def get_value_and_input_into_ecs_dict(self, ecs_dict):
new_ecs_dict = {}
ecs_keys = self.logconfig['ecs']
for ecs_key in ecs_keys:
original_keys = self.logconfig[ecs_key]
if isinstance(original_keys, str):
v = utils.value_from_nesteddict_by_dottedkeylist(
self.__logdata_dict, original_keys)
if isinstance(v, str):
v = utils.validate_ip(v, ecs_key)
if v:
new_ecs_dict = utils.put_value_into_nesteddict(ecs_key, v)
elif isinstance(original_keys, list):
temp_list = []
for original_key_list in original_keys:
v = utils.value_from_nesteddict_by_dottedkeylist(
self.__logdata_dict, original_key_list)
if isinstance(v, str):
v = utils.validate_ip(v, ecs_key)
if v:
temp_list.append(v)
elif isinstance(v, list):
for i in v:
each_v = utils.validate_ip(i, ecs_key)
if each_v:
temp_list.append(each_v)
if temp_list:
new_ecs_dict = utils.put_value_into_nesteddict(
ecs_key, sorted(list(set(temp_list))))
if new_ecs_dict:
new_ecs_dict = utils.merge_dicts(ecs_dict, new_ecs_dict)
return ecs_dict
def transform_to_ecs(self):
ecs_dict = {'ecs': {'version': self.logconfig['ecs_version']}}
if self.logconfig['cloud_provider']:
ecs_dict['cloud'] = {'provider': self.logconfig['cloud_provider']}
ecs_keys = self.logconfig['ecs'].split()
for ecs_key in ecs_keys:
original_keys = self.logconfig[ecs_key]
v = utils.value_from_nesteddict_by_dottedkeylist(
self.__logdata_dict, original_keys)
if v:
new_ecs_dict = utils.put_value_into_nesteddict(ecs_key, v)
if '.ip' in ecs_key:
# IPアドレスの場合は、validation
try:
ipaddress.ip_address(v)
except ValueError:
continue
ecs_dict = utils.merge_dicts(ecs_dict, new_ecs_dict)
if 'cloud' in ecs_dict:
# Set AWS Account ID
if ('account' in ecs_dict['cloud']
and 'id' in ecs_dict['cloud']['account']):
if ecs_dict['cloud']['account']['id'] in ('unknown', ):
# for vpcflowlogs
ecs_dict['cloud']['account'] = {'id': self.accountid}
elif self.accountid:
ecs_dict['cloud']['account'] = {'id': self.accountid}
else:
ecs_dict['cloud']['account'] = {'id': 'unknown'}
# Set AWS Region
if 'region' in ecs_dict['cloud']:
pass
elif self.region:
ecs_dict['cloud']['region'] = self.region
else:
ecs_dict['cloud']['region'] = 'unknown'
# get info from firelens metadata of Elastic Container Serivce
if 'ecs_task_arn' in self.__logdata_dict:
ecs_task_arn_taple = self.__logdata_dict['ecs_task_arn'].split(':')
ecs_dict['cloud']['account']['id'] = ecs_task_arn_taple[4]
ecs_dict['cloud']['region'] = ecs_task_arn_taple[3]
if 'ec2_instance_id' in self.__logdata_dict:
ecs_dict['cloud']['instance'] = {
'id': self.__logdata_dict['ec2_instance_id']
}
ecs_dict['container'] = {
'id': self.__logdata_dict['container_id'],
'name': self.__logdata_dict['container_name']
}
static_ecs_keys = self.logconfig['static_ecs']
if static_ecs_keys:
for static_ecs_key in static_ecs_keys.split():
new_ecs_dict = utils.put_value_into_nesteddict(
static_ecs_key, self.logconfig[static_ecs_key])
ecs_dict = utils.merge_dicts(ecs_dict, new_ecs_dict)
self.__logdata_dict = utils.merge_dicts(self.__logdata_dict, ecs_dict)
def clean_multi_type_field(self):
clean_multi_type_dict = {}
multifield_keys = self.logconfig['json_to_text'].split()
for multifield_key in multifield_keys:
v = utils.value_from_nesteddict_by_dottedkey(
self.__logdata_dict, multifield_key)
if v:
# json obj in json obj
if isinstance(v, int):
new_dict = utils.put_value_into_nesteddict(
multifield_key, v)
elif '{' in v:
new_dict = utils.put_value_into_nesteddict(
multifield_key, repr(v))
else:
new_dict = utils.put_value_into_nesteddict(
multifield_key, str(v))
clean_multi_type_dict = utils.merge_dicts(
clean_multi_type_dict, new_dict)
self.__logdata_dict = utils.merge_dicts(self.__logdata_dict,
clean_multi_type_dict)
def transform_to_ecs(self):
ecs_dict = {'ecs': {'version': self.logconfig['ecs_version']}}
if self.logconfig['cloud_provider']:
ecs_dict['cloud'] = {'provider': self.logconfig['cloud_provider']}
ecs_dict = self.get_value_and_input_into_ecs_dict(ecs_dict)
if 'cloud' in ecs_dict:
# Set AWS Account ID
if ('account' in ecs_dict['cloud']
and 'id' in ecs_dict['cloud']['account']):
if ecs_dict['cloud']['account']['id'] in ('unknown', ):
# for vpcflowlogs
ecs_dict['cloud']['account'] = {'id': self.accountid}
elif self.accountid:
ecs_dict['cloud']['account'] = {'id': self.accountid}
else:
ecs_dict['cloud']['account'] = {'id': 'unknown'}
# Set AWS Region
if 'region' in ecs_dict['cloud']:
pass
elif self.region:
ecs_dict['cloud']['region'] = self.region
else:
ecs_dict['cloud']['region'] = 'unknown'
# get info from firelens metadata of Elastic Container Serivce
if 'ecs_task_arn' in self.logmeta:
ecs_task_arn_taple = self.logmeta['ecs_task_arn'].split(':')
ecs_dict['cloud']['account']['id'] = ecs_task_arn_taple[4]
ecs_dict['cloud']['region'] = ecs_task_arn_taple[3]
if 'ec2_instance_id' in self.logmeta:
ecs_dict['cloud']['instance'] = {
'id': self.logmeta['ec2_instance_id']}
ecs_dict['container'] = {
'id': self.logmeta['container_id'],
'name': self.logmeta['container_name']}
if '__error_message' in self.logmeta:
self.__logdata_dict['error'] = {
'message': self.logmeta['__error_message']}
del self.logmeta['__error_message']
static_ecs_keys = self.logconfig['static_ecs']
for static_ecs_key in static_ecs_keys:
v = copy.copy(self.logconfig[static_ecs_key])
new_ecs_dict = utils.put_value_into_nesteddict(static_ecs_key, v)
ecs_dict = utils.merge_dicts(ecs_dict, new_ecs_dict)
self.__logdata_dict = utils.merge_dicts(self.__logdata_dict, ecs_dict)