From 38ec2ad9823e8c87ce622e0255a9a6a02b2411d0 Mon Sep 17 00:00:00 2001
From: Brian Grabau <brian_grabau@cargill.com>
Date: Wed, 21 Aug 2024 08:38:59 -0500
Subject: [PATCH] Fixed AWS app improper file field nesting

---
 config/processors/api_aws_app.conf | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/config/processors/api_aws_app.conf b/config/processors/api_aws_app.conf
index 914c67f4..e21b1918 100644
--- a/config/processors/api_aws_app.conf
+++ b/config/processors/api_aws_app.conf
@@ -20,10 +20,10 @@ filter {
       "[log][source][hostname]" => "aws_app" 
     }
   }
-	  # cmd 
+      # cmd 
       # "[tmp][__monotonic_timestamp]" => "1289776813424"
       # "[tmp][__realtime_timestamp]" => "1704485287095345"
-	  # "[tmp][_source_monotonic_timestamp]" => "1989560529012"
+      # "[tmp][_source_monotonic_timestamp]" => "1989560529012"
       # "[tmp][_cap_effective]" => "1ffffffffff"
   mutate {
     rename => {
@@ -35,7 +35,7 @@ filter {
       "[tmp][code_file]" => "[process][parent][name]"
       "[tmp][service]" => "[service][name]"
       "[tmp][_gid]" => "[process][pgid]"
-      "[tmp][_pid]" => "[process][pid]"	
+      "[tmp][_pid]" => "[process][pid]"    
       "[tmp][_cmdline]" => "[process][command_line]"
       "[tmp][_uid]" => "[file][uid]"
       "[tmp][_systemd_cgroup]" => "[group][name]"
@@ -86,19 +86,21 @@ filter {
         "[jtmp][logger_name]" => "[log][logger]"
         "[jtmp][thread_name]" => "[process][thread][name]"
         "[jtmp][@timestamp]" => "[event][created]"
-        "[jtmp][file]" => "[file][name]"
-        "[jtmp][line]" => "[log][origin][file][line]"
         "[jtmp][@message]" => "[error][message]"
         "[jtmp][dd.trace_id]" => "[trace][id]"
         "[jtmp][dd.service]" => "[service][name]"
         "[jtmp][dd.span_id]" => "[span][id]"
+        "[jtmp][file][originalname]" => "[file][name]"
+        "[jtmp][file][encoding]" => "[file][type]"
+        "[jtmp][file][mimetype]" => "[file][mime_type]"
+        "[jtmp][line]" => "[log][origin][file][line]"
       }
-      add_tag => [ "%{[jtmp][dd.env]}" ]
     }
+
   } else {
     mutate {
       rename => {
-    	"[tmp][message]" => "[error][message]"
+        "[tmp][message]" => "[error][message]"
       }
     }
   }
@@ -119,7 +121,7 @@ filter {
   }
 
   mutate {
-    remove_field => ["tmp", "jtmp" ]
+     remove_field => ["tmp", "jtmp" ]
   } 
 }
 output {