From cc740f9554ed7345760353d7aa812a55b3a9c353 Mon Sep 17 00:00:00 2001 From: Bharat Pasupula <123897612+bhapas@users.noreply.github.com> Date: Mon, 24 Jul 2023 22:34:48 +0200 Subject: [PATCH 1/7] x-pack/filebeat/input/awss3 ; Fix nil hit panic when a getter is invoked on input metric (#36101) --- CHANGELOG.next.asciidoc | 1 + .../docs/inputs/input-aws-s3.asciidoc | 2 +- x-pack/filebeat/input/awss3/input.go | 38 +++++++++++++------ .../input/awss3/input_integration_test.go | 6 +-- x-pack/filebeat/input/awss3/metrics.go | 16 ++------ x-pack/filebeat/input/awss3/metrics_test.go | 32 ++++++++++++++++ x-pack/filebeat/input/awss3/sqs.go | 1 + 7 files changed, 68 insertions(+), 28 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 14021299b72..f3e9a396e47 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -151,6 +151,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff] - Fix handling of NUL-terminated log lines in Fortinet Firewall module. {issue}36026[36026] {pull}36027[36027] - Make redact field configuration recommended in CEL input and log warning if missing. {pull}36008[36008] - Fix handling of region name configuration in awss3 input {pull}36034[36034] +- Fix panic when sqs input metrics getter is invoked {pull}36101[36101] {issue}36077[36077] - Make CEL input's `now` global variable static for evaluation lifetime. {pull}36107[36107] *Heartbeat* diff --git a/x-pack/filebeat/docs/inputs/input-aws-s3.asciidoc b/x-pack/filebeat/docs/inputs/input-aws-s3.asciidoc index 1df7f4bb341..794a51de081 100644 --- a/x-pack/filebeat/docs/inputs/input-aws-s3.asciidoc +++ b/x-pack/filebeat/docs/inputs/input-aws-s3.asciidoc @@ -797,7 +797,7 @@ observe the activity of the input. | `sqs_messages_inflight_gauge` | Number of SQS messages inflight (gauge). | `sqs_messages_returned_total` | Number of SQS message returned to queue (happens on errors implicitly after visibility timeout passes). | `sqs_messages_deleted_total` | Number of SQS messages deleted. -| `sqs_messages_waiting_gauge` | Number of SQS messages waiting in the SQS queue (gauge). The value is refreshed every minute via data from GetQueueAttributes. +| `sqs_messages_waiting_gauge` | Number of SQS messages waiting in the SQS queue (gauge). The value is refreshed every minute via data from https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_GetQueueAttributes.html. A value of `-1` indicates the metric is uninitialized or could not be collected due to an error. | `sqs_worker_utilization` | Rate of SQS worker utilization over previous 5 seconds. 0 indicates idle, 1 indicates all workers utilized. | `sqs_message_processing_time` | Histogram of the elapsed SQS processing times in nanoseconds (time of receipt to time of delete/return). | `sqs_lag_time` | Histogram of the difference between the SQS SentTimestamp attribute and the time when the SQS message was received expressed in nanoseconds. diff --git a/x-pack/filebeat/input/awss3/input.go b/x-pack/filebeat/input/awss3/input.go index 221084881f8..fa2bedfeebe 100644 --- a/x-pack/filebeat/input/awss3/input.go +++ b/x-pack/filebeat/input/awss3/input.go @@ -409,6 +409,12 @@ func getProviderFromDomain(endpoint string, ProviderOverride string) string { } func pollSqsWaitingMetric(ctx context.Context, receiver *sqsReader) { + // Run GetApproximateMessageCount before start of timer to set initial count for sqs waiting metric + // This is to avoid misleading values in metric when sqs messages are processed before the ticker channel kicks in + if shouldReturn := updateMessageCount(receiver, ctx); shouldReturn { + return + } + t := time.NewTicker(time.Minute) defer t.Stop() for { @@ -416,21 +422,31 @@ func pollSqsWaitingMetric(ctx context.Context, receiver *sqsReader) { case <-ctx.Done(): return case <-t.C: - count, err := receiver.GetApproximateMessageCount(ctx) - - var apiError smithy.APIError - if errors.As(err, &apiError) { - switch apiError.ErrorCode() { - case sqsAccessDeniedErrorCode: - // stop polling if auth error is encountered - receiver.metrics.setSQSMessagesWaiting(int64(count)) - return - } + if shouldReturn := updateMessageCount(receiver, ctx); shouldReturn { + return } + } + } +} - receiver.metrics.setSQSMessagesWaiting(int64(count)) +// updateMessageCount runs GetApproximateMessageCount for the given context and updates the receiver metric with the count returning false on no error +// If there is an error, the metric is reinitialized to -1 and true is returned +func updateMessageCount(receiver *sqsReader, ctx context.Context) bool { + count, err := receiver.GetApproximateMessageCount(ctx) + + var apiError smithy.APIError + if errors.As(err, &apiError) { + switch apiError.ErrorCode() { + case sqsAccessDeniedErrorCode: + // stop polling if auth error is encountered + // Set it back to -1 because there is a permission error + receiver.metrics.sqsMessagesWaiting.Set(int64(-1)) + return true } } + + receiver.metrics.sqsMessagesWaiting.Set(int64(count)) + return false } // boolPtr returns a pointer to b. diff --git a/x-pack/filebeat/input/awss3/input_integration_test.go b/x-pack/filebeat/input/awss3/input_integration_test.go index 33f6f406776..c843e47e93f 100644 --- a/x-pack/filebeat/input/awss3/input_integration_test.go +++ b/x-pack/filebeat/input/awss3/input_integration_test.go @@ -187,12 +187,11 @@ func TestInputRunSQS(t *testing.T) { assert.EqualValues(t, s3Input.metrics.sqsMessagesDeletedTotal.Get(), 7) assert.EqualValues(t, s3Input.metrics.sqsMessagesReturnedTotal.Get(), 1) // Invalid JSON is returned so that it can eventually be DLQed. assert.EqualValues(t, s3Input.metrics.sqsVisibilityTimeoutExtensionsTotal.Get(), 0) - //assert.EqualValues(t, s3Input.metrics.sqsMessagesWaiting.Get(), 0) - Issue created - https://github.com/elastic/beats/issues/36077 assert.EqualValues(t, s3Input.metrics.s3ObjectsInflight.Get(), 0) assert.EqualValues(t, s3Input.metrics.s3ObjectsRequestedTotal.Get(), 7) assert.EqualValues(t, s3Input.metrics.s3EventsCreatedTotal.Get(), 12) assert.Greater(t, s3Input.metrics.sqsLagTime.Mean(), 0.0) - //assert.Greater(t, s3Input.metrics.sqsWorkerUtilization.Get(), 0.0) - Issue created - https://github.com/elastic/beats/issues/36077 + assert.EqualValues(t, s3Input.metrics.sqsWorkerUtilization.Get(), 0.0) // Workers are reset after processing and hence utilization should be 0 at the end } func TestInputRunS3(t *testing.T) { @@ -426,10 +425,9 @@ func TestInputRunSNS(t *testing.T) { assert.EqualValues(t, s3Input.metrics.sqsMessagesDeletedTotal.Get(), 7) assert.EqualValues(t, s3Input.metrics.sqsMessagesReturnedTotal.Get(), 1) // Invalid JSON is returned so that it can eventually be DLQed. assert.EqualValues(t, s3Input.metrics.sqsVisibilityTimeoutExtensionsTotal.Get(), 0) - //assert.EqualValues(t, s3Input.metrics.sqsMessagesWaiting.Get(), 0) - Issue created - https://github.com/elastic/beats/issues/36077 assert.EqualValues(t, s3Input.metrics.s3ObjectsInflight.Get(), 0) assert.EqualValues(t, s3Input.metrics.s3ObjectsRequestedTotal.Get(), 7) assert.EqualValues(t, s3Input.metrics.s3EventsCreatedTotal.Get(), 12) assert.Greater(t, s3Input.metrics.sqsLagTime.Mean(), 0.0) - //assert.Greater(t, s3Input.metrics.sqsWorkerUtilization.Get(), 0.0) - Issue created - https://github.com/elastic/beats/issues/36077 + assert.EqualValues(t, s3Input.metrics.sqsWorkerUtilization.Get(), 0.0) // Workers are reset after processing and hence utilization should be 0 at the end } diff --git a/x-pack/filebeat/input/awss3/metrics.go b/x-pack/filebeat/input/awss3/metrics.go index df535a2d473..bef57210ca6 100644 --- a/x-pack/filebeat/input/awss3/metrics.go +++ b/x-pack/filebeat/input/awss3/metrics.go @@ -79,18 +79,6 @@ func (m *inputMetrics) Close() { m.unregister() } -func (m *inputMetrics) setSQSMessagesWaiting(count int64) { - if m.sqsMessagesWaiting == nil { - // if metric not initialized, and count is -1, do nothing - if count == -1 { - return - } - m.sqsMessagesWaiting = monitoring.NewInt(m.registry, "sqs_messages_waiting_gauge") - } - - m.sqsMessagesWaiting.Set(count) -} - // beginSQSWorker tracks the start of a new SQS worker. The returned ID // must be used to call endSQSWorker when the worker finishes. It also // increments the sqsMessagesInflight counter. @@ -174,6 +162,7 @@ func newInputMetrics(id string, optionalParent *monitoring.Registry, maxWorkers sqsMessagesInflight: monitoring.NewUint(reg, "sqs_messages_inflight_gauge"), sqsMessagesReturnedTotal: monitoring.NewUint(reg, "sqs_messages_returned_total"), sqsMessagesDeletedTotal: monitoring.NewUint(reg, "sqs_messages_deleted_total"), + sqsMessagesWaiting: monitoring.NewInt(reg, "sqs_messages_waiting_gauge"), sqsWorkerUtilization: monitoring.NewFloat(reg, "sqs_worker_utilization"), sqsMessageProcessingTime: metrics.NewUniformSample(1024), sqsLagTime: metrics.NewUniformSample(1024), @@ -186,6 +175,9 @@ func newInputMetrics(id string, optionalParent *monitoring.Registry, maxWorkers s3ObjectsInflight: monitoring.NewUint(reg, "s3_objects_inflight_gauge"), s3ObjectProcessingTime: metrics.NewUniformSample(1024), } + + // Initializing the sqs_messages_waiting_gauge value to -1 so that we can distinguish between no messages waiting (0) and never collected / error collecting (-1). + out.sqsMessagesWaiting.Set(int64(-1)) adapter.NewGoMetrics(reg, "sqs_message_processing_time", adapter.Accept). Register("histogram", metrics.NewHistogram(out.sqsMessageProcessingTime)) //nolint:errcheck // A unique namespace is used so name collisions are impossible. adapter.NewGoMetrics(reg, "sqs_lag_time", adapter.Accept). diff --git a/x-pack/filebeat/input/awss3/metrics_test.go b/x-pack/filebeat/input/awss3/metrics_test.go index fc39786cf0b..e153d321e9f 100644 --- a/x-pack/filebeat/input/awss3/metrics_test.go +++ b/x-pack/filebeat/input/awss3/metrics_test.go @@ -29,6 +29,38 @@ func TestInputMetricsClose(t *testing.T) { }) } +// TestNewInputMetricsInstance asserts that all the metrics are initialized +// when a newInputMetrics method is invoked. This avoids nil hit panics when +// a getter is invoked on any uninitialized metric. +func TestNewInputMetricsInstance(t *testing.T) { + reg := monitoring.NewRegistry() + metrics := newInputMetrics("some-new-metric-test", reg, 1) + + assert.NotNil(t, metrics.sqsMessagesWaiting, + metrics.sqsMaxMessagesInflight, + metrics.sqsWorkerStartTimes, + metrics.sqsWorkerUtilizationLastUpdate, + metrics.sqsMessagesReceivedTotal, + metrics.sqsVisibilityTimeoutExtensionsTotal, + metrics.sqsMessagesInflight, + metrics.sqsMessagesReturnedTotal, + metrics.sqsMessagesDeletedTotal, + metrics.sqsMessagesWaiting, + metrics.sqsWorkerUtilization, + metrics.sqsMessageProcessingTime, + metrics.sqsLagTime, + metrics.s3ObjectsRequestedTotal, + metrics.s3ObjectsAckedTotal, + metrics.s3ObjectsListedTotal, + metrics.s3ObjectsProcessedTotal, + metrics.s3BytesProcessedTotal, + metrics.s3EventsCreatedTotal, + metrics.s3ObjectsInflight, + metrics.s3ObjectProcessingTime) + + assert.Equal(t, int64(-1), metrics.sqsMessagesWaiting.Get()) +} + func TestInputMetricsSQSWorkerUtilization(t *testing.T) { const interval = 5000 diff --git a/x-pack/filebeat/input/awss3/sqs.go b/x-pack/filebeat/input/awss3/sqs.go index 01ed8bfb183..dd454a3bfb9 100644 --- a/x-pack/filebeat/input/awss3/sqs.go +++ b/x-pack/filebeat/input/awss3/sqs.go @@ -80,6 +80,7 @@ func (r *sqsReader) Receive(ctx context.Context) error { r.log.Debugf("Received %v SQS messages.", len(msgs)) r.metrics.sqsMessagesReceivedTotal.Add(uint64(len(msgs))) workerWg.Add(len(msgs)) + for _, msg := range msgs { go func(msg types.Message, start time.Time) { id := r.metrics.beginSQSWorker() From b5a811eb587b79e3d32f6fa3202a598fc61dbe6d Mon Sep 17 00:00:00 2001 From: Dan Kortschak <90160302+efd6@users.noreply.github.com> Date: Tue, 25 Jul 2023 07:50:44 +0930 Subject: [PATCH 2/7] x-pack/filebeat/input/entityanalytics/provider/azuread: add registered owner/user handling (#36092) --- CHANGELOG.next.asciidoc | 1 + .../inputs/input-entity-analytics.asciidoc | 29 ++++++++- .../entityanalytics/provider/azuread/azure.go | 30 +++++++++ .../provider/azuread/fetcher/device.go | 30 +++------ .../provider/azuread/fetcher/device_test.go | 21 ++++++ .../provider/azuread/fetcher/graph/graph.go | 65 ++++++++++++++++--- .../azuread/fetcher/graph/graph_test.go | 64 +++++++++++++++++- 7 files changed, 208 insertions(+), 32 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index f3e9a396e47..2275c618a74 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -356,6 +356,7 @@ automatic splitting at root level, if root level element is an array. {pull}3415 - Add fingerprint mode for the filestream scanner and new file identity based on it {issue}34419[34419] {pull}35734[35734] - Add file system metadata to events ingested via filestream {issue}35801[35801] {pull}36065[36065] - Allow parsing bytes in and bytes out as long integer in CEF processor. {issue}36100[36100] {pull}36108[36108] +- Add support for registered owners and users to AzureAD entity analytics provider. {pull}36092[36092] *Auditbeat* - Migration of system/package module storage from gob encoding to flatbuffer encoding in bolt db. {pull}34817[34817] diff --git a/x-pack/filebeat/docs/inputs/input-entity-analytics.asciidoc