class LogStash::Inputs::BeatsSupport::DecodedEventTransform

Take the extracted content from the codec, merged with the other data coming from beats, apply the configured tags, normalize the host and try to coerce the timestamp if it was provided in the hash.

Public Instance Methods

transform(event, hash) click to toggle source
Calls superclass method
# File lib/logstash/inputs/beats_support/decoded_event_transform.rb, line 8
def transform(event, hash)
  ts = coerce_ts(hash.delete("@timestamp"))

  event.set("@timestamp", ts) unless ts.nil?
  hash.each { |k, v| event.set(k, v) }
  super(event)
  event.tag("beats_input_codec_#{codec_name}_applied")
  event
end

Private Instance Methods

coerce_ts(ts) click to toggle source
# File lib/logstash/inputs/beats_support/decoded_event_transform.rb, line 19
def coerce_ts(ts)
  return nil if ts.nil?
  timestamp = LogStash::Timestamp.coerce(ts)

  return timestamp if timestamp

  @logger.warn("Unrecognized @timestamp value, setting current time to @timestamp",
               :value => ts.inspect)
  return nil
rescue LogStash::TimestampParserError => e
  @logger.warn("Error parsing @timestamp string, setting current time to @timestamp",
               :value => ts.inspect, :exception => e.message)
  return nil
end