Extended beats scripts to write "better" ES templates.

altenhof · altenhof · commit 3842a9af3b7b · 2016-05-19T13:35:33.000+02:00
We now define explicit mappings for all "knoen" fields and
set "ignore_malformed" to true to avoid field mapping issues
with bogus logs.
diff --git a/cf-java-logging-support-core/beats/app-logs/etc/app-logs.template.json b/cf-java-logging-support-core/beats/app-logs/etc/app-logs.template.json
@@ -18,6 +18,15 @@
         }
       ],
       "properties": {
+        "@message": {
+          "index": "analyzed",
+          "type": "string"
+        },
+        "@timestamp": {
+          "doc_values": true,
+          "ignore_malformed": true,
+          "type": "date"
+        },
         "categories": {
           "doc_values": true,
           "index": "not_analyzed",
@@ -103,17 +112,24 @@
           "index": "not_analyzed",
           "type": "string"
         },
+        "timestamp": {
+          "doc_values": true,
+          "ignore_malformed": true,
+          "type": "long"
+        },
         "type": {
           "doc_values": true,
           "index": "not_analyzed",
           "type": "string"
         },
         "written_at": {
           "doc_values": true,
+          "ignore_malformed": true,
           "type": "date"
         },
         "written_ts": {
           "doc_values": true,
+          "ignore_malformed": true,
           "type": "long"
         }
       }
diff --git a/cf-java-logging-support-core/beats/request-metrics/etc/request-metrics.template.json b/cf-java-logging-support-core/beats/request-metrics/etc/request-metrics.template.json
@@ -18,6 +18,15 @@
         }
       ],
       "properties": {
+        "@message": {
+          "index": "analyzed",
+          "type": "string"
+        },
+        "@timestamp": {
+          "doc_values": true,
+          "ignore_malformed": true,
+          "type": "date"
+        },
         "component_id": {
           "doc_values": true,
           "index": "not_analyzed",
@@ -115,14 +124,17 @@
         },
         "request_received_at": {
           "doc_values": true,
+          "ignore_malformed": true,
           "type": "date"
         },
         "request_sent_at": {
           "doc_values": true,
+          "ignore_malformed": true,
           "type": "date"
         },
         "request_size_b": {
           "doc_values": true,
+          "ignore_malformed": true,
           "type": "long"
         },
         "response_content_type": {
@@ -132,22 +144,27 @@
         },
         "response_received_at": {
           "doc_values": true,
+          "ignore_malformed": true,
           "type": "date"
         },
         "response_sent_at": {
           "doc_values": true,
+          "ignore_malformed": true,
           "type": "date"
         },
         "response_size_b": {
           "doc_values": true,
+          "ignore_malformed": true,
           "type": "long"
         },
         "response_status": {
           "doc_values": true,
+          "ignore_malformed": true,
           "type": "integer"
         },
         "response_time_ms": {
           "doc_values": true,
+          "ignore_malformed": true,
           "type": "float"
         },
         "space_id": {
@@ -160,17 +177,24 @@
           "index": "not_analyzed",
           "type": "string"
         },
+        "timestamp": {
+          "doc_values": true,
+          "ignore_malformed": true,
+          "type": "long"
+        },
         "type": {
           "doc_values": true,
           "index": "not_analyzed",
           "type": "string"
         },
         "written_at": {
           "doc_values": true,
+          "ignore_malformed": true,
           "type": "date"
         },
         "written_ts": {
           "doc_values": true,
+          "ignore_malformed": true,
           "type": "long"
         },
         "x_forwarded_for": {
diff --git a/cf-java-logging-support-core/beats/scripts/gen_java_fields.rb b/cf-java-logging-support-core/beats/scripts/gen_java_fields.rb
@@ -1,3 +1,5 @@
+#!/usr/bin/env python
+
 require 'yaml'
 require 'set'
 require 'pp'
diff --git a/cf-java-logging-support-core/beats/scripts/generate_fields_docs.py b/cf-java-logging-support-core/beats/scripts/generate_fields_docs.py
@@ -1,3 +1,5 @@
+#!/usr/bin/env python
+
 import yaml
 import sys
 
diff --git a/cf-java-logging-support-core/beats/scripts/generate_template.py b/cf-java-logging-support-core/beats/scripts/generate_template.py
@@ -67,13 +67,33 @@ def fields_to_es_template(input, output, index):
         }
     }
 
+    # make sure we do have a few "default" fields
     properties = {}
+
     for doc, section in docs.items():
         if doc not in ["version", "defaults", "summary"]:
             prop = fill_section_properties(section, defaults)
             properties.update(prop)
 
     template["mappings"]["_default_"]["properties"] = properties
+    #
+    # Add these two "defaults"
+    # THIS IS SUPER IMPORTANT FOR US, OTHERWISE ES MAY CHOKE 
+    #
+    template["mappings"]["_default_"]["properties"]["@message"] = {
+        "type": "string",
+        "index": "analyzed"
+    }
+    template["mappings"]["_default_"]["properties"]["timestamp"] = {
+        "type": "long",
+        "doc_values": True,
+        "ignore_malformed": True
+    }
+    template["mappings"]["_default_"]["properties"]["@timestamp"] = {
+        "type": "date",
+        "doc_values": True,
+        "ignore_malformed": True
+    }
 
     json.dump(template, output,
               indent=2, separators=(',', ': '),
@@ -124,27 +144,32 @@ def fill_field_properties(field, defaults):
     elif field.get("type") == "date":
         properties[field["name"]] = {
             "type": "date",
-            "doc_values": True
+            "doc_values": True,
+            "ignore_malformed": True
         }
     elif field.get("type") == "long":
         properties[field["name"]] = {
             "type": "long",
-            "doc_values": True
+            "doc_values": True,
+            "ignore_malformed": True
         }
     elif field.get("type") == "integer":
         properties[field["name"]] = {
             "type": "integer",
-            "doc_values": True
+            "doc_values": True,
+            "ignore_malformed": True
         }
     elif field.get("type") == "double":
         properties[field["name"]] = {
             "type": "double",
-            "doc_values": True
+            "doc_values": True,
+            "ignore_malformed": True
         }
     elif field.get("type") == "float":
         properties[field["name"]] = {
             "type": "float",
-            "doc_values": True
+            "doc_values": True,
+            "ignore_malformed": True
         }
     elif field.get("type") == "string":
         properties[field["name"]] = {
diff --git a/cf-java-logging-support-core/beats/scripts/merge_templates.rb b/cf-java-logging-support-core/beats/scripts/merge_templates.rb
@@ -1,3 +1,5 @@
+#!/usr/bin/env ruby 
+
 require 'json'
 
 if ARGV.size < 3

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+#!/usr/bin/env python`
	`2`	`+`
`1`	`3`	`require 'yaml'`
`2`	`4`	`require 'set'`
`3`	`5`	`require 'pp'`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+#!/usr/bin/env python`
	`2`	`+`
`1`	`3`	`import yaml`
`2`	`4`	`import sys`
`3`	`5`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+#!/usr/bin/env ruby`
	`2`	`+`
`1`	`3`	`require 'json'`
`2`	`4`
`3`	`5`	`if ARGV.size < 3`