monolog_elasticsearch_date_processor

Append a field to your logs that you can ingest directly into elasticsearch with no dissect or parsing magic

Usage:

In your services file you append it as a monolog processor. So for example if your service parameters look like this:

parameters:
  monolog.channel_handlers:
    default: ['file']
  monolog.processors: ['message_placeholder', 'current_user', 'request_uri', 'ip', 'referer']

Change it to this:

parameters:
  monolog.channel_handlers:
    default: ['file']
  monolog.processors: ['message_placeholder', 'current_user', 'request_uri', 'ip', 'referer', 'elasticsearch_date']

This will give you an additional field called extra.elasticsearch_date. If you are sending this field directly to elasticsearch from filebeat, you can use it like this (example):

processors:
      - timestamp:
          ignore_missing: true
          ignore_failure: true
          field: extra.elasticsearch_date
          timezone: "Europe/Oslo"
          layouts:
            - '2006-01-02T15:04:05Z'
            - '2020-06-02T13:20:50.516Z'
          test:
            - '2019-06-22T16:33:51Z'
            - '2020-06-02T13:20:50.516Z'