[Logs UI] Fix some filebeat ECS message formats (elastic#31120)

weltenwort · Feb 21, 2019 · 1d8a318 · 1d8a318
1 parent ca750c5
commit 1d8a318
Show file tree

Hide file tree

Showing 21 changed files with 1,890 additions and 355 deletions.
diff --git a/...lugins/infra/server/lib/domains/log_entries_domain/builtin_rules/filebeat_apache2.test.ts b/...lugins/infra/server/lib/domains/log_entries_domain/builtin_rules/filebeat_apache2.test.ts
@@ -4,10 +4,10 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
+import { builtinRules } from '.';
 import { compileFormattingRules } from '../message';
-import { filebeatApache2Rules } from './filebeat_apache2';
 
-const { format } = compileFormattingRules(filebeatApache2Rules);
+const { format } = compileFormattingRules(builtinRules);
 
 describe('Filebeat Rules', () => {
   describe('in ECS format', () => {
@@ -45,7 +45,15 @@ describe('Filebeat Rules', () => {
       expect(format(flattenedDocument)).toMatchInlineSnapshot(`
 Array [
   Object {
-    "constant": "[Apache][access] ",
+    "constant": "[",
+  },
+  Object {
+    "field": "event.module",
+    "highlights": Array [],
+    "value": "apache",
+  },
+  Object {
+    "constant": "][access] ",
   },
   Object {
     "field": "source.ip",
@@ -123,7 +131,7 @@ Array [
       expect(format(flattenedDocument)).toMatchInlineSnapshot(`
 Array [
   Object {
-    "constant": "[Apache][",
+    "constant": "[apache][",
   },
   Object {
     "field": "log.level",
@@ -159,7 +167,7 @@ Array [
       expect(format(flattenedDocument)).toMatchInlineSnapshot(`
 Array [
   Object {
-    "constant": "[Apache][access] ",
+    "constant": "[apache][access] ",
   },
   Object {
     "field": "apache2.access.remote_ip",
@@ -228,7 +236,7 @@ Array [
       expect(format(flattenedDocument)).toMatchInlineSnapshot(`
 Array [
   Object {
-    "constant": "[Apache][",
+    "constant": "[apache][",
   },
   Object {
     "field": "apache2.error.level",

diff --git a/x-pack/plugins/infra/server/lib/domains/log_entries_domain/builtin_rules/filebeat_apache2.ts b/x-pack/plugins/infra/server/lib/domains/log_entries_domain/builtin_rules/filebeat_apache2.ts
@@ -5,66 +5,14 @@
  */
 
 export const filebeatApache2Rules = [
-  {
-    // ECS
-    when: {
-      values: {
-        'event.dataset': 'apache.access',
-      },
-    },
-    format: [
-      {
-        constant: '[Apache][access] ',
-      },
-      {
-        field: 'source.ip',
-      },
-      {
-        constant: ' ',
-      },
-      {
-        field: 'user.name',
-      },
-      {
-        constant: ' "',
-      },
-      {
-        field: 'http.request.method',
-      },
-      {
-        constant: ' ',
-      },
-      {
-        field: 'url.original',
-      },
-      {
-        constant: ' HTTP/',
-      },
-      {
-        field: 'http.version',
-      },
-      {
-        constant: '" ',
-      },
-      {
-        field: 'http.response.status_code',
-      },
-      {
-        constant: ' ',
-      },
-      {
-        field: 'http.response.body.bytes',
-      },
-    ],
-  },
   {
     // pre-ECS
     when: {
       exists: ['apache2.access'],
     },
     format: [
       {
-        constant: '[Apache][access] ',
+        constant: '[apache][access] ',
       },
       {
         field: 'apache2.access.remote_ip',
@@ -116,7 +64,7 @@ export const filebeatApache2Rules = [
     },
     format: [
       {
-        constant: '[Apache][',
+        constant: '[apache][',
       },
       {
         field: 'log.level',
@@ -136,7 +84,7 @@ export const filebeatApache2Rules = [
     },
     format: [
       {
-        constant: '[Apache][',
+        constant: '[apache][',
       },
       {
         field: 'apache2.error.level',