ES mapping for GELF input data not correct (user fields)

Description

Dear all,

I've checked the new version, today. Many thanks for that excellent work. It fixes a lot.

By checking the new mappings for GELF data as an input, I found an issue with the field names. GELF differentiate between standard (manadatory) fileds an so called user fields. Die difference is quite simple to see in my example below:

{
"version": "1.0",
"host": "localhost",
"short_message": "Tue Jul 23 21:16:05.112 [initandlisten] ...",
"full_message": "Tue Jul 23 21:16:05.112 [initandlisten] ...",
"timestamp": 1291899928.412,
"level": 2,
"facility": "MongoDB",
"file": "C:\lx\mongodb\logs\mongodb.log",
"line": -1,
"_user_1": "my value 1",
"_user_2": "my value 2",
...
}

All user fields start with an underscore.

The new mapping introduced with version 1.2.0 remaps all GELF field >>without<< an underscore for user fields. It would be very helpful if the naming convention for GELF is used for logstash as well.

Many thanks for help,
regards

Juergen Adams

Status

Assignee

Logstash Developers

Reporter

Juergen Adams

Affects versions

Configure