Skip to content

Commit

Permalink
[Logs UI] Add event.original fallback to message reconstruction rul…
Browse files Browse the repository at this point in the history 
…es (#102236)

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
  • Loading branch information
@weltenwort @kibanamachine
weltenwort and kibanamachine committed Jun 18, 2021
1 parent e518865 commit ee1710c
Show file tree
Hide file tree
Showing 2 changed files with 94 additions and 33 deletions.
54 changes: 54 additions & 0 deletions x-pack/plugins/infra/server/services/log_entries/message/builtin_rules/generic.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -186,4 +186,58 @@ describe('Generic Rules', () => {
`);
});
});

describe('event.original fallback', () => {
test('includes the event.dataset if present', () => {
const flattenedDocument = {
'@timestamp': ['2016-12-26T16:22:13.000Z'],
'event.dataset': ['generic.test'],
'event.original': ['TEST_MESSAGE'],
};

expect(format(flattenedDocument, {})).toMatchInlineSnapshot(`
Array [
Object {
"constant": "[",
},
Object {
"field": "event.dataset",
"highlights": Array [],
"value": Array [
"generic.test",
],
},
Object {
"constant": "] ",
},
Object {
"field": "event.original",
"highlights": Array [],
"value": Array [
"TEST_MESSAGE",
],
},
]
`);
});

test('includes the original message', () => {
const flattenedDocument = {
'@timestamp': ['2016-12-26T16:22:13.000Z'],
'event.original': ['TEST_MESSAGE'],
};

expect(format(flattenedDocument, {})).toMatchInlineSnapshot(`
Array [
Object {
"field": "event.original",
"highlights": Array [],
"value": Array [
"TEST_MESSAGE",
],
},
]
`);
});
});
});
73 changes: 40 additions & 33 deletions x-pack/plugins/infra/server/services/log_entries/message/builtin_rules/generic.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,40 +8,15 @@
import { LogMessageFormattingRule } from '../rule_types';

const BUILTIN_GENERIC_MESSAGE_FIELDS = ['message', '@message'];
const BUILTIN_FALLBACK_MESSAGE_FIELDS = ['log.original', 'event.original'];

export const getGenericRules = (genericMessageFields: string[]) => [
...Array.from(new Set([...genericMessageFields, ...BUILTIN_GENERIC_MESSAGE_FIELDS])).reduce<
LogMessageFormattingRule[]
>((genericRules, fieldName) => [...genericRules, ...createGenericRulesForField(fieldName)], []),
{
when: {
exists: ['event.dataset', 'log.original'],
},
format: [
{
constant: '[',
},
{
field: 'event.dataset',
},
{
constant: '] ',
},
{
field: 'log.original',
},
],
},
{
when: {
exists: ['log.original'],
},
format: [
{
field: 'log.original',
},
],
},
export const getGenericRules = (genericMessageFields: string[]): LogMessageFormattingRule[] => [
...Array.from(new Set([...genericMessageFields, ...BUILTIN_GENERIC_MESSAGE_FIELDS])).flatMap(
createGenericRulesForField
),
...BUILTIN_FALLBACK_MESSAGE_FIELDS.filter(
(fieldName) => !genericMessageFields.includes(fieldName)
).flatMap(createFallbackRulesForField),
];

const createGenericRulesForField = (fieldName: string) => [
Expand Down Expand Up @@ -172,3 +147,35 @@ const createGenericRulesForField = (fieldName: string) => [
],
},
];

const createFallbackRulesForField = (fieldName: string) => [
{
when: {
exists: ['event.dataset', fieldName],
},
format: [
{
constant: '[',
},
{
field: 'event.dataset',
},
{
constant: '] ',
},
{
field: fieldName,
},
],
},
{
when: {
exists: [fieldName],
},
format: [
{
field: fieldName,
},
],
},
];

0 comments on commit ee1710c

Please sign in to comment.