filebeat/input/journald: fix field name translation #30167

belimawr · 2022-02-02T18:19:14Z

What does this PR do?

The field names from journald were not being translated to our format
when sending the event to the output. This commit fixes it.

Why is it important?

It fixes the Journald event format

Checklist

My code follows the style guidelines of this project
I have commented my code, particularly in hard-to-understand areas
~~[ ] I have made corresponding changes to the documentation~~
~~[ ] I have made corresponding change to the default configuration files~~
I have added tests that prove my fix is effective or that my feature works
I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

~~## Author's Checklist~~

How to test this PR locally

Run Filebeat with the journald input and check that the event fields are translated as stated on our documentation

From the filebeat folder, you can use this yaml as configuration. It points to a journal used on unit tests with a handful of events

filebeat.inputs:
- type: journald
  enabled: true
  paths: ["input/journald/testdata/input-multiline-parser.journal"]
  save_remote_hostname: true

output.console:
  codec.json:
    pretty: true
  
processors:
  - add_host_metadata:
      when.not.contains.tags: forwarded

Related issues

Fixes [Filebeat] Journald event format changed #30031

~~## Use cases~~
~~## Screenshots~~
~~## Logs~~

The field names from journald were not being translated to our format when sending the event to the output. This commit fixes it. Fixes 30031

mergify · 2022-02-02T18:20:43Z

This pull request does not have a backport label. Could you fix it @belimawr? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

backport-v./d./d./d is the label to automatically backport to the 7./d branch. /d is the digit

NOTE: backport-skip has been added to this pull request.

elasticmachine · 2022-02-02T18:24:28Z

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

elasticmachine · 2022-02-02T20:04:15Z

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

Reason: null
Start Time: 2022-02-03T10:21:59.490+0000
Duration: 103 min 33 sec
Commit: 2e7a8e9

Test stats 🧪

Test	Results
Failed	0
Passed	9638
Skipped	1289
Total	10927

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

/test : Re-trigger the build.
/package : Generate the packages and run the E2E tests.
/beats-tester : Run the installation tests with beats-tester.
run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

CHANGELOG.next.asciidoc

filebeat/input/journald/input.go

belimawr · 2022-02-03T10:23:08Z

@andrewkroh I addressed your comments on 2e7a8e9

kvch

WFG

The field names from journald were not being translated to our format when sending the event to the output. This commit fixes it. Fixes 30031 (cherry picked from commit cc634f1) # Conflicts: # filebeat/input/journald/input.go # filebeat/input/journald/input_filtering_test.go

The field names from journald were not being translated to our format when sending the event to the output. This commit fixes it. Fixes 30031 (cherry picked from commit cc634f1) # Conflicts: # filebeat/input/journald/input_filtering_test.go

The field names from journald were not being translated to our format when sending the event to the output. This commit fixes it. Fixes 30031 (cherry picked from commit cc634f1)

The field names from journald were not being translated to our format when sending the event to the output. This commit fixes it. Fixes 30031 (cherry picked from commit cc634f1) Co-authored-by: Tiago Queiroz <tiago.queiroz@elastic.co>

…ation (#30287) * filebeat/input/journald: fix field name translation (#30167) The field names from journald were not being translated to our format when sending the event to the output. This commit fixes it. Fixes 30031 (cherry picked from commit cc634f1) # Conflicts: # filebeat/input/journald/input_filtering_test.go Co-authored-by: Tiago Queiroz <tiago.queiroz@elastic.co>

botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Feb 2, 2022

filebeat/input/journald: fix field name translation

4e1232e

The field names from journald were not being translated to our format when sending the event to the output. This commit fixes it. Fixes 30031

belimawr force-pushed the fix_journald_translation branch from de13977 to 4e1232e Compare February 2, 2022 18:20

mergify bot added the backport-skip Skip notification from the automated backport with mergify label Feb 2, 2022

belimawr added backport-7.17 Automated backport to the 7.17 branch with mergify backport-v8.0.0 Automated backport with mergify backport-v8.1.0 Automated backport with mergify Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team labels Feb 2, 2022

botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Feb 2, 2022

belimawr requested a review from kvch February 2, 2022 18:23

belimawr added the review label Feb 2, 2022

mergify bot removed the backport-skip Skip notification from the automated backport with mergify label Feb 2, 2022

belimawr marked this pull request as ready for review February 2, 2022 18:24

belimawr added the bug label Feb 2, 2022

belimawr mentioned this pull request Feb 2, 2022

[Filebeat] Journald event format changed #30031

Closed

andrewkroh reviewed Feb 2, 2022

View reviewed changes

CHANGELOG.next.asciidoc Outdated Show resolved Hide resolved

filebeat/input/journald/input.go Outdated Show resolved Hide resolved

PR improvements

2e7a8e9

kvch approved these changes Feb 3, 2022

View reviewed changes

andrewkroh approved these changes Feb 3, 2022

View reviewed changes

belimawr merged commit cc634f1 into elastic:main Feb 8, 2022

belimawr deleted the fix_journald_translation branch February 8, 2022 19:08

mergify bot mentioned this pull request Feb 8, 2022

[7.17](backport #30167) filebeat/input/journald: fix field name translation #30286

Closed

mergify bot mentioned this pull request Feb 8, 2022

[8.0](backport #30167) filebeat/input/journald: fix field name translation #30287

Merged

mergify bot mentioned this pull request Feb 8, 2022

[8.1](backport #30167) filebeat/input/journald: fix field name translation #30288

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

filebeat/input/journald: fix field name translation #30167

filebeat/input/journald: fix field name translation #30167

belimawr commented Feb 2, 2022 •

edited

Loading

mergify bot commented Feb 2, 2022

elasticmachine commented Feb 2, 2022

elasticmachine commented Feb 2, 2022 •

edited by jenkins-beats-ci bot

Loading

Build stats

Test stats 🧪

belimawr commented Feb 3, 2022

kvch left a comment

filebeat/input/journald: fix field name translation #30167

filebeat/input/journald: fix field name translation #30167

Conversation

belimawr commented Feb 2, 2022 • edited Loading

What does this PR do?

Why is it important?

Checklist

How to test this PR locally

Related issues

mergify bot commented Feb 2, 2022

elasticmachine commented Feb 2, 2022

elasticmachine commented Feb 2, 2022 • edited by jenkins-beats-ci bot Loading

💚 Build Succeeded

Build stats

Test stats 🧪

💚 Flaky test report

🤖 GitHub comments

belimawr commented Feb 3, 2022

kvch left a comment

Choose a reason for hiding this comment

belimawr commented Feb 2, 2022 •

edited

Loading

elasticmachine commented Feb 2, 2022 •

edited by jenkins-beats-ci bot

Loading