b/x-pack/filebeat/docs/inputs/input-entity-analytics.asciidoc index e186787d8e5..c983b607e76 100644 --- a/x-pack/filebeat/docs/inputs/input-entity-analytics.asciidoc +++ b/x-pack/filebeat/docs/inputs/input-entity-analytics.asciidoc @@ -185,6 +185,7 @@ Example device document: }, "azure_ad": { "accountEnabled": true, + "deviceId": "2fbbb8f9-ff67-4a21-b867-a344d18a4198", "displayName": "DESKTOP-LETW452G", "operatingSystem": "Windows", "operatingSystemVersion": "10.0.19043.1337", @@ -202,13 +203,39 @@ Example device document: ] }, "device": { - "id": "2fbbb8f9-ff67-4a21-b867-a344d18a4198", + "id": "adbbe40a-0627-4328-89f1-88cac84dbc7f", "group": [ { "id": "331676df-b8fd-4492-82ed-02b927f8dd80", "name": "group1" } ] + "registered_owners": [ + { + "id": "5ebc6a0f-05b7-4f42-9c8a-682bbc75d0fc", + "userPrincipalName": "example.user@example.com", + "mail": "example.user@example.com", + "displayName": "Example User", + "givenName": "Example", + "surname": "User", + "jobTitle": "Software Engineer", + "mobilePhone": "123-555-1000", + "businessPhones": ["123-555-0122"] + }, + ], + "registered_users": [ + { + "id": "5ebc6a0f-05b7-4f42-9c8a-682bbc75d0fc", + "userPrincipalName": "example.user@example.com", + "mail": "example.user@example.com", + "displayName": "Example User", + "givenName": "Example", + "surname": "User", + "jobTitle": "Software Engineer", + "mobilePhone": "123-555-1000", + "businessPhones": ["123-555-0122"] + }, + ], }, "labels": { "identity_source": "azure-1" diff --git a/x-pack/filebeat/input/entityanalytics/provider/azuread/azure.go b/x-pack/filebeat/input/entityanalytics/provider/azuread/azure.go index b4e12e05227..73b641c3949 100644 --- a/x-pack/filebeat/input/entityanalytics/provider/azuread/azure.go +++ b/x-pack/filebeat/input/entityanalytics/provider/azuread/azure.go @@ -491,6 +491,36 @@ func (p *azure) publishDevice(d *fetcher.Device, state *stateStore, inputID stri _, _ = deviceDoc.Put("device.group", groups) } + owners := make([]mapstr.M, 0, d.RegisteredOwners.Len()) + d.RegisteredOwners.ForEach(func(userID uuid.UUID) { + u, ok := state.users[userID] + if !ok { + p.logger.Warnf("Unable to lookup registered owner %q for device %q", userID, d.ID) + return + } + m := u.Fields.Clone() + _, _ = m.Put("user.id", u.ID.String()) + owners = append(owners, m) + }) + if len(owners) != 0 { + _, _ = deviceDoc.Put("device.registered_owners", owners) + } + + users := make([]mapstr.M, 0, d.RegisteredUsers.Len()) + d.RegisteredUsers.ForEach(func(userID uuid.UUID) { + u, ok := state.users[userID] + if !ok { + p.logger.Warnf("Unable to lookup registered user %q for device %q", userID, d.ID) + return + } + m := u.Fields.Clone() + _, _ = m.Put("user.id", u.ID.String()) + users = append(users, m) + }) + if len(users) != 0 { + _, _ = deviceDoc.Put("device.registered_users", users) + } + event := beat.Event{ Timestamp: time.Now(), Fields: deviceDoc, diff --git a/x-pack/filebeat/input/entityanalytics/provider/azuread/fetcher/device.go b/x-pack/filebeat/input/entityanalytics/provider/azuread/fetcher/device.go index c609403a959..46139d27820 100644 --- a/x-pack/filebeat/input/entityanalytics/provider/azuread/fetcher/device.go +++ b/x-pack/filebeat/input/entityanalytics/provider/azuread/fetcher/device.go @@ -11,26 +11,6 @@ import ( "github.com/elastic/elastic-agent-libs/mapstr" ) -// TODO: Implement fetchers for the registered owners and users -// for devices. These will then be retained in the following fields -// of Device. -// -// // A set of UUIDs for registered owners of this device. -// RegisteredOwners collections.UUIDSet `json:"registeredOwners"` -// // A set of UUIDs for registered users of this device. -// RegisteredUsers collections.UUIDSet `json:"registeredUsers"` -// -// and the addition of the following lines to Merge -// -// other.RegisteredOwners.ForEach(func(elem uuid.UUID) { -// d.RegisteredOwners.Add(elem) -// }) -// other.RegisteredUsers.ForEach(func(elem uuid.UUID) { -// d.RegisteredUsers.Add(elem) -// }) -// -// with associated test extensions. - // Device represents a device identity asset. type Device struct { // The ID (UUIDv4) of the device. @@ -41,6 +21,10 @@ type Device struct { MemberOf collections.UUIDSet `json:"memberOf"` // A set of UUIDs which are groups this device is a transitive member of. TransitiveMemberOf collections.UUIDSet `json:"transitiveMemberOf"` + // A set of UUIDs for registered owners of this device. + RegisteredOwners collections.UUIDSet `json:"registeredOwners"` + // A set of UUIDs for registered users of this device. + RegisteredUsers collections.UUIDSet `json:"registeredUsers"` // Discovered indicates that this device was newly discovered. This does not // necessarily imply the device was recently added in Azure Active Directory, // but it does indicate that it's the first time the device has been seen by @@ -68,5 +52,11 @@ func (d *Device) Merge(other *Device) { other.TransitiveMemberOf.ForEach(func(elem uuid.UUID) { d.TransitiveMemberOf.Add(elem) }) + other.RegisteredOwners.ForEach(func(elem uuid.UUID) { + d.RegisteredOwners.Add(elem) + }) + other.RegisteredUsers.ForEach(func(elem uuid.UUID) { + d.RegisteredUsers.Add(elem) + }) d.Deleted = other.Deleted } diff --git a/x-pack/filebeat/input/entityanalytics/provider/azuread/fetcher/device_test.go b/x-pack/filebeat/input/entityanalytics/provider/azuread/fetcher/device_test.go index 2f49ef68bb0..37e6563eb3a 100644 --- a/x-pack/filebeat/input/entityanalytics/provider/azuread/fetcher/device_test.go +++ b/x-pack/filebeat/input/entityanalytics/provider/azuread/fetcher/device_test.go @@ -32,6 +32,11 @@ func TestDevice_Merge(t *testing.T) { }, MemberOf: collections.NewUUIDSet(uuid.MustParse("fcda226a-c920-4d99-81bc-d2d691a6c212")), TransitiveMemberOf: collections.NewUUIDSet(uuid.MustParse("ca777ad5-9abf-4c9b-be1f-c38c6ec28f28")), + RegisteredOwners: collections.NewUUIDSet(uuid.MustParse("c59fbdb8-e442-46b1-8d72-c8ac0b78ec0a")), + RegisteredUsers: collections.NewUUIDSet( + uuid.MustParse("27cea005-7377-4175-b2ef-e9d64c977f4d"), + uuid.MustParse("c59fbdb8-e442-46b1-8d72-c8ac0b78ec0a"), + ), }, InOther: &Device{ ID: uuid.MustParse("187f924c-e867-477e-8d74-dd762d6379dd"), @@ -40,6 +45,11 @@ func TestDevice_Merge(t *testing.T) { }, MemberOf: collections.NewUUIDSet(uuid.MustParse("a77e8cbb-27a5-49d3-9d5e-801997621f87")), TransitiveMemberOf: collections.NewUUIDSet(uuid.MustParse("c550d32c-09b2-4851-b0f2-1bc431e26d01")), + RegisteredOwners: collections.NewUUIDSet(uuid.MustParse("81d1b5cd-7cd6-469d-9fe8-0a5c6cf2a7b6")), + RegisteredUsers: collections.NewUUIDSet( + uuid.MustParse("5e6d279a-ce2b-43b8-a38f-3110907e1974"), + uuid.MustParse("c59fbdb8-e442-46b1-8d72-c8ac0b78ec0a"), + ), }, Want: &Device{ ID: uuid.MustParse("187f924c-e867-477e-8d74-dd762d6379dd"), @@ -55,6 +65,15 @@ func TestDevice_Merge(t *testing.T) { uuid.MustParse("ca777ad5-9abf-4c9b-be1f-c38c6ec28f28"), uuid.MustParse("c550d32c-09b2-4851-b0f2-1bc431e26d01"), ), + RegisteredOwners: collections.NewUUIDSet( + uuid.MustParse("81d1b5cd-7cd6-469d-9fe8-0a5c6cf2a7b6"), + uuid.MustParse("c59fbdb8-e442-46b1-8d72-c8ac0b78ec0a"), + ), + RegisteredUsers: collections.NewUUIDSet( + uuid.MustParse("27cea005-7377-4175-b2ef-e9d64c977f4d"), + uuid.MustParse("5e6d279a-ce2b-43b8-a38f-3110907e1974"), + uuid.MustParse("c59fbdb8-e442-46b1-8d72-c8ac0b78ec0a"), + ), }, }, } @@ -70,6 +89,8 @@ func TestDevice_Merge(t *testing.T) { require.Equal(t, tc.Want.Fields, tc.In.Fields) require.ElementsMatch(t, tc.Want.MemberOf.Values(), tc.In.MemberOf.Values(), "list A: Expected, listB: Actual") require.ElementsMatch(t, tc.Want.TransitiveMemberOf.Values(), tc.In.TransitiveMemberOf.Values(), "list A: Expected, listB: Actual") + require.ElementsMatch(t, tc.Want.RegisteredOwners.Values(), tc.In.RegisteredOwners.Values(), "list A: Expected, listB: Actual") + require.ElementsMatch(t, tc.Want.RegisteredUsers.Values(), tc.In.RegisteredUsers.Values(), "list A: Expected, listB: Actual") }) } } diff --git a/x-pack/filebeat/input/entityanalytics/provider/azuread/fetcher/graph/graph.go b/x-pack/filebeat/input/entityanalytics/provider/azuread/fetcher/graph/graph.go index 84e416c161a..44754e10fa6 100644 --- a/x-pack/filebeat/input/entityanalytics/provider/azuread/fetcher/graph/graph.go +++ b/x-pack/filebeat/input/entityanalytics/provider/azuread/fetcher/graph/graph.go @@ -18,6 +18,7 @@ import ( "github.com/google/uuid" + "github.com/elastic/beats/v7/x-pack/filebeat/input/entityanalytics/internal/collections" "github.com/elastic/beats/v7/x-pack/filebeat/input/entityanalytics/provider/azuread/authenticator" "github.com/elastic/beats/v7/x-pack/filebeat/input/entityanalytics/provider/azuread/fetcher" "github.com/elastic/elastic-agent-libs/config" @@ -31,7 +32,7 @@ const ( defaultGroupsQuery = "$select=displayName,members" defaultUsersQuery = "$select=accountEnabled,userPrincipalName,mail,displayName,givenName,surname,jobTitle,officeLocation,mobilePhone,businessPhones" - defaultDevicesQuery = "$select=accountEnabled,displayName,operatingSystem,operatingSystemVersion,physicalIds,extensionAttributes,alternativeSecurityIds" + defaultDevicesQuery = "$select=accountEnabled,deviceId,displayName,operatingSystem,operatingSystemVersion,physicalIds,extensionAttributes,alternativeSecurityIds" apiGroupType = "#microsoft.graph.group" apiUserType = "#microsoft.graph.user" @@ -109,9 +110,10 @@ type graph struct { logger *logp.Logger auth authenticator.Authenticator - usersURL string - groupsURL string - devicesURL string + usersURL string + groupsURL string + devicesURL string + deviceOwnerUserURL string } // SetLogger sets the logger on this fetcher. @@ -155,12 +157,12 @@ func (f *graph) Groups(ctx context.Context, deltaLink string) ([]*fetcher.Group, return groups, response.DeltaLink, nil } if response.NextLink == fetchURL { - return nil, "", fmt.Errorf("error during fetch groups, encountered nextLink fetch infinite loop") + return groups, "", nextLinkLoopError{"groups"} } if response.NextLink != "" { fetchURL = response.NextLink } else { - return nil, "", fmt.Errorf("error during fetch groups, encountered response without nextLink or deltaLink") + return groups, "", missingLinkError{"groups"} } } } @@ -207,12 +209,12 @@ func (f *graph) Users(ctx context.Context, deltaLink string) ([]*fetcher.User, s return users, response.DeltaLink, nil } if response.NextLink == fetchURL { - return nil, "", fmt.Errorf("error during fetch users, encountered nextLink fetch infinite loop") + return users, "", nextLinkLoopError{"users"} } if response.NextLink != "" { fetchURL = response.NextLink } else { - return nil, "", fmt.Errorf("error during fetch users, encountered response without nextLink or deltaLink") + return users, "", missingLinkError{"users"} } } } @@ -252,6 +254,10 @@ func (f *graph) Devices(ctx context.Context, deltaLink string) ([]*fetcher.Devic continue } f.logger.Debugf("Got device %q from API", device.ID) + + f.addRegistered(ctx, device, "registeredOwners", &device.RegisteredOwners) + f.addRegistered(ctx, device, "registeredUsers", &device.RegisteredUsers) + devices = append(devices, device) } @@ -259,16 +265,30 @@ func (f *graph) Devices(ctx context.Context, deltaLink string) ([]*fetcher.Devic return devices, response.DeltaLink, nil } if response.NextLink == fetchURL { - return nil, "", fmt.Errorf("error during fetch devices, encountered nextLink fetch infinite loop") + return devices, "", nextLinkLoopError{"devices"} } if response.NextLink != "" { fetchURL = response.NextLink } else { - return nil, "", fmt.Errorf("error during fetch devices, encountered response without nextLink or deltaLink") + return devices, "", missingLinkError{"devices"} } } } +// addRegistered adds registered owner or user UUIDs to the provided device. +func (f *graph) addRegistered(ctx context.Context, device *fetcher.Device, typ string, set *collections.UUIDSet) { + usersLink := fmt.Sprintf("%s/%s/%s", f.deviceOwnerUserURL, device.ID, typ) // ID here is the object ID. + users, _, err := f.Users(ctx, usersLink) + switch { + case err == nil, errors.Is(err, nextLinkLoopError{"users"}), errors.Is(err, missingLinkError{"users"}): + default: + f.logger.Errorf("Failed to obtain some registered user data: %w", err) + } + for _, u := range users { + set.Add(u.ID) + } +} + // doRequest is a convenience function for making HTTP requests to the Graph API. // It will automatically handle requesting a token using the authenticator attached // to this fetcher. @@ -342,6 +362,15 @@ func New(cfg *config.C, logger *logp.Logger, auth authenticator.Authenticator) ( devicesURL.RawQuery = url.QueryEscape(defaultDevicesQuery) f.devicesURL = devicesURL.String() + // The API takes a departure from the query approach here, so we + // need to construct a partial URL for use later when fetching + // registered owners and users. + ownerUserURL, err := url.Parse(f.conf.APIEndpoint + "/devices/") + if err != nil { + return nil, fmt.Errorf("invalid device owner/user URL endpoint: %w", err) + } + f.deviceOwnerUserURL = ownerUserURL.String() + return &f, nil } @@ -423,3 +452,19 @@ func newDeviceFromAPI(d deviceAPI) (*fetcher.Device, error) { return &newDevice, nil } + +type nextLinkLoopError struct { + endpoint string +} + +func (e nextLinkLoopError) Error() string { + return fmt.Sprintf("error during fetch %s, encountered nextLink fetch infinite loop", e.endpoint) +} + +type missingLinkError struct { + endpoint string +} + +func (e missingLinkError) Error() string { + return fmt.Sprintf("error during fetch %s, encountered response without nextLink or deltaLink", e.endpoint) +} diff --git a/x-pack/filebeat/input/entityanalytics/provider/azuread/fetcher/graph/graph_test.go b/x-pack/filebeat/input/entityanalytics/provider/azuread/fetcher/graph/graph_test.go index 1b512fb101d..e54a05a2bd5 100644 --- a/x-pack/filebeat/input/entityanalytics/provider/azuread/fetcher/graph/graph_test.go +++ b/x-pack/filebeat/input/entityanalytics/provider/azuread/fetcher/graph/graph_test.go @@ -10,12 +10,16 @@ import ( "fmt" "net/http" "net/http/httptest" + "path" + "reflect" "testing" "time" + "github.com/google/go-cmp/cmp" "github.com/google/uuid" "github.com/stretchr/testify/require" + "github.com/elastic/beats/v7/x-pack/filebeat/input/entityanalytics/internal/collections" "github.com/elastic/beats/v7/x-pack/filebeat/input/entityanalytics/provider/azuread/authenticator/mock" "github.com/elastic/beats/v7/x-pack/filebeat/input/entityanalytics/provider/azuread/fetcher" "github.com/elastic/elastic-agent-libs/config" @@ -113,6 +117,24 @@ var devicesResponse2 = apiDeviceResponse{ }, } +var deviceOwnerResponses = map[string]apiUserResponse{ + "6a59ea83-02bd-468f-a40b-f2c3d1821983": { + Users: []userAPI{{"id": "5ebc6a0f-05b7-4f42-9c8a-682bbc75d0fc"}}, + }, + "adbbe40a-0627-4328-89f1-88cac84dbc7f": { + Users: []userAPI{{"id": "5ebc6a0f-05b7-4f42-9c8a-682bbc75d0fc"}}, + }, +} + +var deviceUserResponses = map[string]apiUserResponse{ + "6a59ea83-02bd-468f-a40b-f2c3d1821983": { + Users: []userAPI{{"id": "d897d560-3d17-4dae-81b3-c898fe82bf84"}, {"id": "5ebc6a0f-05b7-4f42-9c8a-682bbc75d0fc"}}, + }, + "adbbe40a-0627-4328-89f1-88cac84dbc7f": { + Users: []userAPI{{"id": "5ebc6a0f-05b7-4f42-9c8a-682bbc75d0fc"}}, + }, +} + var groupsResponse1 = apiGroupResponse{ Groups: []groupAPI{ { @@ -202,6 +224,26 @@ func (s *testServer) setup(t *testing.T) { require.NoError(t, err) }) + mux.HandleFunc("/devices/", func(w http.ResponseWriter, r *http.Request) { + w.Header().Add("Content-Type", "application/json") + + var data []byte + var err error + + switch path.Base(r.URL.Path) { + case "registeredOwners": + data, err = json.Marshal(deviceOwnerResponses[path.Base(path.Dir(r.URL.Path))]) + case "registeredUsers": + data, err = json.Marshal(deviceUserResponses[path.Base(path.Dir(r.URL.Path))]) + default: + err = fmt.Errorf("unknown endpoint: %s", r.URL) + } + require.NoError(t, err) + + _, err = w.Write(data) + require.NoError(t, err) + }) + mux.HandleFunc("/groups/delta", func(w http.ResponseWriter, r *http.Request) { w.Header().Add("Content-Type", "application/json") @@ -375,6 +417,13 @@ func TestGraph_Devices(t *testing.T) { }, }, }, + RegisteredOwners: collections.NewUUIDSet( + uuid.MustParse("5ebc6a0f-05b7-4f42-9c8a-682bbc75d0fc"), + ), + RegisteredUsers: collections.NewUUIDSet( + uuid.MustParse("5ebc6a0f-05b7-4f42-9c8a-682bbc75d0fc"), + uuid.MustParse("d897d560-3d17-4dae-81b3-c898fe82bf84"), + ), }, { ID: uuid.MustParse("adbbe40a-0627-4328-89f1-88cac84dbc7f"), @@ -399,6 +448,12 @@ func TestGraph_Devices(t *testing.T) { }, }, }, + RegisteredOwners: collections.NewUUIDSet( + uuid.MustParse("5ebc6a0f-05b7-4f42-9c8a-682bbc75d0fc"), + ), + RegisteredUsers: collections.NewUUIDSet( + uuid.MustParse("5ebc6a0f-05b7-4f42-9c8a-682bbc75d0fc"), + ), }, } @@ -417,6 +472,13 @@ func TestGraph_Devices(t *testing.T) { gotDevices, gotDeltaLink, gotErr := f.Devices(ctx, "") require.NoError(t, gotErr) - require.EqualValues(t, wantDevices, gotDevices) + // Using go-cmp because testify is too weak for this comparison. + // reflect.DeepEqual works, but won't show a reasonable diff. + exporter := cmp.Exporter(func(t reflect.Type) bool { + return t == reflect.TypeOf(collections.UUIDSet{}) + }) + if !cmp.Equal(wantDevices, gotDevices, exporter) { + t.Errorf("unexpected result:\n--- got\n--- want\n%s", cmp.Diff(wantDevices, gotDevices, exporter)) + } require.Equal(t, wantDeltaLink, gotDeltaLink) } From 3f30e5ed2594e0df2147930aa513266f9ba27b28 Mon Sep 17 00:00:00 2001 From: Dan Kortschak <90160302+efd6@users.noreply.github.com> Date: Tue, 25 Jul 2023 07:51:47 +0930 Subject: [PATCH 3/7] x-pack/filebeat/docs/inputs/cel: use attributes for mito doc links (#36139) --- .../filebeat/docs/inputs/input-cel.asciidoc | 160 +++++++++--------- 1 file changed, 81 insertions(+), 79 deletions(-) diff --git a/x-pack/filebeat/docs/inputs/input-cel.asciidoc b/x-pack/filebeat/docs/inputs/input-cel.asciidoc index 40fca2b829a..cf580982df2 100644 --- a/x-pack/filebeat/docs/inputs/input-cel.asciidoc +++ b/x-pack/filebeat/docs/inputs/input-cel.asciidoc @@ -1,6 +1,8 @@ [role="xpack"] :type: cel +:mito_version: v1.4.0 +:mito_docs: https://pkg.go.dev/github.com/elastic/mito@{mito_version} [id="{beatname_lc}-input-{type}"] === Common Expression Language input @@ -120,7 +122,7 @@ The field should be an array, but in the case of an error condition in the CEL p <2> If `cursor` is present it must be either be a single object or an array with the same length as events; each element _i_ of the `cursor` will be the details for obtaining the events at and beyond event _i_ in the `events` array. If the `cursor` is a single object it is will be the details for obtaining events after the last event in the `events` array and will only be retained on successful publication of all the events in the `events` array. -<3> If `rate_limit` is present it must be a map with numeric fields `rate` and `burst`. The `rate_limit` field may also have a string `error` field and other fields which will be logged. If it has an `error` field, the `rate` and `burst` will not be used to set rate limit behavior. The https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#Limit[Limit], and https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#OktaRateLimit[Okta Rate Limit policy] and https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#DraftRateLimit[Draft Rate Limit policy] documentation show how to construct this field. +<3> If `rate_limit` is present it must be a map with numeric fields `rate` and `burst`. The `rate_limit` field may also have a string `error` field and other fields which will be logged. If it has an `error` field, the `rate` and `burst` will not be used to set rate limit behavior. The {mito_docs}/lib#Limit[Limit], and {mito_docs}/lib#OktaRateLimit[Okta Rate Limit policy] and {mito_docs}/lib#DraftRateLimit[Draft Rate Limit policy] documentation show how to construct this field. <4> The evaluation is repeated with the new state, after removing the events field, if the "want_more" field is present and true, and a non-zero events array is returned. @@ -136,84 +138,84 @@ This will include any sensitive or secret information kept in the `state` object As noted above the `cel` input provides function, macro and global variables to extend the language. -* https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#Collections[Collections] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-Collate[Collate] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-Drop[Drop] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-Drop_Empty[Drop Empty] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-Flatten[Flatten] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-Max[Max] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-Min[Min] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-With[With] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-With_Replace[With Replace] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-With_Update[With Update] - -* https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#Crypto[Crypto] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-Base64[Base64] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-Base64_Raw[Base64 Raw] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-Hex[Hex] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-MD5[MD5] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-SHA_1[SHA-1] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-SHA_256[SHA-256] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-HMAC[HMAC] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-UUID[UUID] - -* https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#File[File] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-Dir[Dir] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-File[File] - -* https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#HTTP[HTTP] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-HEAD[HEAD] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-GET[GET] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-GET_Request[GET Request] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-POST[POST] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-POST_Request[POST Request] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-Request[Request] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-Basic_Authentication[Basic Authentication] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-Do_Request[Do Request] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-Parse_URL[Parse URL] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-Format_URL[Format URL] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-Parse_Query[Parse Query] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-Format_Query[Format Query] - -* https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#File[File] — the file extension is initialized with MIME handlers for "application/gzip", https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#NDJSON["application/x-ndjson"], https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#Zip["application/zip"], https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#CSVNoHeader["text/csv; header=absent"], and https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#CSVHeader["text/csv; header=present"]. -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-Dir[Dir] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-File[File] - -* https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#JSON[JSON] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-Encode_JSON[Encode JSON] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-Decode_JSON[Decode JSON] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-Decode_JSON_Stream[Decode JSON Stream] - -* https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#XML[XML] — the XML extension is initialized with XML schema definitions provided via the `xsd` configuration option. -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-Decode_XML[Decode XML] - -* https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#Limit[Limit] — the rate limit extension is initialized with https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#OktaRateLimit[Okta (as "okta")] and the https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#DraftRateLimit[Draft Rate Limit (as "draft")] policies. -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-Rate_Limit[Rate Limit] - -* https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#MIME[MIME] — the MIME extension is initialized with MIME handlers for "application/gzip", https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#NDJSON["application/x-ndjson"], https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#Zip["application/zip"], https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#CSVNoHeader["text/csv; header=absent"], and https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#CSVHeader["text/csv; header=present"]. -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-MIME[MIME] - -* https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#Regexp[Regexp] — the regular expression extension is initialized with the patterns specified in the user input configuration via the `regexp` field. -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-RE_Match[RE Match] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-RE_Find[RE Find] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-RE_Find_All[RE Find All] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-RE_Find_Submatch[RE Find Submatch] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-RE_Find_All_Submatch[RE Find All Submatch] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-RE_Replace_All[RE Replace All] - -* https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#Strings[Strings] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-String_Methods[String Methods] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-String_List_Methods[String List Methods] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-Bytes_Methods[Bytes Methods] - -* https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#Time[Time] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-Format[Format] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-Parse_Time[Parse Time] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-Global_Variables[Global