Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Field decorations #54

Open
wants to merge 14 commits into
base: 5.0
Choose a base branch
from
Open

Field decorations #54

wants to merge 14 commits into from

Conversation

daghb
Copy link
Contributor

@daghb daghb commented Feb 7, 2017

Added support for regex-based decoration of output, meaning you can replace string elements from all fields with your own links, visualizations et cetera.

Clickable host names and source fields are now based on default/included field decorations in logtrail.json.

@daghb daghb changed the title 5.0 Field decorations Feb 7, 2017
@daghb
Copy link
Contributor Author

daghb commented Feb 7, 2017
edited
Loading

I have a few examples on how this may be used. Where should I put these, README?

@daghb
Copy link
Contributor Author

daghb commented Feb 7, 2017
edited
Loading

To help understanding field_decorations:

Example 1: Logged GUID in a message should supply a link showing other log entries containing the same GUID (Added a general onPatternClick in Angular for this use). Before use, replace [log-name] with the actual name of the log.

{
  "field": "message",
  "pattern": "/([0-9a-fA-F]{8}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{12})/g",
  "replace": "<a ng-click=\"onPatternClick('&quot;$1&quot;', '[log-name]')\">$1</a>"
}

Example 2: Clicking the timestamp field should open the entire elasticsearch log record. Replace the fields [elasticserver], [elasticport], [index] and [type] with actual values

{
  "field": "display_timestamp",
  "pattern": "/(.*)/",
  "replace": "<span><a target=\"es\" href=\"http://[elasticserver]:[elasticport]/[index]/[type]/_search?pretty=true&q=_id:{{event.id}}\">$1</a></span>"
}

@sivasamyk
Copy link
Owner

Thanks for the changes. Will review the changes.

@sivasamyk
Copy link
Owner

Following are my initial comments

  1. Instead of providing an option for the user to directly replace the pattern with HTML, can we provide an option to like onClick? (Agreed the above option of replace with provide more flexibility to the user, but onClick will prevent user from thinking about HTML format etc). We can have both the options (replace and onClick). I will try to add onClick field to conf, which will just take the pattern to to be searched.
  2. The default action for onClick will be to search for the pattern in the respective field.
  3. With this option we kind of have clickable patterns in event log.
  4. Cosmetic: Looks like the tab size is different in your editor. There are lots of white space diff.

@daghb
Copy link
Contributor Author

daghb commented Feb 24, 2017
edited
Loading

  1. Sure can, but we don't have the time for this yet. Time frame within two weeks is okay for us if it is okay for you
  2. OK
  3. OK
  4. Will fix tabs. I use a diff tool where I can ignore tab settings, I guess that's why I didn't recognize the diff

@daghb
Copy link
Contributor Author

daghb commented Apr 4, 2017
edited
Loading

Hi @sivasamyk: I've been looking into the details of 1.-3. but am afraid I will need some clarifications - especially on number 1. Do you have an example, perhaps?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@daghb @sivasamyk