How to load / process fields.yml #50325
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
| @@ -0,0 +1,128 @@ | ||||||
| /* | ||||||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||||||
| * or more contributor license agreements. Licensed under the Elastic License; | ||||||
| * you may not use this file except in compliance with the Elastic License. | ||||||
| */ | ||||||
|
|
||||||
| import { readFileSync } from 'fs'; | ||||||
| import { safeLoad } from 'js-yaml'; | ||||||
|
|
||||||
| // This should become a copy of https://github.com/elastic/beats/blob/d9a4c9c240a9820fab15002592e5bb6db318543b/libbeat/mapping/field.go#L39 | ||||||
| export interface Field { | ||||||
| keyword: string; | ||||||
| type: string; | ||||||
| required: boolean; | ||||||
| description: string; | ||||||
| fields: Field[]; | ||||||
| } | ||||||
|
|
||||||
| test('test reading fields.yml', () => { | ||||||
| const yaml = readFileSync(path.join(__dirname, '/tests/fields.yml')); | ||||||
| const data = safeLoad(yaml.toString()); | ||||||
|
|
||||||
| console.log(keyword()); | ||||||
| data.forEach(data => { | ||||||
| console.log(data as Field); | ||||||
|
There was a problem hiding this comment.
|
||||||
| }); | ||||||
| expect(1 + 2).toStrictEqual(3); | ||||||
| }); | ||||||
|
|
||||||
| function getDefaultProperties() { | ||||||
| // TODO: do be extended with https://github.com/elastic/beats/blob/d9a4c9c240a9820fab15002592e5bb6db318543b/libbeat/template/processor.go#L364 | ||||||
| // Currently no defaults exist | ||||||
| return {}; | ||||||
| } | ||||||
|
|
||||||
| function keyword() { | ||||||
| const property = getDefaultProperties(); | ||||||
|
There was a problem hiding this comment. Another option is
Suggested change
There was a problem hiding this comment. There will be quite a few more fields which will be added to the properties object but with if / else conditions. So I wonder if it is discouraged in There was a problem hiding this comment. One situation where this is necessary is if you type the object (in TypeScript) and the properties are mandatory. Then |
||||||
|
|
||||||
| property.type = 'keyword'; | ||||||
|
|
||||||
| return property; | ||||||
| } | ||||||
|
|
||||||
| function getBaseTemplate() { | ||||||
|
There was a problem hiding this comment. @skh Our base elasticsearch template. Putting all these things for now but I'm aware it will not end up in the tests. |
||||||
| return { | ||||||
| // We need to decide which order we use for the templates | ||||||
| order: 1, | ||||||
| // To be completed with the correct index patterns | ||||||
| index_patterns: ['logs-nginx-access-abcd-*'], | ||||||
| settings: { | ||||||
| index: { | ||||||
| // ILM Policy must be added here | ||||||
| lifecycle: { | ||||||
| name: 'logs-default', | ||||||
| rollover_alias: 'logs-nginx-access-abcd', | ||||||
| }, | ||||||
| // What should be our default for the compression? | ||||||
| codec: 'best_compression', | ||||||
| // W | ||||||
| mapping: { | ||||||
| total_fields: { | ||||||
| limit: '10000', | ||||||
| }, | ||||||
| }, | ||||||
| // This is the default from Beats? So far seems to be a good value | ||||||
| refresh_interval: '5s', | ||||||
| // Default in the stack now, still good to have it in | ||||||
| number_of_shards: '1', | ||||||
| // All the default fields which should be queried have to be added here. | ||||||
| // So far we add all keyword and text fields here. | ||||||
| query: { | ||||||
| default_field: ['message'], | ||||||
| }, | ||||||
| // We are setting 30 because it can be devided by several numbers. Useful when shrinking. | ||||||
| number_of_routing_shards: '30', | ||||||
| }, | ||||||
| }, | ||||||
| mappings: { | ||||||
| // To be filled with interesting information about this specific index | ||||||
| _meta: { | ||||||
| package: 'foo', | ||||||
| }, | ||||||
| // All the dynamic field mappings | ||||||
| dynamic_templates: [ | ||||||
| // This makes sure all mappings are keywords by default | ||||||
| { | ||||||
| strings_as_keyword: { | ||||||
| mapping: { | ||||||
| ignore_above: 1024, | ||||||
| type: 'keyword', | ||||||
| }, | ||||||
| match_mapping_type: 'string', | ||||||
| }, | ||||||
| }, | ||||||
| // Example of a dynamic template | ||||||
| { | ||||||
| labels: { | ||||||
| path_match: 'labels.*', | ||||||
| mapping: { | ||||||
| type: 'keyword', | ||||||
| }, | ||||||
| match_mapping_type: 'string', | ||||||
| }, | ||||||
| }, | ||||||
| ], | ||||||
| // As we define fields ahead, we don't need any automatic field detection | ||||||
| // This makes sure all the fields are mapped to keyword by default to prevent mapping conflicts | ||||||
| date_detection: false, | ||||||
| // All the properties we know from the fields.yml file | ||||||
| properties: { | ||||||
| container: { | ||||||
| properties: { | ||||||
| image: { | ||||||
| properties: { | ||||||
| name: { | ||||||
| ignore_above: 1024, | ||||||
| type: 'keyword', | ||||||
| }, | ||||||
| }, | ||||||
| }, | ||||||
| }, | ||||||
| }, | ||||||
| }, | ||||||
| }, | ||||||
| // To be filled with the aliases that we need | ||||||
| aliases: {}, | ||||||
| }; | ||||||
| } | ||||||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| - name: log.file.path | ||
| type: keyword | ||
| required: false | ||
| description: > | ||
| The file from which the line was read. This field contains the absolute path to the file. | ||
| For example: `/var/log/system.log`. | ||
| - name: log.source.address | ||
| type: keyword | ||
| required: false | ||
| description: > | ||
| Source address from which the log event was read / sent from. | ||
| - name: log.offset | ||
| type: long | ||
| required: false | ||
| description: > | ||
| The file offset the reported line starts at. | ||
| - name: stream | ||
| type: keyword | ||
| required: false | ||
| description: > | ||
| Log stream when reading container logs, can be 'stdout' or 'stderr' |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this work? I'd do
data.forEach(item => {...}), i.e. name the argument to the callback different from the object youforEachover, if only for readability.