Skip to content

Commit 2d52bb1

Browse files
DonaldChung-HKDonaldChung-HK
committed
updated filebeat 7.x schema to fix #1728: remove deprecated keys; added processors: dns, dissect, decode_json_fields, convert; add docker log support; add secomp config
1 parent 097d030 commit 2d52bb1

File tree

1 file changed

+92
-5
lines changed

1 file changed

+92
-5
lines changed

ncm-metaconfig/src/main/metaconfig/beats/pan/schema_7.0.pan

Lines changed: 92 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -150,6 +150,14 @@ type beats_logging = {
150150
'level' ? choice('critical', 'error', 'warning', 'info', 'debug')
151151
};
152152

153+
154+
@documentation{
155+
Secomp settings for RHEL with Linux >3.16
156+
(see https://www.elastic.co/guide/en/beats/filebeat/7.10/linux-seccomp.html)
157+
}
158+
type beats_seccomp = {
159+
'default_action' : choice('errno', 'trace', 'trap', 'kill_thread', 'kill_process', 'log', 'allow')
160+
};
153161
@documenation{
154162
Shared components for each beats service
155163
}
@@ -163,24 +171,96 @@ type beats_service = {
163171
'topology_expire' ? long(0..)
164172
'geoip' ? beats_shipper_geoip
165173
'seccomp.enabled' ? boolean
174+
'seccomp' ? beats_seccomp
166175
};
167176

168177
@documentation{
169178
Handle logmessages spread over multiple lines
170179
}
171180
type beats_filebeat_input_multiline = {
172-
'pattern' ? string_trimmed
181+
'pattern' ? string
173182
'negate' ? boolean
174183
'match' ? choice('after', 'before')
175184
'max_lines' ? long(0..)
176185
'timeout' ? long(0..)
186+
'maxlines' ? long(0..)
187+
'close_inactive' ? string_trimmed
188+
'close_eof' ? boolean
189+
};
190+
@documentation{
191+
Handle logs from Docker containers
192+
}
193+
type beats_filebeat_input_docker_containers = {
194+
'ids' ? string
195+
'path' ? string
196+
'stream' ? string with match(SELF, '^(all|stdout|stderr)$')
177197
};
178198

199+
@documentation{
200+
Handle logs processors pipeline for dissect processors
201+
}
202+
type beats_filebeat_input_processors_dissect = {
203+
'tokenizer' ? string
204+
'field' ? string
205+
'target_prefix' ? string
206+
};
207+
208+
@documentation{
209+
Handle logs processors pipeline for decode_json_fields processors
210+
}
211+
type beats_filebeat_input_processors_decode_json_fields = {
212+
'fields' ? string[]
213+
'process_array' ? boolean
214+
'max_depth' ? long(0..)
215+
'target' ? string
216+
'overwrite_keys' ? boolean
217+
};
218+
219+
@documentation{
220+
Handle target fields for logs processors pipeline of convert processors
221+
}
222+
type beats_filebeat_input_processors_convert_fields = {
223+
'from' ? string
224+
'to' ? string
225+
'type' ? choice(
226+
'integer',
227+
'long',
228+
'float',
229+
'double',
230+
'string',
231+
'boolean',
232+
'ip'
233+
)
234+
};
235+
236+
@documentation{
237+
Handle logs processors pipeline for convert processors
238+
}
239+
type beats_filebeat_input_processors_convert = {
240+
'fields' ? beats_filebeat_input_processors_convert_fields[]
241+
'ignore_missing' ? boolean
242+
'fail_on_error' ? boolean
243+
'tag' ? string
244+
'mode' ? choice(
245+
'copy',
246+
'rename'
247+
)
248+
};
249+
250+
@documentation{
251+
Handle logs processors pipeline
252+
}
253+
type beats_filebeat_input_processors = {
254+
'dissect' ? beats_filebeat_input_processors_dissect
255+
'decode_json_fields' ? beats_filebeat_input_processors_decode_json_fields
256+
'convert' ? beats_filebeat_input_processors_convert
257+
};
179258
@documentation{
180259
Configure a input (source of certain class of data, can come multiple paths)
181260
}
182261
type beats_filebeat_input = {
183262
'paths' : absolute_file_path[]
263+
'containers' ? beats_filebeat_input_docker_containers
184264
'encoding' ? choice(
185265
'big5',
186266
'euc-jp',
@@ -196,7 +276,7 @@ type beats_filebeat_input = {
196276
'utf-16le',
197277
'utf-8'
198278
)
199-
'type' ? choice('log', 'stdin')
279+
'type' ? choice('log', 'stdin', 'docker')
200280
'exclude_lines' ? string_trimmed[]
201281
'include_lines' ? string_trimmed[]
202282
'exclude_files' ? absolute_file_path[]
@@ -212,16 +292,23 @@ type beats_filebeat_input = {
212292
'max_backoff' ? long(0..)
213293
'backoff_factor' ? long(0..)
214294
'enabled' ? boolean
295+
'processors' ? beats_filebeat_input_processors[]
296+
};
297+
298+
@documentation{
299+
Filebeat registry path configuration
300+
}
301+
type beats_filebeat_filebeat_registry = {
302+
'path' : absolute_file_path
215303
};
216304

217305
@documentation{
218306
Filebeat configuration
219307
}
220308
type beats_filebeat_filebeat = {
221309
'inputs' : beats_filebeat_input[]
222-
'prospectors' : beats_filebeat_input[]
223-
'registry_file' ? absolute_file_path
224310
'config_dir' ? absolute_file_path
311+
'registry' ? beats_filebeat_filebeat_registry
225312
};
226313

227314
@documentation{
@@ -283,4 +370,4 @@ type beats_topbeat_input = {
283370
type beats_topbeat_service = {
284371
include beats_service
285372
'input' : beats_topbeat_input
286-
};
373+
};

0 commit comments

Comments
 (0)