imjournal/imfile.
- name: received_at
type: date
format: yyyy-MM-dd'T'HH:mm:ss.SSSSSSZ||yyyy-MM-dd'T'HH:mm:ssZ||dateOptionalTime
description: >
Time when the message was received at the collector.
- name: original_raw_message
type: string
index: analyzed
doc_values: false
description: >
The original non-parsed log message, collected by collector or as close to the source as possible.
fields:
- name: raw
type: string
ignore_above: 256
- name: normalizer
type: group
description: >
The section contains metadata specific to the normalizer.
fields:
- name: hostname
type: string
description: >
FQDN of the normalizer.
- name: name
type: string
description: >
Name of the normalizer.
- name: version
type: string
description: >
Version of the normalizer
- name: ipaddr4
type: ip
description: >
IP address v4 of the normalizer server, can be an array.
fields:
- name: raw
ignore_above: 256
type: string
norms:
enabled: false
- name: ipaddr6
type: string
description: >
IP address v6 of the normalizer server, can be an array.
- name: inputname
type: string
description: >
how the log message was received on the normalizer whether it was TCP/UDP.
- name: received_at
type: date
format: yyyy-MM-dd'T'HH:mm:ss.SSSSSSZ||yyyy-MM-dd'T'HH:mm:ssZ||dateOptionalTime
description: >
Time when the message was received at the collector.
- name: original_raw_message
type: string
index: analyzed
doc_values: false
description: >
The original non-parsed log message as it is received at the normalizer.
fields:
- name: raw
type: string
ignore_above: 256
- name: trace
type: string
doc_values: false
index: analyzed
analyzer: whitespace
example: "rsyslog,8.16,2016.02.01 logstash,1.5,2016.03.03"
description: >
The field records the trace of the message.
Each collector/normalizer appends information about itself and the date/time when the message was processed.