Elastic's 'common schema' support?
dragonpaw opened this issue · comments
Elastic.co has a 'common schema' that they encourage, and it'd be nice if the format was understood by jl.
Spec: https://www.elastic.co/guide/en/ecs/current/index.html
Sample line:
{
"service": { "name": "gunicorn" },
"@timestamp": "2020-10-23T03:35:49.324754+00:00",
"message": "10.244.1.180 - - [23/Oct/2020:03:35:49 +0000] \"GET /users/users/notices/ HTTP/1.1\" 200 4942 \"http://localhost:4200/\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.80 Safari/537.36\"",
"time": 1603424149.3247535,
"log": {
"level": "INFO",
"logger": "gunicorn.access",
"origin": {
"file": { "line": 570, "name": "/app/ticketing/utils/log.py" },
"function": "access"
}
},
"process": {
"pid": 17,
"name": "MainProcess",
"thread": { "name": "MainThread", "id": 140056871733056 }
},
"request": {
"scheme": "https",
"path": "/users/users/notices/",
"method": "GET",
"customer": "test",
"view": {
"args": [],
"app": "users",
"namespace": "users",
"name": "users:user-notices"
}
},
"customer": "test",
"event": { "duration": 78518000 },
"http": {
"request": { "method": "GET", "referrer": "http://localhost:4200/" },
"response": { "body": { "bytes": 4942 }, "status_code": "200" },
"version": "1.1"
},
"related": { "ip": ["10.244.1.180"] },
"source": { "address": "10.244.1.180" },
"url": { "path": "/users/users/notices/", "query": "" },
"user_agent": {
"original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.80 Safari/537.36"
}
}