adding custom fields to gelf output. fixing DateTime conversion on gelf input

Signed-off-by: John E. Vincent <lusis.org+github.com@gmail.com>
2025-04-24 06:37:19 -04:00 · 2011-11-01 11:22:02 -04:00 · 2011-11-01 11:22:02 -04:00 · 56b3202df2
commit 56b3202df2
parent 715de06424
2 changed files with 15 additions and 2 deletions
--- a/lib/logstash/inputs/gelf.rb
+++ b/lib/logstash/inputs/gelf.rb
@ -86,7 +86,7 @@ class LogStash::Inputs::Gelf < LogStash::Inputs::Base
      # when all chunks are completed
      e = to_event(data, source) unless data.nil?
      if e
-        remap_gelf(e) if @remap
+        remap_gelf(e) if @remap 
        output_queue << e
      end
    end
@ -101,7 +101,7 @@ class LogStash::Inputs::Gelf < LogStash::Inputs::Base
  def remap_gelf(event)
    event.message = event.fields["full_message"]
    event.timestamp = LogStash::Time.to_iso8601(
-      DateTime.strptime(event.fields["timestamp"].to_s, "%s.%L" ))
+      DateTime.strptime(event.fields["timestamp"].to_s, "%Q" ))
    event.source = "gelf://#{event.fields["host"]}#{event.fields["file"]}"
  end # def remap_gelf
 end # class LogStash::Inputs::Gelf
--- a/lib/logstash/outputs/gelf.rb
+++ b/lib/logstash/outputs/gelf.rb
@ -38,6 +38,12 @@ class LogStash::Outputs::Gelf < LogStash::Outputs::Base
  # is useful if you need to use a value from the event as the facility name.
  config :facility, :validate => :string, :default => "logstash-gelf"

+  # The GELF custom field mappings. GELF supports arbitrary attributes as custom
+  # fields. This exposes that. Exclude the `_` portion of the field name
+  # e.g. `custom_fields => ['foo_field', 'some_value']
+  # sets `_foo_field` = `some_value`
+  config :custom_fields, :validate => :hash, :default => {}
+
  public
  def register
    require "gelf" # rubygem 'gelf'
@ -97,12 +103,19 @@ class LogStash::Outputs::Gelf < LogStash::Outputs::Base
      end
    end

+    if @custom_fields
+      @custom_fields.each do |field_name, field_value|
+        m["_#{field_name}"] = field_value unless field_name == 'id'
+      end
+    end
+
    # Allow 'INFO' 'I' or number. for 'level'
    level = event.sprintf(@level.to_s)
    m["level"] = (@level_map[level.downcase] || level).to_i
    m["facility"] = event.sprintf(@facility)
    m["timestamp"] = event.unix_timestamp.to_i

+    puts event
    @logger.debug("Sending GELF event", :event => m)
    @gelf.notify!(m)
  end # def receive