Generator overwriting host field

[stevehedrick]

Currently in the Generator Input if you use lines, and pass in a preformatted line, complete with a host field, the generator input will overwrite the line's value for host with the host of the system it's running on.

Example:

input {
  generator {
    lines => [
      '{"@timestamp":"2017-08-09T17:34:47.654Z","@version":"1","host":"192.168.1.2","message":"<134> 08/09/2017:17:34:47 GMT 0-PPE-0 : default API CMD_EXECUTED 738025 0 :  User someone - Remote_ip 192.168.1.1 - Command \"stat aaa\" - Status \"Success\"","tags":["syslog"]}',
    ]
    codec => "json"
    count => 1
  }
}

output {
  stdout {
    codec => rubydebug
  }
}

Expected output would include:

"host" => "192.168.1.2"

Actual output would be:

"host" => "$myhostname"

Where $myhostname is the hostname of the machine running logstash.

We use the generator input to test our logstash configs against actual data pulled out from our kafka topics. We do this instead of reading from the topics to prevent issues with the occasional badly formed log entry, and to allow us to test the values of fields because we know what the output should look like.

In most cases we can just ignore the hostname, as it's not one of the fields we use for anything, but I've been working with some inputs from a syslog server lately, and that host field is frequently the only way we have to identify which server it came from (since Citrix doesn't follow RFC 3164 very well).

Would it be possible at least on the lines input type to check if there is a host field already set and not clobber it?

[jsvd]

++ this makes sense. seems like a simple change in https://github.com/logstash-plugins/logstash-input-generator/blob/master/lib/logstash/inputs/generator.rb#L69

Do you mind opening a PR with this change and a simple test like this one?