Variables] - -* https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#Try[Try] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-Try[Try] -** https://pkg.go.dev/github.com/elastic/mito@v1.4.0/lib#hdr-Is_Error[Is Error] +* {mito_docs}/lib#Collections[Collections] +** {mito_docs}/lib#hdr-Collate[Collate] +** {mito_docs}/lib#hdr-Drop[Drop] +** {mito_docs}/lib#hdr-Drop_Empty[Drop Empty] +** {mito_docs}/lib#hdr-Flatten[Flatten] +** {mito_docs}/lib#hdr-Max[Max] +** {mito_docs}/lib#hdr-Min[Min] +** {mito_docs}/lib#hdr-With[With] +** {mito_docs}/lib#hdr-With_Replace[With Replace] +** {mito_docs}/lib#hdr-With_Update[With Update] + +* {mito_docs}/lib#Crypto[Crypto] +** {mito_docs}/lib#hdr-Base64[Base64] +** {mito_docs}/lib#hdr-Base64_Raw[Base64 Raw] +** {mito_docs}/lib#hdr-Hex[Hex] +** {mito_docs}/lib#hdr-MD5[MD5] +** {mito_docs}/lib#hdr-SHA_1[SHA-1] +** {mito_docs}/lib#hdr-SHA_256[SHA-256] +** {mito_docs}/lib#hdr-HMAC[HMAC] +** {mito_docs}/lib#hdr-UUID[UUID] + +* {mito_docs}/lib#File[File] +** {mito_docs}/lib#hdr-Dir[Dir] +** {mito_docs}/lib#hdr-File[File] + +* {mito_docs}/lib#HTTP[HTTP] +** {mito_docs}/lib#hdr-HEAD[HEAD] +** {mito_docs}/lib#hdr-GET[GET] +** {mito_docs}/lib#hdr-GET_Request[GET Request] +** {mito_docs}/lib#hdr-POST[POST] +** {mito_docs}/lib#hdr-POST_Request[POST Request] +** {mito_docs}/lib#hdr-Request[Request] +** {mito_docs}/lib#hdr-Basic_Authentication[Basic Authentication] +** {mito_docs}/lib#hdr-Do_Request[Do Request] +** {mito_docs}/lib#hdr-Parse_URL[Parse URL] +** {mito_docs}/lib#hdr-Format_URL[Format URL] +** {mito_docs}/lib#hdr-Parse_Query[Parse Query] +** {mito_docs}/lib#hdr-Format_Query[Format Query] + +* {mito_docs}/lib#File[File] — the file extension is initialized with MIME handlers for "application/gzip", {mito_docs}/lib#NDJSON["application/x-ndjson"], {mito_docs}/lib#Zip["application/zip"], {mito_docs}/lib#CSVNoHeader["text/csv; header=absent"], and {mito_docs}/lib#CSVHeader["text/csv; header=present"]. +** {mito_docs}/lib#hdr-Dir[Dir] +** {mito_docs}/lib#hdr-File[File] + +* {mito_docs}/lib#JSON[JSON] +** {mito_docs}/lib#hdr-Encode_JSON[Encode JSON] +** {mito_docs}/lib#hdr-Decode_JSON[Decode JSON] +** {mito_docs}/lib#hdr-Decode_JSON_Stream[Decode JSON Stream] + +* {mito_docs}/lib#XML[XML] — the XML extension is initialized with XML schema definitions provided via the `xsd` configuration option. +** {mito_docs}/lib#hdr-Decode_XML[Decode XML] + +* {mito_docs}/lib#Limit[Limit] — the rate limit extension is initialized with {mito_docs}/lib#OktaRateLimit[Okta (as "okta")] and the {mito_docs}/lib#DraftRateLimit[Draft Rate Limit (as "draft")] policies. +** {mito_docs}/lib#hdr-Rate_Limit[Rate Limit] + +* {mito_docs}/lib#MIME[MIME] — the MIME extension is initialized with MIME handlers for "application/gzip", {mito_docs}/lib#NDJSON["application/x-ndjson"], {mito_docs}/lib#Zip["application/zip"], {mito_docs}/lib#CSVNoHeader["text/csv; header=absent"], and {mito_docs}/lib#CSVHeader["text/csv; header=present"]. +** {mito_docs}/lib#hdr-MIME[MIME] + +* {mito_docs}/lib#Regexp[Regexp] — the regular expression extension is initialized with the patterns specified in the user input configuration via the `regexp` field. +** {mito_docs}/lib#hdr-RE_Match[RE Match] +** {mito_docs}/lib#hdr-RE_Find[RE Find] +** {mito_docs}/lib#hdr-RE_Find_All[RE Find All] +** {mito_docs}/lib#hdr-RE_Find_Submatch[RE Find Submatch] +** {mito_docs}/lib#hdr-RE_Find_All_Submatch[RE Find All Submatch] +** {mito_docs}/lib#hdr-RE_Replace_All[RE Replace All] + +* {mito_docs}/lib#Strings[Strings] +** {mito_docs}/lib#hdr-String_Methods[String Methods] +** {mito_docs}/lib#hdr-String_List_Methods[String List Methods] +** {mito_docs}/lib#hdr-Bytes_Methods[Bytes Methods] + +* {mito_docs}/lib#Time[Time] +** {mito_docs}/lib#hdr-Format[Format] +** {mito_docs}/lib#hdr-Parse_Time[Parse Time] +** {mito_docs}/lib#hdr-Global_Variables[Global Variables] + +* {mito_docs}/lib#Try[Try] +** {mito_docs}/lib#hdr-Try[Try] +** {mito_docs}/lib#hdr-Is_Error[Is Error] In addition to the extensions provided in the packages listed above, a global variable `useragent` is also provided which gives the user CEL program access to the {beatname_lc} user-agent string. From a3e66cd5d674dd6924fd09727cb12bc4307a2f49 Mon Sep 17 00:00:00 2001 From: Dan Kortschak <90160302+efd6@users.noreply.github.com> Date: Wed, 26 Jul 2023 06:45:38 +0930 Subject: [PATCH 4/7] x-pack/filebeat/input/cel: update mito version to v1.5.0 (#36146) --- CHANGELOG.next.asciidoc | 1 + NOTICE.txt | 4 ++-- go.mod | 2 +- go.sum | 4 ++-- x-pack/filebeat/docs/inputs/input-cel.asciidoc | 9 ++++++--- 5 files changed, 12 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 2275c618a74..49595dea612 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -153,6 +153,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff] - Fix handling of region name configuration in awss3 input {pull}36034[36034] - Fix panic when sqs input metrics getter is invoked {pull}36101[36101] {issue}36077[36077] - Make CEL input's `now` global variable static for evaluation lifetime. {pull}36107[36107] +- Update mito CEL extension library to v1.5.0. {pull}36146[36146] *Heartbeat* diff --git a/NOTICE.txt b/NOTICE.txt index a0305b483f4..33b52b2f07d 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -15600,11 +15600,11 @@ limitations under the License. -------------------------------------------------------------------------------- Dependency : github.com/elastic/mito -Version: v1.4.0 +Version: v1.5.0 Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/elastic/mito@v1.4.0/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/elastic/mito@v1.5.0/LICENSE: Apache License diff --git a/go.mod b/go.mod index 932f747a6e3..0f3d9d1c7bc 100644 --- a/go.mod +++ b/go.mod @@ -206,7 +206,7 @@ require ( github.com/elastic/elastic-agent-shipper-client v0.5.1-0.20230228231646-f04347b666f3 github.com/elastic/elastic-agent-system-metrics v0.6.1 github.com/elastic/go-elasticsearch/v8 v8.8.2 - github.com/elastic/mito v1.4.0 + github.com/elastic/mito v1.5.0 github.com/elastic/toutoumomoma v0.0.0-20221026030040-594ef30cb640 github.com/foxcpp/go-mockdns v0.0.0-20201212160233-ede2f9158d15 github.com/google/cel-go v0.15.3 diff --git a/go.sum b/go.sum index d2530460ec4..5058592b606 100644 --- a/go.sum +++ b/go.sum @@ -564,8 +564,8 @@ github.com/elastic/gopacket v1.1.20-0.20211202005954-d412fca7f83a h1:8WfL/X6fK11 github.com/elastic/gopacket v1.1.20-0.20211202005954-d412fca7f83a/go.mod h1:riddUzxTSBpJXk3qBHtYr4qOhFhT6k/1c0E3qkQjQpA= github.com/elastic/gosigar v0.14.2 h1:Dg80n8cr90OZ7x+bAax/QjoW/XqTI11RmA79ZwIm9/4= github.com/elastic/gosigar v0.14.2/go.mod h1:iXRIGg2tLnu7LBdpqzyQfGDEidKCfWcCMS0WKyPWoMs= -github.com/elastic/mito v1.4.0 h1:RgosnKOfjIIBeKfSP7h1x6YHrqfBNaao8I5+BMmKXpE= -github.com/elastic/mito v1.4.0/go.mod h1:J0LW+SbpiAoiBUBEBrbH8epwNDFhWWgEWyR/9DpY04c= +github.com/elastic/mito v1.5.0 h1:637UzhwJH8XfHgusGrpL9b7sTkDE+gJ4unf1tDPDtUE= +github.com/elastic/mito v1.5.0/go.mod h1:J0LW+SbpiAoiBUBEBrbH8epwNDFhWWgEWyR/9DpY04c= github.com/elastic/ristretto v0.1.1-0.20220602190459-83b0895ca5b3 h1:ChPwRVv1RR4a0cxoGjKcyWjTEpxYfm5gydMIzo32cAw= github.com/elastic/ristretto v0.1.1-0.20220602190459-83b0895ca5b3/go.mod h1:RAy2GVV4sTWVlNMavv3xhLsk18rxhfhDnombTe6EF5c= github.com/elastic/sarama v1.19.1-0.20220310193331-ebc2b0d8eef3 h1:FzA0/n4iMt8ojGDGRoiFPSHFvvdVIvxOxyLtiFnrLBM= diff --git a/x-pack/filebeat/docs/inputs/input-cel.asciidoc b/x-pack/filebeat/docs/inputs/input-cel.asciidoc index cf580982df2..11f9435a6f8 100644 --- a/x-pack/filebeat/docs/inputs/input-cel.asciidoc +++ b/x-pack/filebeat/docs/inputs/input-cel.asciidoc @@ -1,7 +1,7 @@ [role="xpack"] :type: cel -:mito_version: v1.4.0 +:mito_version: v1.5.0 :mito_docs: https://pkg.go.dev/github.com/elastic/mito@{mito_version} [id="{beatname_lc}-input-{type}"] @@ -70,7 +70,7 @@ filebeat.inputs: ==== Execution -The execution environment provided for the input includes includes the function, macros and global variables provided by the mito and ext.Strings libraries. +The execution environment provided for the input includes includes the functions, macros, and global variables provided by the mito library. A single JSON object is provided as an input accessible through a `state` variable. `state` contains a string `url` field and may contain arbitrary other fields configured via the input's `state` configuration. If the CEL program saves cursor states between executions of the program, the configured `state.cursor` value will be replaced by the saved cursor prior to execution. @@ -132,11 +132,12 @@ The `status_code`, `header` and `rate_limit` values may be omitted if the progra The CEL input will log the complete state after evaluation when logging at the DEBUG level. This will include any sensitive or secret information kept in the `state` object, and so DEBUG level logging should not be used in production when sensitive information is retained in the `state` object. +See <> configuration parameters for settings to exclude sensitive fields from DEBUG logs. ==== CEL extension libraries -As noted above the `cel` input provides function, macro and global variables to extend the language. +As noted above the `cel` input provides functions, macros, and global variables to extend the language. * {mito_docs}/lib#Collections[Collections] ** {mito_docs}/lib#hdr-Collate[Collate] @@ -148,6 +149,7 @@ As noted above the `cel` input provides function, macro and global variables to ** {mito_docs}/lib#hdr-With[With] ** {mito_docs}/lib#hdr-With_Replace[With Replace] ** {mito_docs}/lib#hdr-With_Update[With Update] +** {mito_docs}/lib#hdr-Zip[Zip] * {mito_docs}/lib#Crypto[Crypto] ** {mito_docs}/lib#hdr-Base64[Base64] @@ -633,6 +635,7 @@ Whether to use the host's local time rather that UTC for timestamping rotated lo This determines whether rotated logs should be gzip compressed. +[[cel-state-redact]] [float] ==== `redact` From 183531826be596f7166d6fd05a4c60e8dd459f47 Mon Sep 17 00:00:00 2001 From: Dan Kortschak <90160302+efd6@users.noreply.github.com> Date: Wed, 26 Jul 2023 06:58:59 +0930 Subject: [PATCH 5/7] x-pack/filebeat/docs/inputs/cel: add a text API example (#36152) --- x-pack/filebeat/docs/inputs/input-cel.asciidoc | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/x-pack/filebeat/docs/inputs/input-cel.asciidoc b/x-pack/filebeat/docs/inputs/input-cel.asciidoc index 11f9435a6f8..2643714ef7d 100644 --- a/x-pack/filebeat/docs/inputs/input-cel.asciidoc +++ b/x-pack/filebeat/docs/inputs/input-cel.asciidoc @@ -44,6 +44,21 @@ filebeat.inputs: }) ---- +or equivalently using the text format from ipify.org + +["source","yaml",subs="attributes"] +---- +filebeat.inputs: +# Fetch your public IP every minute. +- type: cel + interval: 1m + resource.url: https://api.ipify.org/?format=text + program: | + { + "events": [{"ip": string(get(state.url).Body)}] + } +---- + ["source","yaml",subs="attributes"] ---- filebeat.inputs: From 143c13024f7b420c66bde21e30a4480be7ac2365 Mon Sep 17 00:00:00 2001 From: Elastic Machine Date: Wed, 26 Jul 2023 18:04:38 +1000 Subject: [PATCH 6/7] [Release] Update docs for the 8.10.0 release (#35871) * docs: update docs * make update --------- Co-authored-by: Pierre HILBERT --- deploy/kubernetes/auditbeat-kubernetes.yaml | 2 +- deploy/kubernetes/filebeat-kubernetes.yaml | 2 +- deploy/kubernetes/heartbeat-kubernetes.yaml | 2 +- deploy/kubernetes/metricbeat-kubernetes.yaml | 2 +- filebeat/modules.d/apache.yml.disabled | 2 +- filebeat/modules.d/auditd.yml.disabled | 2 +- filebeat/modules.d/elasticsearch.yml.disabled | 2 +- filebeat/modules.d/haproxy.yml.disabled | 2 +- filebeat/modules.d/icinga.yml.disabled | 2 +- filebeat/modules.d/iis.yml.disabled | 2 +- filebeat/modules.d/kafka.yml.disabled | 2 +- filebeat/modules.d/kibana.yml.disabled | 2 +- filebeat/modules.d/logstash.yml.disabled | 2 +- filebeat/modules.d/mongodb.yml.disabled | 2 +- filebeat/modules.d/mysql.yml.disabled | 2 +- filebeat/modules.d/nats.yml.disabled | 2 +- filebeat/modules.d/nginx.yml.disabled | 2 +- filebeat/modules.d/osquery.yml.disabled | 2 +- filebeat/modules.d/pensando.yml.disabled | 2 +- filebeat/modules.d/postgresql.yml.disabled | 2 +- filebeat/modules.d/redis.yml.disabled | 2 +- filebeat/modules.d/santa.yml.disabled | 2 +- filebeat/modules.d/system.yml.disabled | 2 +- filebeat/modules.d/traefik.yml.disabled | 2 +- libbeat/docs/version.asciidoc | 4 ++-- metricbeat/modules.d/aerospike.yml.disabled | 2 +- metricbeat/modules.d/apache.yml.disabled | 2 +- metricbeat/modules.d/beat-xpack.yml.disabled | 2 +- metricbeat/modules.d/beat.yml.disabled | 2 +- metricbeat/modules.d/ceph-mgr.yml.disabled | 2 +- metricbeat/modules.d/ceph.yml.disabled | 2 +- metricbeat/modules.d/consul.yml.disabled | 2 +- metricbeat/modules.d/couchbase.yml.disabled | 2 +- metricbeat/modules.d/couchdb.yml.disabled | 2 +- metricbeat/modules.d/docker.yml.disabled | 2 +- metricbeat/modules.d/dropwizard.yml.disabled | 2 +- metricbeat/modules.d/elasticsearch-xpack.yml.disabled | 2 +- metricbeat/modules.d/elasticsearch.yml.disabled | 2 +- metricbeat/modules.d/envoyproxy.yml.disabled | 2 +- metricbeat/modules.d/etcd.yml.disabled | 2 +- metricbeat/modules.d/golang.yml.disabled | 2 +- metricbeat/modules.d/graphite.yml.disabled | 2 +- metricbeat/modules.d/haproxy.yml.disabled | 2 +- metricbeat/modules.d/http.yml.disabled | 2 +- metricbeat/modules.d/jolokia.yml.disabled | 2 +- metricbeat/modules.d/kafka.yml.disabled | 2 +- metricbeat/modules.d/kibana-xpack.yml.disabled | 2 +- metricbeat/modules.d/kibana.yml.disabled | 2 +- metricbeat/modules.d/kubernetes.yml.disabled | 2 +- metricbeat/modules.d/kvm.yml.disabled | 2 +- metricbeat/modules.d/linux.yml.disabled | 2 +- metricbeat/modules.d/logstash-xpack.yml.disabled | 2 +- metricbeat/modules.d/logstash.yml.disabled | 2 +- metricbeat/modules.d/memcached.yml.disabled | 2 +- metricbeat/modules.d/mongodb.yml.disabled | 2 +- metricbeat/modules.d/munin.yml.disabled | 2 +- metricbeat/modules.d/mysql.yml.disabled | 2 +- metricbeat/modules.d/nats.yml.disabled | 2 +- metricbeat/modules.d/nginx.yml.disabled | 2 +- metricbeat/modules.d/openmetrics.yml.disabled | 2 +- metricbeat/modules.d/php_fpm.yml.disabled | 2 +- metricbeat/modules.d/postgresql.yml.disabled | 2 +- metricbeat/modules.d/prometheus.yml.disabled | 2 +- metricbeat/modules.d/rabbitmq.yml.disabled | 2 +- metricbeat/modules.d/redis.yml.disabled | 2 +- metricbeat/modules.d/system.yml | 2 +- metricbeat/modules.d/traefik.yml.disabled | 2 +- metricbeat/modules.d/uwsgi.yml.disabled | 2 +- metricbeat/modules.d/vsphere.yml.disabled | 2 +- metricbeat/modules.d/windows.yml.disabled | 2 +- metricbeat/modules.d/zookeeper.yml.disabled | 2 +- x-pack/filebeat/modules.d/activemq.yml.disabled | 2 +- x-pack/filebeat/modules.d/aws.yml.disabled | 2 +- x-pack/filebeat/modules.d/awsfargate.yml.disabled | 2 +- x-pack/filebeat/modules.d/azure.yml.disabled | 2 +- x-pack/filebeat/modules.d/barracuda.yml.disabled | 2 +- x-pack/filebeat/modules.d/bluecoat.yml.disabled | 2 +- x-pack/filebeat/modules.d/cef.yml.disabled | 2 +- x-pack/filebeat/modules.d/checkpoint.yml.disabled | 2 +- x-pack/filebeat/modules.d/cisco.yml.disabled | 2 +- x-pack/filebeat/modules.d/coredns.yml.disabled | 2 +- x-pack/filebeat/modules.d/crowdstrike.yml.disabled | 2 +- x-pack/filebeat/modules.d/cyberarkpas.yml.disabled | 2 +- x-pack/filebeat/modules.d/cylance.yml.disabled | 2 +- x-pack/filebeat/modules.d/envoyproxy.yml.disabled | 2 +- x-pack/filebeat/modules.d/f5.yml.disabled | 2 +- x-pack/filebeat/modules.d/fortinet.yml.disabled | 2 +- x-pack/filebeat/modules.d/gcp.yml.disabled | 2 +- x-pack/filebeat/modules.d/google_workspace.yml.disabled | 2 +- x-pack/filebeat/modules.d/ibmmq.yml.disabled | 2 +- x-pack/filebeat/modules.d/imperva.yml.disabled | 2 +- x-pack/filebeat/modules.d/infoblox.yml.disabled | 2 +- x-pack/filebeat/modules.d/iptables.yml.disabled | 2 +- x-pack/filebeat/modules.d/juniper.yml.disabled | 2 +- x-pack/filebeat/modules.d/microsoft.yml.disabled | 2 +- x-pack/filebeat/modules.d/misp.yml.disabled | 2 +- x-pack/filebeat/modules.d/mssql.yml.disabled | 2 +- x-pack/filebeat/modules.d/mysqlenterprise.yml.disabled | 2 +- x-pack/filebeat/modules.d/netflow.yml.disabled | 2 +- x-pack/filebeat/modules.d/netscout.yml.disabled | 2 +- x-pack/filebeat/modules.d/o365.yml.disabled | 2 +- x-pack/filebeat/modules.d/okta.yml.disabled | 2 +- x-pack/filebeat/modules.d/oracle.yml.disabled | 2 +- x-pack/filebeat/modules.d/panw.yml.disabled | 2 +- x-pack/filebeat/modules.d/proofpoint.yml.disabled | 2 +- x-pack/filebeat/modules.d/rabbitmq.yml.disabled | 2 +- x-pack/filebeat/modules.d/radware.yml.disabled | 2 +- x-pack/filebeat/modules.d/salesforce.yml.disabled | 2 +- x-pack/filebeat/modules.d/snort.yml.disabled | 2 +- x-pack/filebeat/modules.d/snyk.yml.disabled | 2 +- x-pack/filebeat/modules.d/sonicwall.yml.disabled | 2 +- x-pack/filebeat/modules.d/sophos.yml.disabled | 2 +- x-pack/filebeat/modules.d/squid.yml.disabled | 2 +- x-pack/filebeat/modules.d/suricata.yml.disabled | 2 +- x-pack/filebeat/modules.d/threatintel.yml.disabled | 2 +- x-pack/filebeat/modules.d/tomcat.yml.disabled | 2 +- x-pack/filebeat/modules.d/zeek.yml.disabled | 2 +- x-pack/filebeat/modules.d/zookeeper.yml.disabled | 2 +- x-pack/filebeat/modules.d/zoom.yml.disabled | 2 +- x-pack/filebeat/modules.d/zscaler.yml.disabled | 2 +- x-pack/metricbeat/modules.d/activemq.yml.disabled | 2 +- x-pack/metricbeat/modules.d/airflow.yml.disabled | 2 +- x-pack/metricbeat/modules.d/aws.yml.disabled | 2 +- x-pack/metricbeat/modules.d/awsfargate.yml.disabled | 2 +- x-pack/metricbeat/modules.d/azure.yml.disabled | 2 +- x-pack/metricbeat/modules.d/cloudfoundry.yml.disabled | 2 +- x-pack/metricbeat/modules.d/cockroachdb.yml.disabled | 2 +- x-pack/metricbeat/modules.d/containerd.yml.disabled | 2 +- x-pack/metricbeat/modules.d/coredns.yml.disabled | 2 +- .../metricbeat/modules.d/enterprisesearch-xpack.yml.disabled | 2 +- x-pack/metricbeat/modules.d/enterprisesearch.yml.disabled | 2 +- x-pack/metricbeat/modules.d/gcp.yml.disabled | 2 +- x-pack/metricbeat/modules.d/ibmmq.yml.disabled | 2 +- x-pack/metricbeat/modules.d/iis.yml.disabled | 2 +- x-pack/metricbeat/modules.d/istio.yml.disabled | 2 +- x-pack/metricbeat/modules.d/mssql.yml.disabled | 2 +- x-pack/metricbeat/modules.d/oracle.yml.disabled | 2 +- x-pack/metricbeat/modules.d/prometheus.yml.disabled | 2 +- x-pack/metricbeat/modules.d/redisenterprise.yml.disabled | 2 +- x-pack/metricbeat/modules.d/sql.yml.disabled | 2 +- x-pack/metricbeat/modules.d/stan.yml.disabled | 2 +- x-pack/metricbeat/modules.d/statsd.yml.disabled | 2 +- x-pack/metricbeat/modules.d/syncgateway.yml.disabled | 2 +- x-pack/metricbeat/modules.d/tomcat.yml.disabled | 2 +- 144 files changed, 145 insertions(+), 145 deletions(-) diff --git a/deploy/kubernetes/auditbeat-kubernetes.yaml b/deploy/kubernetes/auditbeat-kubernetes.yaml index c7d5beb201e..4983aa9b90c 100644 --- a/deploy/kubernetes/auditbeat-kubernetes.yaml +++ b/deploy/kubernetes/auditbeat-kubernetes.yaml @@ -205,7 +205,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: auditbeat - image: docker.elastic.co/beats/auditbeat:8.9.0 + image: docker.elastic.co/beats/auditbeat:8.10.0 args: [ "-c", "/etc/auditbeat.yml", "-e", diff --git a/deploy/kubernetes/filebeat-kubernetes.yaml b/deploy/kubernetes/filebeat-kubernetes.yaml index a3a6c88dd18..230d6cd9ca8 100644 --- a/deploy/kubernetes/filebeat-kubernetes.yaml +++ b/deploy/kubernetes/filebeat-kubernetes.yaml @@ -167,7 +167,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: filebeat - image: docker.elastic.co/beats/filebeat:8.9.0 + image: docker.elastic.co/beats/filebeat:8.10.0 args: [ "-c", "/etc/filebeat.yml", "-e", diff --git a/deploy/kubernetes/heartbeat-kubernetes.yaml b/deploy/kubernetes/heartbeat-kubernetes.yaml index 4fef98d60e8..6b34ee106df 100644 --- a/deploy/kubernetes/heartbeat-kubernetes.yaml +++ b/deploy/kubernetes/heartbeat-kubernetes.yaml @@ -171,7 +171,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: heartbeat - image: docker.elastic.co/beats/heartbeat:8.9.0 + image: docker.elastic.co/beats/heartbeat:8.10.0 args: [ "-c", "/etc/heartbeat.yml", "-e", diff --git a/deploy/kubernetes/metricbeat-kubernetes.yaml b/deploy/kubernetes/metricbeat-kubernetes.yaml index 128ce0454ee..4879f43eecc 100644 --- a/deploy/kubernetes/metricbeat-kubernetes.yaml +++ b/deploy/kubernetes/metricbeat-kubernetes.yaml @@ -290,7 +290,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: metricbeat - image: docker.elastic.co/beats/metricbeat:8.9.0 + image: docker.elastic.co/beats/metricbeat:8.10.0 args: [ "-c", "/etc/metricbeat.yml", "-e", diff --git a/filebeat/modules.d/apache.yml.disabled b/filebeat/modules.d/apache.yml.disabled index d4fbc61659d..cd58ed77b3c 100644 --- a/filebeat/modules.d/apache.yml.disabled +++ b/filebeat/modules.d/apache.yml.disabled @@ -1,5 +1,5 @@ # Module: apache -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-apache.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-apache.html - module: apache # Access logs diff --git a/filebeat/modules.d/auditd.yml.disabled b/filebeat/modules.d/auditd.yml.disabled index 8bcedafdee9..b63d14ffc27 100644 --- a/filebeat/modules.d/auditd.yml.disabled +++ b/filebeat/modules.d/auditd.yml.disabled @@ -1,5 +1,5 @@ # Module: auditd -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-auditd.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-auditd.html - module: auditd log: diff --git a/filebeat/modules.d/elasticsearch.yml.disabled b/filebeat/modules.d/elasticsearch.yml.disabled index 75236f1a664..33ea085f784 100644 --- a/filebeat/modules.d/elasticsearch.yml.disabled +++ b/filebeat/modules.d/elasticsearch.yml.disabled @@ -1,5 +1,5 @@ # Module: elasticsearch -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-elasticsearch.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-elasticsearch.html - module: elasticsearch # Server log diff --git a/filebeat/modules.d/haproxy.yml.disabled b/filebeat/modules.d/haproxy.yml.disabled index 5863c5bbdf8..cb0a107fb5f 100644 --- a/filebeat/modules.d/haproxy.yml.disabled +++ b/filebeat/modules.d/haproxy.yml.disabled @@ -1,5 +1,5 @@ # Module: haproxy -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-haproxy.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-haproxy.html - module: haproxy # All logs diff --git a/filebeat/modules.d/icinga.yml.disabled b/filebeat/modules.d/icinga.yml.disabled index 10ab79616eb..1f0ba5e4de4 100644 --- a/filebeat/modules.d/icinga.yml.disabled +++ b/filebeat/modules.d/icinga.yml.disabled @@ -1,5 +1,5 @@ # Module: icinga -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-icinga.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-icinga.html - module: icinga # Main logs diff --git a/filebeat/modules.d/iis.yml.disabled b/filebeat/modules.d/iis.yml.disabled index 868fadedbb0..6be750c8701 100644 --- a/filebeat/modules.d/iis.yml.disabled +++ b/filebeat/modules.d/iis.yml.disabled @@ -1,5 +1,5 @@ # Module: iis -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-iis.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-iis.html - module: iis # Access logs diff --git a/filebeat/modules.d/kafka.yml.disabled b/filebeat/modules.d/kafka.yml.disabled index fd7b0013739..0cc4fbf9fe3 100644 --- a/filebeat/modules.d/kafka.yml.disabled +++ b/filebeat/modules.d/kafka.yml.disabled @@ -1,5 +1,5 @@ # Module: kafka -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-kafka.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-kafka.html - module: kafka # All logs diff --git a/filebeat/modules.d/kibana.yml.disabled b/filebeat/modules.d/kibana.yml.disabled index bc34de819a5..5ade4bf1439 100644 --- a/filebeat/modules.d/kibana.yml.disabled +++ b/filebeat/modules.d/kibana.yml.disabled @@ -1,5 +1,5 @@ # Module: kibana -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-kibana.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-kibana.html - module: kibana # Server logs diff --git a/filebeat/modules.d/logstash.yml.disabled b/filebeat/modules.d/logstash.yml.disabled index fe99eeabae4..501b8bc3321 100644 --- a/filebeat/modules.d/logstash.yml.disabled +++ b/filebeat/modules.d/logstash.yml.disabled @@ -1,5 +1,5 @@ # Module: logstash -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-logstash.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-logstash.html - module: logstash # logs diff --git a/filebeat/modules.d/mongodb.yml.disabled b/filebeat/modules.d/mongodb.yml.disabled index ac31f64bed1..4180e598582 100644 --- a/filebeat/modules.d/mongodb.yml.disabled +++ b/filebeat/modules.d/mongodb.yml.disabled @@ -1,5 +1,5 @@ # Module: mongodb -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-mongodb.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-mongodb.html - module: mongodb # All logs diff --git a/filebeat/modules.d/mysql.yml.disabled b/filebeat/modules.d/mysql.yml.disabled index dd5079648bc..b2c42d1f1cd 100644 --- a/filebeat/modules.d/mysql.yml.disabled +++ b/filebeat/modules.d/mysql.yml.disabled @@ -1,5 +1,5 @@ # Module: mysql -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-mysql.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-mysql.html - module: mysql # Error logs diff --git a/filebeat/modules.d/nats.yml.disabled b/filebeat/modules.d/nats.yml.disabled index 6074f499cad..2cfa45e5c19 100644 --- a/filebeat/modules.d/nats.yml.disabled +++ b/filebeat/modules.d/nats.yml.disabled @@ -1,5 +1,5 @@ # Module: nats -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-nats.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-nats.html - module: nats # All logs diff --git a/filebeat/modules.d/nginx.yml.disabled b/filebeat/modules.d/nginx.yml.disabled index 450b30c0e01..709e52630e9 100644 --- a/filebeat/modules.d/nginx.yml.disabled +++ b/filebeat/modules.d/nginx.yml.disabled @@ -1,5 +1,5 @@ # Module: nginx -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-nginx.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-nginx.html - module: nginx # Access logs diff --git a/filebeat/modules.d/osquery.yml.disabled b/filebeat/modules.d/osquery.yml.disabled index 0740b774a52..2def611ecbb 100644 --- a/filebeat/modules.d/osquery.yml.disabled +++ b/filebeat/modules.d/osquery.yml.disabled @@ -1,5 +1,5 @@ # Module: osquery -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-osquery.