This would allow dynamic management of fields to be appended. Particularly useful with inter-pipeline communication.
Config Mockup:
input {
heartbeat {
add_field => {
"[@metadata][cef_extensions]" => {}
"[rt]" => "%{+s}"
}
}
}
filter {
mutate {
copy => {
"[counter]" => "[@metadata][cef_extensions][counter]"
}
}
}
output {
stdout {
codec => cef {
extensions_from => "[@metadata][cef_extensions]"
fields => ["[rt]"]
[...]
}
}
}
Example Output
CEF:0|SomeVendor|SomeProduct|0.0.1|msg|Message|6|counter=1 rt=1557255119000
CEF:0|SomeVendor|SomeProduct|0.0.1|msg|Message|6|counter=2 rt=1557255179000
CEF:0|SomeVendor|SomeProduct|0.0.1|msg|Message|6|counter=3 rt=1557255209000
+tag: enhancement
This would allow dynamic management of fields to be appended. Particularly useful with inter-pipeline communication.
Config Mockup:
Example Output
+tag: enhancement