Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-13 20:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fixed a bug with messed up time value passing to elasticsearch.

Browse source
This commit is contained in:
Seth Hall 2012-06-18 01:31:52 -04:00
parent cb7eac212e
commit 52ceee8c86
1 changed files with 13 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

16
src/logging/writers/ElasticSearch.cc
View file

@ -106,9 +106,19 @@ bool ElasticSearch::AddFieldValueToBuffer(Value* val, const Field* field)
break;
case TYPE_TIME:
// ElasticSearch uses milliseconds for timestamps
buffer.Add((uint64_t) (val->val.double_val * 1000));
{
// ElasticSearch uses milliseconds for timestamps and json only
// supports signed ints (uints can be too large).
uint64_t ts = (uint64_t) (val->val.double_val * 1000);
if ( ts >= INT64_MAX )
{
Error(Fmt("time value too large: %" PRIu64, ts));
buffer.AddRaw("null", 4);
}
else
buffer.Add(ts);
break;
}
case TYPE_ENUM:
case TYPE_STRING:
@ -261,7 +271,7 @@ CURL* ElasticSearch::HTTPSetup()
// HTTP 1.1 likes to use chunked encoded transfers, which aren't good for speed. The best (only?) way to disable that is to
// just use HTTP 1.0
//curl_easy_setopt(handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
curl_easy_setopt(handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
return handle;
}