Code clean up; syslog_timestamp support

richard-li-sp · richard-li-sp · commit f7eca3cebb8a · 2017-06-19T23:11:01.000-05:00
diff --git a/README.md b/README.md
@@ -16,10 +16,11 @@ elasticsearch.
 * If *@timestamp* field already exists, it will ensure the format is correct
   by parse and convert to format '%Y-%m-%dT%H:%M:%S%z'.
 
-* If a field named *timestamp* exists, it will parse that field and conver it to
-  format '%Y-%m-%dT%H:%M:%S%z' then store it in *@timestamp* field.
+* If a field named *timestamp* or *time* or *syslog_timestamp* exists, it will
+  parse that field and conver it to format '%Y-%m-%dT%H:%M:%S%z' then store it
+  in *@timestamp* field.
 
-* If neither of the above field exists, it will insert current time in
+* If none of the above field exists, it will insert current time in
   '%Y-%m-%dT%H:%M:%S%z' format as the *@timestamp* field.
 
 ## Usage
diff --git a/fluent-plugin-elasticsearch-timestamp-check.gemspec b/fluent-plugin-elasticsearch-timestamp-check.gemspec
@@ -1,6 +1,6 @@
 Gem::Specification.new do |spec|
   spec.name          = "fluent-plugin-elasticsearch-timestamp-check"
-  spec.version       = "0.2.1"
+  spec.version       = "0.2.3"
   spec.authors       = ["Richard Li"]
   spec.email         = ["evilcat@wisewolfsolutions.com"]
   spec.description   = %q{fluent filter plugin to ensure @timestamp is in proper format}
diff --git a/lib/fluent/plugin/filter_elasticsearch_timestamp_check.rb b/lib/fluent/plugin/filter_elasticsearch_timestamp_check.rb
@@ -18,32 +18,24 @@ def shutdown
     end
 
     def filter(tag, time, record)
-      timestamps = [ record['@timestamp'], record['timestamp'], record['time'] ]
-      valid = false
-      timestamps.each do |timestamp|
+      %w{@timestamp timestamp time syslog_timestamp}.map do |field|
+        record[field]
+      end.compact.each do |timestamp|
         begin
-          if timestamp then
-            DateTime.parse(timestamp)
-            valid = timestamp
-            break
-          end
+          record['@timestamp'] = record['fluent_converted_timestamp'] =
+            DateTime.parse(timestamp).strftime('%Y-%m-%dT%H:%M:%S.%L%z')
+          $log.debug("Timestamp parsed: #{record['@timestamp']}")
+          break
         rescue ArgumentError
-          next
         end
       end
 
-      if valid
-        record['@timestamp'] =
-          DateTime.parse(valid).strftime('%Y-%m-%dT%H:%M:%S.%L%z')
-        record['fluent_converted_timestamp'] =
-          DateTime.parse(valid).strftime('%Y-%m-%dT%H:%M:%S.%L%z')
-        $log.debug("Timestamp parsed: #{record['@timestamp']}")
-      else
-        record['@timestamp'] = Time.now.strftime('%Y-%m-%dT%H:%M:%S.%L%z')
-        record['fluent_added_timestamp'] =
+      unless record['fluent_converted_timestamp']
+        record['@timestamp'] = record['fluent_added_timestamp'] =
           Time.now.strftime('%Y-%m-%dT%H:%M:%S.%L%z')
         $log.debug("Timestamp added: #{record['@timestamp']}")
       end
+
       record
     end
   end