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-osquery.html - module: osquery result: diff --git a/filebeat/modules.d/pensando.yml.disabled b/filebeat/modules.d/pensando.yml.disabled index 1002b61bf3e..18a8b7d4efe 100644 --- a/filebeat/modules.d/pensando.yml.disabled +++ b/filebeat/modules.d/pensando.yml.disabled @@ -1,5 +1,5 @@ # Module: pensando -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-pensando.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-pensando.html - module: pensando # Firewall logs diff --git a/filebeat/modules.d/postgresql.yml.disabled b/filebeat/modules.d/postgresql.yml.disabled index 5df32fefc49..bec77dc84f7 100644 --- a/filebeat/modules.d/postgresql.yml.disabled +++ b/filebeat/modules.d/postgresql.yml.disabled @@ -1,5 +1,5 @@ # Module: postgresql -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-postgresql.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-postgresql.html - module: postgresql # All logs diff --git a/filebeat/modules.d/redis.yml.disabled b/filebeat/modules.d/redis.yml.disabled index dfec32f8849..31b022d2bc9 100644 --- a/filebeat/modules.d/redis.yml.disabled +++ b/filebeat/modules.d/redis.yml.disabled @@ -1,5 +1,5 @@ # Module: redis -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-redis.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-redis.html - module: redis # Main logs diff --git a/filebeat/modules.d/santa.yml.disabled b/filebeat/modules.d/santa.yml.disabled index 9655b1afb59..4707b903ce8 100644 --- a/filebeat/modules.d/santa.yml.disabled +++ b/filebeat/modules.d/santa.yml.disabled @@ -1,5 +1,5 @@ # Module: santa -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-santa.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-santa.html - module: santa log: diff --git a/filebeat/modules.d/system.yml.disabled b/filebeat/modules.d/system.yml.disabled index 4171c65f7ad..1302c6374da 100644 --- a/filebeat/modules.d/system.yml.disabled +++ b/filebeat/modules.d/system.yml.disabled @@ -1,5 +1,5 @@ # Module: system -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-system.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-system.html - module: system # Syslog diff --git a/filebeat/modules.d/traefik.yml.disabled b/filebeat/modules.d/traefik.yml.disabled index 440028cc182..cc65ce2de9c 100644 --- a/filebeat/modules.d/traefik.yml.disabled +++ b/filebeat/modules.d/traefik.yml.disabled @@ -1,5 +1,5 @@ # Module: traefik -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-traefik.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-traefik.html - module: traefik # Access logs diff --git a/libbeat/docs/version.asciidoc b/libbeat/docs/version.asciidoc index a73f993a283..fb25df72fc5 100644 --- a/libbeat/docs/version.asciidoc +++ b/libbeat/docs/version.asciidoc @@ -1,5 +1,5 @@ -:stack-version: 8.9.0 -:doc-branch: master +:stack-version: 8.10.0 +:doc-branch: main :go-version: 1.19.10 :release-state: unreleased :python: 3.7 diff --git a/metricbeat/modules.d/aerospike.yml.disabled b/metricbeat/modules.d/aerospike.yml.disabled index a2fbdf83d2c..5294b90301e 100644 --- a/metricbeat/modules.d/aerospike.yml.disabled +++ b/metricbeat/modules.d/aerospike.yml.disabled @@ -1,5 +1,5 @@ # Module: aerospike -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-aerospike.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-aerospike.html - module: aerospike #metricsets: diff --git a/metricbeat/modules.d/apache.yml.disabled b/metricbeat/modules.d/apache.yml.disabled index 28e34fe429a..9c3adaa97d8 100644 --- a/metricbeat/modules.d/apache.yml.disabled +++ b/metricbeat/modules.d/apache.yml.disabled @@ -1,5 +1,5 @@ # Module: apache -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-apache.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-apache.html - module: apache #metricsets: diff --git a/metricbeat/modules.d/beat-xpack.yml.disabled b/metricbeat/modules.d/beat-xpack.yml.disabled index 0d254a465a1..98cd8c7edef 100644 --- a/metricbeat/modules.d/beat-xpack.yml.disabled +++ b/metricbeat/modules.d/beat-xpack.yml.disabled @@ -1,5 +1,5 @@ # Module: beat -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-beat.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-beat.html - module: beat xpack.enabled: true diff --git a/metricbeat/modules.d/beat.yml.disabled b/metricbeat/modules.d/beat.yml.disabled index af2907f77b4..cb26d83a5cf 100644 --- a/metricbeat/modules.d/beat.yml.disabled +++ b/metricbeat/modules.d/beat.yml.disabled @@ -1,5 +1,5 @@ # Module: beat -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-beat.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-beat.html - module: beat metricsets: diff --git a/metricbeat/modules.d/ceph-mgr.yml.disabled b/metricbeat/modules.d/ceph-mgr.yml.disabled index 84932d3f4c0..9d06114f79f 100644 --- a/metricbeat/modules.d/ceph-mgr.yml.disabled +++ b/metricbeat/modules.d/ceph-mgr.yml.disabled @@ -1,5 +1,5 @@ # Module: ceph -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-ceph.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-ceph.html - module: ceph metricsets: diff --git a/metricbeat/modules.d/ceph.yml.disabled b/metricbeat/modules.d/ceph.yml.disabled index 7e875b274bd..550ea8fe6ea 100644 --- a/metricbeat/modules.d/ceph.yml.disabled +++ b/metricbeat/modules.d/ceph.yml.disabled @@ -1,5 +1,5 @@ # Module: ceph -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-ceph.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-ceph.html - module: ceph #metricsets: diff --git a/metricbeat/modules.d/consul.yml.disabled b/metricbeat/modules.d/consul.yml.disabled index d9b9dc5085d..9344dd8c999 100644 --- a/metricbeat/modules.d/consul.yml.disabled +++ b/metricbeat/modules.d/consul.yml.disabled @@ -1,5 +1,5 @@ # Module: consul -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-consul.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-consul.html - module: consul metricsets: diff --git a/metricbeat/modules.d/couchbase.yml.disabled b/metricbeat/modules.d/couchbase.yml.disabled index fbb8a53b4ca..088f98b45c5 100644 --- a/metricbeat/modules.d/couchbase.yml.disabled +++ b/metricbeat/modules.d/couchbase.yml.disabled @@ -1,5 +1,5 @@ # Module: couchbase -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-couchbase.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-couchbase.html - module: couchbase #metricsets: diff --git a/metricbeat/modules.d/couchdb.yml.disabled b/metricbeat/modules.d/couchdb.yml.disabled index 265878fc9db..2a2eb9a5613 100644 --- a/metricbeat/modules.d/couchdb.yml.disabled +++ b/metricbeat/modules.d/couchdb.yml.disabled @@ -1,5 +1,5 @@ # Module: couchdb -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-couchdb.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-couchdb.html - module: couchdb metricsets: ["server"] diff --git a/metricbeat/modules.d/docker.yml.disabled b/metricbeat/modules.d/docker.yml.disabled index bf5950eb6e7..88af5d21288 100644 --- a/metricbeat/modules.d/docker.yml.disabled +++ b/metricbeat/modules.d/docker.yml.disabled @@ -1,5 +1,5 @@ # Module: docker -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-docker.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-docker.html - module: docker #metricsets: diff --git a/metricbeat/modules.d/dropwizard.yml.disabled b/metricbeat/modules.d/dropwizard.yml.disabled index 5baa6349452..1103a314d1d 100644 --- a/metricbeat/modules.d/dropwizard.yml.disabled +++ b/metricbeat/modules.d/dropwizard.yml.disabled @@ -1,5 +1,5 @@ # Module: dropwizard -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-dropwizard.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-dropwizard.html - module: dropwizard #metricsets: diff --git a/metricbeat/modules.d/elasticsearch-xpack.yml.disabled b/metricbeat/modules.d/elasticsearch-xpack.yml.disabled index c7f57b84f54..d89c8b5d29b 100644 --- a/metricbeat/modules.d/elasticsearch-xpack.yml.disabled +++ b/metricbeat/modules.d/elasticsearch-xpack.yml.disabled @@ -1,5 +1,5 @@ # Module: elasticsearch -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-elasticsearch.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-elasticsearch.html - module: elasticsearch xpack.enabled: true diff --git a/metricbeat/modules.d/elasticsearch.yml.disabled b/metricbeat/modules.d/elasticsearch.yml.disabled index 271f927e301..aadd41d5946 100644 --- a/metricbeat/modules.d/elasticsearch.yml.disabled +++ b/metricbeat/modules.d/elasticsearch.yml.disabled @@ -1,5 +1,5 @@ # Module: elasticsearch -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-elasticsearch.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-elasticsearch.html - module: elasticsearch #metricsets: diff --git a/metricbeat/modules.d/envoyproxy.yml.disabled b/metricbeat/modules.d/envoyproxy.yml.disabled index 67d638f0b48..ca75daff085 100644 --- a/metricbeat/modules.d/envoyproxy.yml.disabled +++ b/metricbeat/modules.d/envoyproxy.yml.disabled @@ -1,5 +1,5 @@ # Module: envoyproxy -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-envoyproxy.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-envoyproxy.html - module: envoyproxy #metricsets: diff --git a/metricbeat/modules.d/etcd.yml.disabled b/metricbeat/modules.d/etcd.yml.disabled index 5a6fa8cd179..5aa30fb86e7 100644 --- a/metricbeat/modules.d/etcd.yml.disabled +++ b/metricbeat/modules.d/etcd.yml.disabled @@ -1,5 +1,5 @@ # Module: etcd -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-etcd.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-etcd.html - module: etcd #metricsets: diff --git a/metricbeat/modules.d/golang.yml.disabled b/metricbeat/modules.d/golang.yml.disabled index 8bb65e090e1..9f9e5624fa3 100644 --- a/metricbeat/modules.d/golang.yml.disabled +++ b/metricbeat/modules.d/golang.yml.disabled @@ -1,5 +1,5 @@ # Module: golang -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-golang.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-golang.html - module: golang #metricsets: diff --git a/metricbeat/modules.d/graphite.yml.disabled b/metricbeat/modules.d/graphite.yml.disabled index 78f7c32b304..3354715923c 100644 --- a/metricbeat/modules.d/graphite.yml.disabled +++ b/metricbeat/modules.d/graphite.yml.disabled @@ -1,5 +1,5 @@ # Module: graphite -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-graphite.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-graphite.html - module: graphite #metricsets: diff --git a/metricbeat/modules.d/haproxy.yml.disabled b/metricbeat/modules.d/haproxy.yml.disabled index 2c61ee0c55d..e95f687253d 100644 --- a/metricbeat/modules.d/haproxy.yml.disabled +++ b/metricbeat/modules.d/haproxy.yml.disabled @@ -1,5 +1,5 @@ # Module: haproxy -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-haproxy.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-haproxy.html - module: haproxy #metricsets: diff --git a/metricbeat/modules.d/http.yml.disabled b/metricbeat/modules.d/http.yml.disabled index 0ce5b5c0f85..63ebd2ee093 100644 --- a/metricbeat/modules.d/http.yml.disabled +++ b/metricbeat/modules.d/http.yml.disabled @@ -1,5 +1,5 @@ # Module: http -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-http.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-http.html - module: http #metricsets: diff --git a/metricbeat/modules.d/jolokia.yml.disabled b/metricbeat/modules.d/jolokia.yml.disabled index 2190273485f..b58782353ec 100644 --- a/metricbeat/modules.d/jolokia.yml.disabled +++ b/metricbeat/modules.d/jolokia.yml.disabled @@ -1,5 +1,5 @@ # Module: jolokia -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-jolokia.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-jolokia.html - module: jolokia #metricsets: ["jmx"] diff --git a/metricbeat/modules.d/kafka.yml.disabled b/metricbeat/modules.d/kafka.yml.disabled index 1e0db5d517b..afafa7e5a4c 100644 --- a/metricbeat/modules.d/kafka.yml.disabled +++ b/metricbeat/modules.d/kafka.yml.disabled @@ -1,5 +1,5 @@ # Module: kafka -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-kafka.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-kafka.html # Kafka metrics collected using the Kafka protocol - module: kafka diff --git a/metricbeat/modules.d/kibana-xpack.yml.disabled b/metricbeat/modules.d/kibana-xpack.yml.disabled index dd6b4d939a2..91471a7c212 100644 --- a/metricbeat/modules.d/kibana-xpack.yml.disabled +++ b/metricbeat/modules.d/kibana-xpack.yml.disabled @@ -1,5 +1,5 @@ # Module: kibana -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-kibana.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-kibana.html - module: kibana xpack.enabled: true diff --git a/metricbeat/modules.d/kibana.yml.disabled b/metricbeat/modules.d/kibana.yml.disabled index 78f769cd65e..27ca4b1a05f 100644 --- a/metricbeat/modules.d/kibana.yml.disabled +++ b/metricbeat/modules.d/kibana.yml.disabled @@ -1,5 +1,5 @@ # Module: kibana -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-kibana.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-kibana.html - module: kibana #metricsets: diff --git a/metricbeat/modules.d/kubernetes.yml.disabled b/metricbeat/modules.d/kubernetes.yml.disabled index 02baebb8bb7..23bd210a835 100644 --- a/metricbeat/modules.d/kubernetes.yml.disabled +++ b/metricbeat/modules.d/kubernetes.yml.disabled @@ -1,5 +1,5 @@ # Module: kubernetes -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-kubernetes.