Added support for RFC5424 structured data #67
Conversation
tsaarni
force-pushed
the
structured-data
branch
from
6873a43 to
622b522
Compare
There was a problem hiding this comment.
Instead of using nil ad default value you could simply let undefined the default value, in that case the fields already gets nil value. nil values needs nil checks, I think that in this cas you could define as empty string ("") the default value, and no nil check is needed.
I've used sd = @structured_data.nil? ? "-" : event.sprintf(@structured_data)If you think this optimization is not required and it is ok to call formatting for each event regardless, then I can set default to |
|
You can check for empty string and use as default value the empty string. Empty string is a good practice to say "no value" which is more meaningful then |
|
Fixed! |
docs/index.asciidoc
Outdated
| RFC5424 structured data is a string of one or more structured data elements, including brackets. | ||
| The elements need to be formatted according to link:https://datatracker.ietf.org/doc/html/rfc5424#section-6.3[RFC5424 section 6.3], for example: | ||
|
|
||
| [source,ruby] |
There was a problem hiding this comment.
This is not Ruby code, so no need for that highlighting:
| [source,ruby] | |
| ["source",subs="attributes"] |
There was a problem hiding this comment.
Just to double-check: "source" should be in quotes?
I'm not that familiar with asciidoc and I did not see it used that way before. The doc did not seem to explicitly mention quoted element attributes.
There was a problem hiding this comment.
If I recall correctly is indifferent, but looking the logstash-input-beats doc, the double quotes is used.
CHANGELOG.md
Outdated
| @@ -1,3 +1,6 @@ | |||
| ## Unreleased | |||
| - Added support for RFC5424 structured data. | |||
There was a problem hiding this comment.
Please add a reference to this PR:
| - Added support for RFC5424 structured data. | |
| - Added support for RFC5424 structured data. [#67](https://github.com/logstash-plugins/logstash-output-syslog/pull/67) |
|
@tsaarni please rebase this PR to the main, so that it can grab the test fixes please 🙏 |
|
We keep all these syslog updates under the |
Signed-off-by: Tero Saarni <[email protected]>
Signed-off-by: Tero Saarni <[email protected]>
Signed-off-by: Tero Saarni <[email protected]>
tsaarni
force-pushed
the
structured-data
branch
from
2a85555 to
ab1431b
Compare
* Added support for RFC5424 structured data Signed-off-by: Tero Saarni <[email protected]>
This PR adds support for RFC5424 structured data.
The is the same feature as submitted in #1 but since the author did not sign CLA, the implementation is new and not based on the same work.
Note that the tests do not pass until #51 is fixed, for example by applying
#55 which was never merged#68.Part of elastic/logstash#15236