class LogStash::Inputs::BeatsSupport::DecodedEventTransform
Take the extracted content from the codec, merged with the other data coming from beats, apply the configured tags, normalize the host and try to coerce the timestamp if it was provided in the hash.
Public Instance Methods
transform(event, hash)
click to toggle source
Calls superclass method
# File lib/logstash/inputs/beats_support/decoded_event_transform.rb, line 8 def transform(event, hash) ts = coerce_ts(hash.delete("@timestamp")) event.set("@timestamp", ts) unless ts.nil? hash.each { |k, v| event.set(k, v) } super(event) event.tag("beats_input_codec_#{codec_name}_applied") event end
Private Instance Methods
coerce_ts(ts)
click to toggle source
# File lib/logstash/inputs/beats_support/decoded_event_transform.rb, line 19 def coerce_ts(ts) return nil if ts.nil? timestamp = LogStash::Timestamp.coerce(ts) return timestamp if timestamp @logger.warn("Unrecognized @timestamp value, setting current time to @timestamp", :value => ts.inspect) return nil rescue LogStash::TimestampParserError => e @logger.warn("Error parsing @timestamp string, setting current time to @timestamp", :value => ts.inspect, :exception => e.message) return nil end