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-kubernetes.html # Node metrics, from kubelet: - module: kubernetes diff --git a/metricbeat/modules.d/kvm.yml.disabled b/metricbeat/modules.d/kvm.yml.disabled index 8450e1afc6d..00e06354b0b 100644 --- a/metricbeat/modules.d/kvm.yml.disabled +++ b/metricbeat/modules.d/kvm.yml.disabled @@ -1,5 +1,5 @@ # Module: kvm -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-kvm.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-kvm.html - module: kvm #metricsets: diff --git a/metricbeat/modules.d/linux.yml.disabled b/metricbeat/modules.d/linux.yml.disabled index df7311017bf..2c28e8bcbd0 100644 --- a/metricbeat/modules.d/linux.yml.disabled +++ b/metricbeat/modules.d/linux.yml.disabled @@ -1,5 +1,5 @@ # Module: linux -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-linux.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-linux.html - module: linux period: 10s diff --git a/metricbeat/modules.d/logstash-xpack.yml.disabled b/metricbeat/modules.d/logstash-xpack.yml.disabled index db78289f2a8..b00f4479919 100644 --- a/metricbeat/modules.d/logstash-xpack.yml.disabled +++ b/metricbeat/modules.d/logstash-xpack.yml.disabled @@ -1,5 +1,5 @@ # Module: logstash -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-logstash.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-logstash.html - module: logstash xpack.enabled: true diff --git a/metricbeat/modules.d/logstash.yml.disabled b/metricbeat/modules.d/logstash.yml.disabled index 72ea8231ff4..90274a3c728 100644 --- a/metricbeat/modules.d/logstash.yml.disabled +++ b/metricbeat/modules.d/logstash.yml.disabled @@ -1,5 +1,5 @@ # Module: logstash -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-logstash.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-logstash.html - module: logstash #metricsets: diff --git a/metricbeat/modules.d/memcached.yml.disabled b/metricbeat/modules.d/memcached.yml.disabled index 7037988cc35..0df976bb0bf 100644 --- a/metricbeat/modules.d/memcached.yml.disabled +++ b/metricbeat/modules.d/memcached.yml.disabled @@ -1,5 +1,5 @@ # Module: memcached -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-memcached.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-memcached.html - module: memcached # metricsets: ["stats"] diff --git a/metricbeat/modules.d/mongodb.yml.disabled b/metricbeat/modules.d/mongodb.yml.disabled index 0d4c26be4a5..48705eae39f 100644 --- a/metricbeat/modules.d/mongodb.yml.disabled +++ b/metricbeat/modules.d/mongodb.yml.disabled @@ -1,5 +1,5 @@ # Module: mongodb -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-mongodb.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-mongodb.html - module: mongodb #metricsets: diff --git a/metricbeat/modules.d/munin.yml.disabled b/metricbeat/modules.d/munin.yml.disabled index d42b1d9919e..803d200561b 100644 --- a/metricbeat/modules.d/munin.yml.disabled +++ b/metricbeat/modules.d/munin.yml.disabled @@ -1,5 +1,5 @@ # Module: munin -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-munin.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-munin.html - module: munin #metricsets: diff --git a/metricbeat/modules.d/mysql.yml.disabled b/metricbeat/modules.d/mysql.yml.disabled index 2b3371b1890..2913f5af8bc 100644 --- a/metricbeat/modules.d/mysql.yml.disabled +++ b/metricbeat/modules.d/mysql.yml.disabled @@ -1,5 +1,5 @@ # Module: mysql -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-mysql.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-mysql.html - module: mysql #metricsets: diff --git a/metricbeat/modules.d/nats.yml.disabled b/metricbeat/modules.d/nats.yml.disabled index d398ac0be43..e1e751cdb49 100644 --- a/metricbeat/modules.d/nats.yml.disabled +++ b/metricbeat/modules.d/nats.yml.disabled @@ -1,5 +1,5 @@ # Module: nats -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-nats.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-nats.html - module: nats metricsets: diff --git a/metricbeat/modules.d/nginx.yml.disabled b/metricbeat/modules.d/nginx.yml.disabled index 786cc90edd6..40c3bea92e5 100644 --- a/metricbeat/modules.d/nginx.yml.disabled +++ b/metricbeat/modules.d/nginx.yml.disabled @@ -1,5 +1,5 @@ # Module: nginx -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-nginx.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-nginx.html - module: nginx #metricsets: diff --git a/metricbeat/modules.d/openmetrics.yml.disabled b/metricbeat/modules.d/openmetrics.yml.disabled index ad933acedad..bebd339a1a2 100644 --- a/metricbeat/modules.d/openmetrics.yml.disabled +++ b/metricbeat/modules.d/openmetrics.yml.disabled @@ -1,5 +1,5 @@ # Module: openmetrics -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-openmetrics.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-openmetrics.html - module: openmetrics metricsets: ['collector'] diff --git a/metricbeat/modules.d/php_fpm.yml.disabled b/metricbeat/modules.d/php_fpm.yml.disabled index 08aaa3cc957..0ca2ac5c1df 100644 --- a/metricbeat/modules.d/php_fpm.yml.disabled +++ b/metricbeat/modules.d/php_fpm.yml.disabled @@ -1,5 +1,5 @@ # Module: php_fpm -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-php_fpm.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-php_fpm.html - module: php_fpm #metricsets: diff --git a/metricbeat/modules.d/postgresql.yml.disabled b/metricbeat/modules.d/postgresql.yml.disabled index 14ee2fc7aca..fe2e5858dfb 100644 --- a/metricbeat/modules.d/postgresql.yml.disabled +++ b/metricbeat/modules.d/postgresql.yml.disabled @@ -1,5 +1,5 @@ # Module: postgresql -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-postgresql.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-postgresql.html - module: postgresql #metricsets: diff --git a/metricbeat/modules.d/prometheus.yml.disabled b/metricbeat/modules.d/prometheus.yml.disabled index 82f45573931..f829e3d89da 100644 --- a/metricbeat/modules.d/prometheus.yml.disabled +++ b/metricbeat/modules.d/prometheus.yml.disabled @@ -1,5 +1,5 @@ # Module: prometheus -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-prometheus.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-prometheus.html # Metrics collected from a Prometheus endpoint - module: prometheus diff --git a/metricbeat/modules.d/rabbitmq.yml.disabled b/metricbeat/modules.d/rabbitmq.yml.disabled index ed0d8159571..b6967556f83 100644 --- a/metricbeat/modules.d/rabbitmq.yml.disabled +++ b/metricbeat/modules.d/rabbitmq.yml.disabled @@ -1,5 +1,5 @@ # Module: rabbitmq -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-rabbitmq.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-rabbitmq.html - module: rabbitmq #metricsets: diff --git a/metricbeat/modules.d/redis.yml.disabled b/metricbeat/modules.d/redis.yml.disabled index 303ede6f47d..99a7288e5ee 100644 --- a/metricbeat/modules.d/redis.yml.disabled +++ b/metricbeat/modules.d/redis.yml.disabled @@ -1,5 +1,5 @@ # Module: redis -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-redis.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-redis.html - module: redis #metricsets: diff --git a/metricbeat/modules.d/system.yml b/metricbeat/modules.d/system.yml index 3c511e77439..4123ea00f33 100644 --- a/metricbeat/modules.d/system.yml +++ b/metricbeat/modules.d/system.yml @@ -1,5 +1,5 @@ # Module: system -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-system.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-system.html - module: system period: 10s diff --git a/metricbeat/modules.d/traefik.yml.disabled b/metricbeat/modules.d/traefik.yml.disabled index 35326a4ec4a..b186538f4e1 100644 --- a/metricbeat/modules.d/traefik.yml.disabled +++ b/metricbeat/modules.d/traefik.yml.disabled @@ -1,5 +1,5 @@ # Module: traefik -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-traefik.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-traefik.html - module: traefik metricsets: ["health"] diff --git a/metricbeat/modules.d/uwsgi.yml.disabled b/metricbeat/modules.d/uwsgi.yml.disabled index f758061b65a..7ac6322064c 100644 --- a/metricbeat/modules.d/uwsgi.yml.disabled +++ b/metricbeat/modules.d/uwsgi.yml.disabled @@ -1,5 +1,5 @@ # Module: uwsgi -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-uwsgi.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-uwsgi.html - module: uwsgi #metricsets: diff --git a/metricbeat/modules.d/vsphere.yml.disabled b/metricbeat/modules.d/vsphere.yml.disabled index c56a9b1ac33..874b3b5b2e8 100644 --- a/metricbeat/modules.d/vsphere.yml.disabled +++ b/metricbeat/modules.d/vsphere.yml.disabled @@ -1,5 +1,5 @@ # Module: vsphere -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-vsphere.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-vsphere.html - module: vsphere #metricsets: diff --git a/metricbeat/modules.d/windows.yml.disabled b/metricbeat/modules.d/windows.yml.disabled index 717e52655a2..afe1af59311 100644 --- a/metricbeat/modules.d/windows.yml.disabled +++ b/metricbeat/modules.d/windows.yml.disabled @@ -1,5 +1,5 @@ # Module: windows -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-windows.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-windows.html - module: windows metricsets: diff --git a/metricbeat/modules.d/zookeeper.yml.disabled b/metricbeat/modules.d/zookeeper.yml.disabled index 7d44efb938e..f8d16c527a6 100644 --- a/metricbeat/modules.d/zookeeper.yml.disabled +++ b/metricbeat/modules.d/zookeeper.yml.disabled @@ -1,5 +1,5 @@ # Module: zookeeper -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-zookeeper.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-zookeeper.html - module: zookeeper #metricsets: diff --git a/x-pack/filebeat/modules.d/activemq.yml.disabled b/x-pack/filebeat/modules.d/activemq.yml.disabled index 82c70b16947..e19824686ae 100644 --- a/x-pack/filebeat/modules.d/activemq.yml.disabled +++ b/x-pack/filebeat/modules.d/activemq.yml.disabled @@ -1,5 +1,5 @@ # Module: activemq -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-activemq.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-activemq.html - module: activemq # Audit logs diff --git a/x-pack/filebeat/modules.d/aws.yml.disabled b/x-pack/filebeat/modules.d/aws.yml.disabled index 6a49839c116..c730b8aea07 100644 --- a/x-pack/filebeat/modules.d/aws.yml.disabled +++ b/x-pack/filebeat/modules.d/aws.yml.disabled @@ -1,5 +1,5 @@ # Module: aws -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-aws.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-aws.html - module: aws cloudtrail: diff --git a/x-pack/filebeat/modules.d/awsfargate.yml.disabled b/x-pack/filebeat/modules.d/awsfargate.yml.disabled index 57a5e419135..c2e96fd2f93 100644 --- a/x-pack/filebeat/modules.d/awsfargate.yml.disabled +++ b/x-pack/filebeat/modules.d/awsfargate.yml.disabled @@ -1,5 +1,5 @@ # Module: awsfargate -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-awsfargate.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-awsfargate.html - module: awsfargate log: diff --git a/x-pack/filebeat/modules.d/azure.yml.disabled b/x-pack/filebeat/modules.d/azure.yml.disabled index 04fe209e3f7..97eb4b9e461 100644 --- a/x-pack/filebeat/modules.d/azure.yml.disabled +++ b/x-pack/filebeat/modules.d/azure.yml.disabled @@ -1,5 +1,5 @@ # Module: azure -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-azure.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-azure.html - module: azure # All logs diff --git a/x-pack/filebeat/modules.d/barracuda.yml.disabled b/x-pack/filebeat/modules.d/barracuda.yml.disabled index 6327b8d6a75..3926a2fec96 100644 --- a/x-pack/filebeat/modules.d/barracuda.yml.disabled +++ b/x-pack/filebeat/modules.d/barracuda.yml.disabled @@ -1,5 +1,5 @@ # Module: barracuda -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-barracuda.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-barracuda.html - module: barracuda waf: diff --git a/x-pack/filebeat/modules.d/bluecoat.yml.disabled b/x-pack/filebeat/modules.d/bluecoat.yml.disabled index 98a4cef099b..28badfd0def 100644 --- a/x-pack/filebeat/modules.d/bluecoat.yml.disabled +++ b/x-pack/filebeat/modules.d/bluecoat.yml.disabled @@ -1,5 +1,5 @@ # Module: bluecoat -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-bluecoat.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-bluecoat.html - module: bluecoat director: diff --git a/x-pack/filebeat/modules.d/cef.yml.disabled b/x-pack/filebeat/modules.d/cef.yml.disabled index cda083f4a5e..1834c8f4dba 100644 --- a/x-pack/filebeat/modules.d/cef.yml.disabled +++ b/x-pack/filebeat/modules.d/cef.yml.disabled @@ -1,5 +1,5 @@ # Module: cef -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-cef.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-cef.html - module: cef log: diff --git a/x-pack/filebeat/modules.d/checkpoint.yml.disabled b/x-pack/filebeat/modules.d/checkpoint.yml.disabled index 62d30a992b7..595beccdbff 100644 --- a/x-pack/filebeat/modules.d/checkpoint.yml.disabled +++ b/x-pack/filebeat/modules.d/checkpoint.yml.disabled @@ -1,5 +1,5 @@ # Module: checkpoint -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-checkpoint.