From 305da0248d7ce6223e211b0bdefbdddc1f959c27 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Tue, 11 Mar 2014 15:48:10 +0100 Subject: [PATCH] eve-files: file -> fileinfo Due to what appears to be an issue in logstash, the 'file' part of the file event types was masked by a field that logstash-forwarder added itself. Since logstash-forwarder is an important part of the logstash stack, this patch works around the issue by renaming our 'file' structure to 'fileinfo', thus resolving the naming conflict. Bug #1127 --- src/output-json-file.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/output-json-file.c b/src/output-json-file.c index 2b46cfef23..4f637b248b 100644 --- a/src/output-json-file.c +++ b/src/output-json-file.c @@ -231,9 +231,10 @@ static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const F (ff->flags & FILE_STORED) ? json_true() : json_false()); json_object_set_new(fjs, "size", json_integer(ff->size)); - json_object_set_new(js, "file", fjs); + /* originally just 'file', but due to bug 1127 naming it fileinfo */ + json_object_set_new(js, "fileinfo", fjs); OutputJSONBuffer(js, aft->filelog_ctx->file_ctx, buffer); - json_object_del(js, "file"); + json_object_del(js, "fileinfo"); json_object_del(js, "http"); json_object_clear(js); -- 2.47.3