From d2796da076f90a445d229599c3e878232637c21d Mon Sep 17 00:00:00 2001 From: Tiago Queiroz Date: Wed, 23 Oct 2024 09:03:04 -0400 Subject: [PATCH] Setprocess.name on syslog journald (#41354) This PR adds the missing process.name field to System module, Syslog fileset --- filebeat/module/system/syslog/ingest/journald.yml | 6 +++++- .../system/syslog/test/debian-12.journal-expected.json | 3 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/filebeat/module/system/syslog/ingest/journald.yml b/filebeat/module/system/syslog/ingest/journald.yml index 68400c8f507..30952e96aea 100644 --- a/filebeat/module/system/syslog/ingest/journald.yml +++ b/filebeat/module/system/syslog/ingest/journald.yml @@ -5,7 +5,11 @@ processors: copy_from: _ingest.timestamp - set: field: "process.pid" - value: '{{ journald.pid }}' + value: "{{ journald.pid }}" +- set: + field: "process.name" + value: "{{ journald.process.name }}" + ignore_failure: true - set: field: event.kind value: event diff --git a/filebeat/module/system/syslog/test/debian-12.journal-expected.json b/filebeat/module/system/syslog/test/debian-12.journal-expected.json index 3e9b606be26..294550fb2db 100644 --- a/filebeat/module/system/syslog/test/debian-12.journal-expected.json +++ b/filebeat/module/system/syslog/test/debian-12.journal-expected.json @@ -16,6 +16,7 @@ ], "process.args_count": 1, "process.command_line": "/sbin/init", + "process.name": "systemd", "process.pid": "1", "related.hosts": [ "vagrant-debian-12" @@ -36,6 +37,7 @@ "log.syslog.facility.code": 0, "log.syslog.priority": 6, "message": "Console: switching to colour frame buffer device 160x50", + "process.name": "", "process.pid": "", "related.hosts": [ "vagrant-debian-12" @@ -54,6 +56,7 @@ "log.syslog.facility.code": 0, "log.syslog.priority": 6, "message": "thermal_sys: Registered thermal governor 'power_allocator'", + "process.name": "", "process.pid": "", "related.hosts": [ "bookworm"