Mpdreamz
commented
11 months ago The agent fieldset is documented as:
The agent fields contain the data about the software entity, if any, that collects, detects, or observes events on a host, or takes measurements on a host.
https://www.elastic.co/guide/en/ecs/current/ecs-agent.html
In that regard, Elastic.CommonSchema.Serilog is the agent that observes the logs.
We could potentially only include DefaultAgent when one of the datashippers is used to send data, need to mull over that idea a bit.
ECS integration/library project(s) (e.g. Elastic.CommonSchema.Serilog): all logging framework integrations, 8.6.1
Hi, I wanted to ask, what is the goal of
DefaultAgent? When I read description ofagentfield, it doesn't sound to me likeElastic.CommonSchema.*package is an agent.Problem is that when log are later shipped by Filebeat, it adds some of its values, and whole
agent.*field looks like a mixture of different values from different sources:These fields look consistent like when log entries in the file originally do not have
agent.*fields:(It might be also the question that is worth asking Filebeat devs why not all fields get overwritten by Filebeat, upd: https://discuss.elastic.co/t/filebeat-7-17-6-does-not-overwrite-agent-type-and-agent-version-if-they-are-already-present/344521)
P.S. Sorry for the wrong label, Github suggests only templates for bugs and features.