logstash-codec-cef Add support for providing CEF Extensions as a map while encoding.

Add support for providing CEF Extensions as a map while encoding.

Open Laikulo opened this issue 5 years ago • 0 comments

This would allow dynamic management of fields to be appended. Particularly useful with inter-pipeline communication.

Config Mockup:

input {
  heartbeat {
    add_field => {
      "[@metadata][cef_extensions]" => {}
      "[rt]" => "%{+s}"
    }
  }
}

filter {
  mutate {
    copy => {
      "[counter]" => "[@metadata][cef_extensions][counter]"
    }
  }
}

output {
  stdout {
    codec => cef {
      extensions_from => "[@metadata][cef_extensions]"
      fields => ["[rt]"]
      [...]
    }
  }
}

Example Output

CEF:0|SomeVendor|SomeProduct|0.0.1|msg|Message|6|counter=1 rt=1557255119000
CEF:0|SomeVendor|SomeProduct|0.0.1|msg|Message|6|counter=2 rt=1557255179000
CEF:0|SomeVendor|SomeProduct|0.0.1|msg|Message|6|counter=3 rt=1557255209000

+tag: enhancement

May 07 '19 21:05 Laikulo

logstash-codec-cef logstash-codec-cef copied to clipboard

Add support for providing CEF Extensions as a map while encoding.

logstash-codec-cef
logstash-codec-cef copied to clipboard