João Duarte
João Duarte
The [delimiter setting](https://www.elastic.co/guide/en/logstash/current/plugins-codecs-cef.html#plugins-codecs-cef-delimiter) was introduced to make cef decoding possible on byte stream inputs like the TCP input. Without a delimiter it's impossible to guarantee that each write containing a...
While this option was introduced in https://github.com/logstash-plugins/logstash-codec-cef/commit/442d42da8bdf3e7214c9d2a277a6d6fd895bcf35#diff-60997264fb4df8acacfb3987dc3049a5R81, it was never documented
otherwise throw exception/tag as parse failure see more context in https://github.com/logstash-plugins/logstash-codec-cef/pull/26#pullrequestreview-3551244 cef specification https://www.protect724.hpe.com/servlet/JiveServlet/downloadBody/1072-102-9-20354/CommonEventFormatv23.pdf
This codec is a privileged position to avoid the creation of huge events from arbitrarily large json documents. Although the string itself has been alocated, if this codec had a...
migrated from https://github.com/elastic/logstash/issues/7191 ----------- Hello, i'm configuring logstash for parsing some csv files. I wanted to use the convert option from the CSV filter as in [https://www.elastic.co/guide/en/logstash/current/plugins-filters-csv.html#plugins-filters-csv-convert](url) - Version: 5.4.0...
Currently two integration tests against ES 8.0.0 SNAPSHOT fail: ``` 1) LogStash::Filters::Elasticsearch should enhance the current event with new data Failure/Error: es.index(params) Elasticsearch::Transport::Transport::Errors::BadRequest: [400] {"error":"no handler found for uri [/logs/doc]...
Elasticsearch provides an [_msearch endpoint](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-multi-search.html) to perform multiple searches in a single round trip. Since the filters have both a filter(event) and a `multi_filter(events)` ([link](https://github.com/elastic/logstash/blob/master/logstash-core/lib/logstash/filters/base.rb#L157)) api, we could ensure that...
currently is possible to use `:regex => true` to treat dictionary keys as regexp, but would be nice to have the opposite: use contents of `source` as regexp that will...