Spool to disk not working with time.Time fields

[andrewkroh]

I noticed this problem with beats that produce event.start and event.end which are time.Time values. The same thing happens with Filebeat's netflow input which also produces these fields.

See how event.start and event.end are {}.

$ ./packetbeat -c packetbeat.queue.yml -I tests/system/pcaps/dns_google_com.pcap 
{
  "@timestamp": "2019-01-16T04:53:31.637Z",
  "@metadata": {
    "beat": "packetbeat",
    "type": "_doc",
    "version": "7.0.0"
  },
  "event": {
    "start": {},
    "end": {},
    "dataset": "dns",
    "duration": 66221937
  },
  "type": "dns"
}

packetbeat.interfaces.device: any
packetbeat.shutdown_timeout: 2s
packetbeat.protocols:
- type: dns
  ports: [53]

queue.spool.size: 10 MiB

output.console.pretty: true

processors:
  - include_fields:
      fields: event

If spooling is disabled the problem goes away.

$ ./packetbeat -c packetbeat.queue.yml -I tests/system/pcaps/dns_google_com.pcap -E queue.spool.enabled=false
{
  "@timestamp": "2019-01-16T04:56:33.861Z",
  "@metadata": {
    "beat": "packetbeat",
    "type": "_doc",
    "version": "7.0.0"
  },
  "event": {
    "dataset": "dns",
    "duration": 66212229,
    "start": "2019-01-16T04:56:33.861Z",
    "end": "2019-01-16T04:56:33.927Z"
  },
  "type": "dns"
}

[andrewkroh]

Reopening because this needs a unit test to prevent a regression.