Page MenuHomePhabricator
Paste P10521

Logging fields transformation to ecs
ActivePublic

Authored by fgiunchedi on Feb 25 2020, 6:07 PM.
Tags
None
Referenced Files
F31630677: raw.txt
Feb 25 2020, 6:07 PM
Subscribers
None
- fields: 'type'
schema: 'service.type'
- fields: ['timestamp', '@timestamp']
schema: '@timestamp'
- fields: ['message', 'msg']
schema: 'message'
- fields: tags
schema: tags
- fields: normalized_message
schema: message.normalized
standard: false
- fields: level
schema: log.level
- fields: host
schema: host.name
- fields: program
schema: process.name
- fields: logsource
schema: log.source
standard: false
- fields: facility
schema: log.syslog.facility.name
- fields: severity
schema: log.syslog.severity.name
- fields: url
schema: url.original
- fields: [ip, clientIP, http.client_ip, client_ip]
schema: client.ip
- fields: [http_method, request.method, http.method, req_method]
schema: http.request.method
- fields: channel
schema: mw.channel
standard: false
- fields: wiki
schema: mw.wiki
standard: false
- fields: phpversion
schema: mw.phpversion
standard: false
- fields: ReqId
schema: transaction.id
- fields: server
schema: host.name
- fields: shard
schema: mw.shard
standard: false
- fields: mwversion
schema: mw.version
standard: false
- fields: unique_id
schema: trace.id
- fields: private
schema: mw.private
standard: false
- fields: c_ip
schema: client.ip
- fields: referrer
schema: http.request.referrer
- fields: referer
schema: http.request.referrer
- fields: username
schema: client.user.name
- fields: feature
schema: mw.feature
standard: false
- fields: [agent, clientAgent]
schema: user_agent.original
- fields: ua_*
schema: user_agent.os.*
- fields: logger_name
schema: log.logger
- fields: trace
schema: trace.full
standard: false
- fields: varname
schema: mw.varname
standard: false
- fields: filter
schema: mw.filter
standard: false
- fields: name
schema: client.user.name
- fields: key
schema: mw.key
standard: false
- fields: process
schema: process.pid
- fields: module
schema: mw.module
standard: false
- fields: pathname
schema: log.origin.file.name
- fields: filename
schema: log.origin.file.name
- fields: method
schema: http.request.method
- fields: source
schema: mw.source
standard: false
- fields: user-agent
schema: user_agent.original
- fields: user_id
schema: client.user.id
- fields: csp-report*
schema: mw.csp.*
standard: false
- fields: action
schema: event.action
- fields: protocol
schema: network.transport
- fields: ttl
schema: network.ttl
standard: false
- fields: source_port
schema: source.port
- fields: source_ip
schema: source.ip
- fields: len
schema: source.bytes
- fields: ip_protocol
schema: network.type
- fields: in_interface
schema: network.interface ?
standard: false
- fields: ethertype
schema: network.ethertype ?
standard: false
- fields: direction
schema: network.direction
- fields: destination_ip
schema: destination.ip
- fields: dest_port
schema: destination.port
- fields: thread_name
schema: process.thread.name
- fields: level_value
schema: ?
- fields: hostname
schema: host.name
- fields: time
schema: ? overloaded between mw parse time and e.g. kubernetes logs
- fields: title
schema: mw.title
standard: false
- fields: query
schema: mw.query
standard: false
- fields: trigger
schema: mw.trigger
standard: false
- fields: ns
schema: mw.namespace
standard: false
- fields: measure
schema: mw.measure
standard: false
- fields: max
schema: mw.max
standard: false
- fields: by
schema: mw.by
standard: false
- fields: actual
schema: mw.actual
standard: false
- fields: modelid
schema: mw.modelID
standard: false
- fields: differenceengine
schema: mw.DifferenceEngine
standard: false
- fields: stream
schema: mw.stream
standard: false
- fields: user
schema: client.user.name
- fields: pid
schema: process.pid
- fields: levelpath
schema: mw.levelPath
standard: false
- fields: metadata.filename
schema: metadata.filename
standard: false
- fields: metadata.fileoffset
schema: metadata.fileoffset
standard: false