[Infra UI] Update format of System and Redis log lines to match new format (#28415) (#28686)

* Updates to format * Uppercasing Syslog * Change prefixes for syslog to system Co-Authored-By: simianhacker <chris@chriscowan.us> * Change prefixes for syslog to system Co-Authored-By: simianhacker <chris@chriscowan.us> * Change prefixes for syslog to system Co-Authored-By: simianhacker <chris@chriscowan.us> * Change prefixes for syslog to system Co-Authored-By: simianhacker <chris@chriscowan.us>
2025-04-23 17:28:26 -04:00 · 2019-01-22 11:06:43 -07:00 · 2019-01-22 11:06:43 -07:00 · cf5681ab91
commit cf5681ab91
parent bfe91b382f
2 changed files with 28 additions and 4 deletions
--- a/x-pack/plugins/infra/server/lib/domains/log_entries_domain/builtin_rules/filebeat_redis.ts
+++ b/x-pack/plugins/infra/server/lib/domains/log_entries_domain/builtin_rules/filebeat_redis.ts
@ -11,10 +11,16 @@ export const filebeatRedisRules = [
    },
    format: [
      {
-        constant: 'redis',
+        constant: '[Redis]',
      },
      {
-        constant: ' ',
+        constant: '[',
+      },
+      {
+        field: 'redis.log.level',
+      },
+      {
+        constant: '] ',
      },
      {
        field: 'redis.log.message',
--- a/x-pack/plugins/infra/server/lib/domains/log_entries_domain/builtin_rules/filebeat_system.ts
+++ b/x-pack/plugins/infra/server/lib/domains/log_entries_domain/builtin_rules/filebeat_system.ts
@ -10,6 +10,15 @@ export const filebeatSystemRules = [
      exists: ['system.syslog.message'],
    },
    format: [
+      {
+        constant: '[System][syslog] ',
+      },
+      {
+        field: 'system.syslog.program',
+      },
+      {
+        constant: ' - ',
+      },
      {
        field: 'system.syslog.message',
      },
@ -20,6 +29,15 @@ export const filebeatSystemRules = [
      exists: ['system.auth.message'],
    },
    format: [
+      {
+        constant: '[System][auth] ',
+      },
+      {
+        field: 'system.syslog.program',
+      },
+      {
+        constant: ' - ',
+      },
      {
        field: 'system.auth.message',
      },
@ -31,7 +49,7 @@ export const filebeatSystemRules = [
    },
    format: [
      {
-        constant: 'ssh',
+        constant: '[System][auth][ssh]',
      },
      {
        constant: ' ',
@ -59,7 +77,7 @@ export const filebeatSystemRules = [
    },
    format: [
      {
-        constant: 'ssh',
+        constant: '[System][auth][ssh]',
      },
      {
        constant: ' Dropped connection from ',