-
Notifications
You must be signed in to change notification settings - Fork 418
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove either log.original
or event.original
#841
Comments
That bullet point clinches it for me. I think |
cc @ruflin |
+1 for keeping |
If we only keep one, +1 on keeping |
+1 |
+1 event.original |
For me definitely |
Thanks, everyone, for the input here! An RFC proposing the removal of |
Both fields are almost equivalent in nature, and are potentially pretty big.
Distinction between them makes
log.original
sound like a temporary debugging field, whereasevent.original
is the field is meant to capture the original untouched event, used for determining log integrity.I think we should keep only one, with the purpose of capturing the original untouched event, to determine log integrity. I think the other one should go away and be captured in a custom field by data sources that need it.
I've personally been going back & forth which one I think makes the most sense to keep around ultimately. So which one we deprecate for future removal is up for debate. Feedback welcome.
Remove "event.original" and keep "log.original"
Pros
log.*
to be a place for low level details, and I thinklog.original
fits well in that philosophyCons
event.original
, but moves its current definition around tolog.original
log.original
may sound a bit weird to users.Remove "log.original" and keep "event.original"
Pros
event.original
field retains its current definitionevent.original
(to be confirmed), so removinglog.original
would therefore be less painful down the line.Cons
event.*
a place to capture higher level details (often very short fields), and having a big payload in there feels a bit out of place.The text was updated successfully, but these errors were encountered: