-
Notifications
You must be signed in to change notification settings - Fork 31
/
pipeline_metadata.yml
137 lines (119 loc) · 3.67 KB
/
pipeline_metadata.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
namespace:
name: pipeline_metadata
type: group
description: >
Metadata related to ViaQ log collection pipeline.
Everything about log collector, normalizers, mappings goes here.
Data in this subgroup is stored for troublehsooting purposes mostly.
fields:
- name: "@version"
type: keyword
example: TODO
description: >
Version of “com.redhat.viaq” mapping the document is intended to adhere by the normalizer. It must be set by the normalizer.
The value must correspond to the [_meta][version].
- name: collector
type: group
description: >
The section contains metadata specific to the collector.
fields:
- name: hostname
type: keyword
description: >
FQDN of the collector. It might be different from the FQDN of the actual emitter of the logs.
- name: name
type: keyword
description: >
Name of the collector.
- name: version
type: keyword
description: >
Version of the collector
- name: ipaddr4
type: ip
description: >
IP address v4 of the collector server, can be an array.
fields:
- name: raw
ignore_above: 256
type: keyword
- name: ipaddr6
type: ip
description: >
IP address v6 of the collector server, can be an array.
- name: inputname
type: keyword
description: >
how the log message was received on the collector whether it was TCP/UDP, or maybe imjournal/imfile.
- name: received_at
type: date
format: yyyy-MM-dd'T'HH:mm:ss.SSSSSSZ||yyyy-MM-dd'T'HH:mm:ssZ||dateOptionalTime
description: >
Time when the message was received at the collector.
- name: original_raw_message
type: text
index: true
doc_values: false
description: >
The original non-parsed log message, collected by collector or as close to the source as possible.
fields:
- name: raw
type: keyword
ignore_above: 256
- name: normalizer
type: group
description: >
The section contains metadata specific to the normalizer.
fields:
- name: hostname
type: keyword
description: >
FQDN of the normalizer.
- name: name
type: keyword
description: >
Name of the normalizer.
- name: version
type: keyword
description: >
Version of the normalizer
- name: ipaddr4
type: ip
description: >
IP address v4 of the normalizer server, can be an array.
fields:
- name: raw
ignore_above: 256
type: keyword
- name: ipaddr6
type: ip
description: >
IP address v6 of the normalizer server, can be an array.
- name: inputname
type: keyword
description: >
how the log message was received on the normalizer whether it was TCP/UDP.
- name: received_at
type: date
format: yyyy-MM-dd'T'HH:mm:ss.SSSSSSZ||yyyy-MM-dd'T'HH:mm:ssZ||dateOptionalTime
description: >
Time when the message was received at the collector.
- name: original_raw_message
type: text
index: true
doc_values: false
description: >
The original non-parsed log message as it is received at the normalizer.
fields:
- name: raw
type: keyword
ignore_above: 256
- name: trace
type: text
doc_values: false
index: true
analyzer: whitespace
example: "rsyslog,8.16,2016.02.01 logstash,1.5,2016.03.03"
description: >
The field records the trace of the message.
Each collector/normalizer appends information about itself and the date/time when the message was processed.