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-checkpoint.html - module: checkpoint firewall: diff --git a/x-pack/filebeat/modules.d/cisco.yml.disabled b/x-pack/filebeat/modules.d/cisco.yml.disabled index 6bc846f93f6..b2aca39798e 100644 --- a/x-pack/filebeat/modules.d/cisco.yml.disabled +++ b/x-pack/filebeat/modules.d/cisco.yml.disabled @@ -1,5 +1,5 @@ # Module: cisco -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-cisco.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-cisco.html - module: cisco asa: diff --git a/x-pack/filebeat/modules.d/coredns.yml.disabled b/x-pack/filebeat/modules.d/coredns.yml.disabled index fb7e9995130..bfcc3bba412 100644 --- a/x-pack/filebeat/modules.d/coredns.yml.disabled +++ b/x-pack/filebeat/modules.d/coredns.yml.disabled @@ -1,5 +1,5 @@ # Module: coredns -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-coredns.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-coredns.html - module: coredns # Fileset for native deployment diff --git a/x-pack/filebeat/modules.d/crowdstrike.yml.disabled b/x-pack/filebeat/modules.d/crowdstrike.yml.disabled index aea362f2e40..8f30c4ed899 100644 --- a/x-pack/filebeat/modules.d/crowdstrike.yml.disabled +++ b/x-pack/filebeat/modules.d/crowdstrike.yml.disabled @@ -1,5 +1,5 @@ # Module: crowdstrike -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-crowdstrike.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-crowdstrike.html - module: crowdstrike diff --git a/x-pack/filebeat/modules.d/cyberarkpas.yml.disabled b/x-pack/filebeat/modules.d/cyberarkpas.yml.disabled index f2168e9d453..8b4ddf9b814 100644 --- a/x-pack/filebeat/modules.d/cyberarkpas.yml.disabled +++ b/x-pack/filebeat/modules.d/cyberarkpas.yml.disabled @@ -1,5 +1,5 @@ # Module: cyberarkpas -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-cyberarkpas.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-cyberarkpas.html - module: cyberarkpas audit: diff --git a/x-pack/filebeat/modules.d/cylance.yml.disabled b/x-pack/filebeat/modules.d/cylance.yml.disabled index 164642f0738..48cbb166e82 100644 --- a/x-pack/filebeat/modules.d/cylance.yml.disabled +++ b/x-pack/filebeat/modules.d/cylance.yml.disabled @@ -1,5 +1,5 @@ # Module: cylance -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-cylance.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-cylance.html - module: cylance protect: diff --git a/x-pack/filebeat/modules.d/envoyproxy.yml.disabled b/x-pack/filebeat/modules.d/envoyproxy.yml.disabled index d95316b3c30..b06026cc061 100644 --- a/x-pack/filebeat/modules.d/envoyproxy.yml.disabled +++ b/x-pack/filebeat/modules.d/envoyproxy.yml.disabled @@ -1,5 +1,5 @@ # Module: envoyproxy -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-envoyproxy.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-envoyproxy.html - module: envoyproxy # Fileset for native deployment diff --git a/x-pack/filebeat/modules.d/f5.yml.disabled b/x-pack/filebeat/modules.d/f5.yml.disabled index 4db5209693d..cb9399134fe 100644 --- a/x-pack/filebeat/modules.d/f5.yml.disabled +++ b/x-pack/filebeat/modules.d/f5.yml.disabled @@ -1,5 +1,5 @@ # Module: f5 -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-f5.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-f5.html - module: f5 bigipapm: diff --git a/x-pack/filebeat/modules.d/fortinet.yml.disabled b/x-pack/filebeat/modules.d/fortinet.yml.disabled index e31eb967d73..a07a18bca93 100644 --- a/x-pack/filebeat/modules.d/fortinet.yml.disabled +++ b/x-pack/filebeat/modules.d/fortinet.yml.disabled @@ -1,5 +1,5 @@ # Module: fortinet -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-fortinet.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-fortinet.html - module: fortinet firewall: diff --git a/x-pack/filebeat/modules.d/gcp.yml.disabled b/x-pack/filebeat/modules.d/gcp.yml.disabled index b0b5f636b10..601be53f69b 100644 --- a/x-pack/filebeat/modules.d/gcp.yml.disabled +++ b/x-pack/filebeat/modules.d/gcp.yml.disabled @@ -1,5 +1,5 @@ # Module: gcp -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-gcp.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-gcp.html - module: gcp vpcflow: diff --git a/x-pack/filebeat/modules.d/google_workspace.yml.disabled b/x-pack/filebeat/modules.d/google_workspace.yml.disabled index 85142dfcaf0..a079e429f84 100644 --- a/x-pack/filebeat/modules.d/google_workspace.yml.disabled +++ b/x-pack/filebeat/modules.d/google_workspace.yml.disabled @@ -1,5 +1,5 @@ # Module: google_workspace -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-google_workspace.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-google_workspace.html - module: google_workspace saml: diff --git a/x-pack/filebeat/modules.d/ibmmq.yml.disabled b/x-pack/filebeat/modules.d/ibmmq.yml.disabled index 4ad3209a90e..fd19cafb3c9 100644 --- a/x-pack/filebeat/modules.d/ibmmq.yml.disabled +++ b/x-pack/filebeat/modules.d/ibmmq.yml.disabled @@ -1,5 +1,5 @@ # Module: ibmmq -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-ibmmq.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-ibmmq.html - module: ibmmq # All logs diff --git a/x-pack/filebeat/modules.d/imperva.yml.disabled b/x-pack/filebeat/modules.d/imperva.yml.disabled index cd864075960..e6616398303 100644 --- a/x-pack/filebeat/modules.d/imperva.yml.disabled +++ b/x-pack/filebeat/modules.d/imperva.yml.disabled @@ -1,5 +1,5 @@ # Module: imperva -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-imperva.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-imperva.html - module: imperva securesphere: diff --git a/x-pack/filebeat/modules.d/infoblox.yml.disabled b/x-pack/filebeat/modules.d/infoblox.yml.disabled index 24d524d259d..910a896d12a 100644 --- a/x-pack/filebeat/modules.d/infoblox.yml.disabled +++ b/x-pack/filebeat/modules.d/infoblox.yml.disabled @@ -1,5 +1,5 @@ # Module: infoblox -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-infoblox.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-infoblox.html - module: infoblox nios: diff --git a/x-pack/filebeat/modules.d/iptables.yml.disabled b/x-pack/filebeat/modules.d/iptables.yml.disabled index 2d51c67f24e..a4c73b7a04a 100644 --- a/x-pack/filebeat/modules.d/iptables.yml.disabled +++ b/x-pack/filebeat/modules.d/iptables.yml.disabled @@ -1,5 +1,5 @@ # Module: iptables -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-iptables.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-iptables.html - module: iptables log: diff --git a/x-pack/filebeat/modules.d/juniper.yml.disabled b/x-pack/filebeat/modules.d/juniper.yml.disabled index 583f47bb7f7..5fb85afc302 100644 --- a/x-pack/filebeat/modules.d/juniper.yml.disabled +++ b/x-pack/filebeat/modules.d/juniper.yml.disabled @@ -1,5 +1,5 @@ # Module: juniper -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-juniper.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-juniper.html - module: juniper junos: diff --git a/x-pack/filebeat/modules.d/microsoft.yml.disabled b/x-pack/filebeat/modules.d/microsoft.yml.disabled index e4af73ad6ed..4c5528f5b76 100644 --- a/x-pack/filebeat/modules.d/microsoft.yml.disabled +++ b/x-pack/filebeat/modules.d/microsoft.yml.disabled @@ -1,5 +1,5 @@ # Module: microsoft -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-microsoft.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-microsoft.html - module: microsoft # ATP configuration diff --git a/x-pack/filebeat/modules.d/misp.yml.disabled b/x-pack/filebeat/modules.d/misp.yml.disabled index 4e405aaac70..28ca6608367 100644 --- a/x-pack/filebeat/modules.d/misp.yml.disabled +++ b/x-pack/filebeat/modules.d/misp.yml.disabled @@ -1,5 +1,5 @@ # Module: misp -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-misp.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-misp.html # Deprecated in 7.14.0: Recommended to migrate to the Threat Intel module. diff --git a/x-pack/filebeat/modules.d/mssql.yml.disabled b/x-pack/filebeat/modules.d/mssql.yml.disabled index c8473c91dd5..ee3f225a941 100644 --- a/x-pack/filebeat/modules.d/mssql.yml.disabled +++ b/x-pack/filebeat/modules.d/mssql.yml.disabled @@ -1,5 +1,5 @@ # Module: mssql -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-mssql.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-mssql.html - module: mssql # Fileset for native deployment diff --git a/x-pack/filebeat/modules.d/mysqlenterprise.yml.disabled b/x-pack/filebeat/modules.d/mysqlenterprise.yml.disabled index 33c1731cd19..50e8860671f 100644 --- a/x-pack/filebeat/modules.d/mysqlenterprise.yml.disabled +++ b/x-pack/filebeat/modules.d/mysqlenterprise.yml.disabled @@ -1,5 +1,5 @@ # Module: mysqlenterprise -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-mysqlenterprise.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-mysqlenterprise.html - module: mysqlenterprise audit: diff --git a/x-pack/filebeat/modules.d/netflow.yml.disabled b/x-pack/filebeat/modules.d/netflow.yml.disabled index 7f365e90b43..b2584b16890 100644 --- a/x-pack/filebeat/modules.d/netflow.yml.disabled +++ b/x-pack/filebeat/modules.d/netflow.yml.disabled @@ -1,5 +1,5 @@ # Module: netflow -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-netflow.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-netflow.html - module: netflow log: diff --git a/x-pack/filebeat/modules.d/netscout.yml.disabled b/x-pack/filebeat/modules.d/netscout.yml.disabled index c6d5520629b..6a0e4c0dce6 100644 --- a/x-pack/filebeat/modules.d/netscout.yml.disabled +++ b/x-pack/filebeat/modules.d/netscout.yml.disabled @@ -1,5 +1,5 @@ # Module: netscout -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-netscout.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-netscout.html - module: netscout sightline: diff --git a/x-pack/filebeat/modules.d/o365.yml.disabled b/x-pack/filebeat/modules.d/o365.yml.disabled index ab61528d6f9..99724949b39 100644 --- a/x-pack/filebeat/modules.d/o365.yml.disabled +++ b/x-pack/filebeat/modules.d/o365.yml.disabled @@ -1,5 +1,5 @@ # Module: o365 -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-o365.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-o365.html - module: o365 audit: diff --git a/x-pack/filebeat/modules.d/okta.yml.disabled b/x-pack/filebeat/modules.d/okta.yml.disabled index 062856ce4e4..13706b240d2 100644 --- a/x-pack/filebeat/modules.d/okta.yml.disabled +++ b/x-pack/filebeat/modules.d/okta.yml.disabled @@ -1,5 +1,5 @@ # Module: okta -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-okta.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-okta.html - module: okta system: diff --git a/x-pack/filebeat/modules.d/oracle.yml.disabled b/x-pack/filebeat/modules.d/oracle.yml.disabled index aa24b1f6755..c74c5f889f8 100644 --- a/x-pack/filebeat/modules.d/oracle.yml.disabled +++ b/x-pack/filebeat/modules.d/oracle.yml.disabled @@ -1,5 +1,5 @@ # Module: oracle -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-oracle.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-oracle.html - module: oracle database_audit: diff --git a/x-pack/filebeat/modules.d/panw.yml.disabled b/x-pack/filebeat/modules.d/panw.yml.disabled index 1a630f8fb4e..93b9a683603 100644 --- a/x-pack/filebeat/modules.d/panw.yml.disabled +++ b/x-pack/filebeat/modules.d/panw.yml.disabled @@ -1,5 +1,5 @@ # Module: panw -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-panw.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-panw.html - module: panw panos: diff --git a/x-pack/filebeat/modules.d/proofpoint.yml.disabled b/x-pack/filebeat/modules.d/proofpoint.yml.disabled index 34b31277086..2c5dfec92e5 100644 --- a/x-pack/filebeat/modules.d/proofpoint.yml.disabled +++ b/x-pack/filebeat/modules.d/proofpoint.yml.disabled @@ -1,5 +1,5 @@ # Module: proofpoint -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-proofpoint.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-proofpoint.html - module: proofpoint emailsecurity: diff --git a/x-pack/filebeat/modules.d/rabbitmq.yml.disabled b/x-pack/filebeat/modules.d/rabbitmq.yml.disabled index 437cf9a5721..2b2171f86d0 100644 --- a/x-pack/filebeat/modules.d/rabbitmq.yml.disabled +++ b/x-pack/filebeat/modules.d/rabbitmq.yml.disabled @@ -1,5 +1,5 @@ # Module: rabbitmq -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-rabbitmq.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-rabbitmq.html - module: rabbitmq # All logs diff --git a/x-pack/filebeat/modules.d/radware.yml.disabled b/x-pack/filebeat/modules.d/radware.yml.disabled index 553d8459127..fe39a7b805e 100644 --- a/x-pack/filebeat/modules.d/radware.yml.disabled +++ b/x-pack/filebeat/modules.d/radware.yml.disabled @@ -1,5 +1,5 @@ # Module: radware -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-radware.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-radware.html - module: radware defensepro: diff --git a/x-pack/filebeat/modules.d/salesforce.yml.disabled b/x-pack/filebeat/modules.d/salesforce.yml.disabled index 93d04365a86..8535b30f006 100644 --- a/x-pack/filebeat/modules.d/salesforce.yml.disabled +++ b/x-pack/filebeat/modules.d/salesforce.yml.disabled @@ -1,5 +1,5 @@ # Module: salesforce -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-salesforce.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-salesforce.html - module: salesforce diff --git a/x-pack/filebeat/modules.d/snort.yml.disabled b/x-pack/filebeat/modules.d/snort.yml.disabled index 89d25c4b556..d8befbb7d7c 100644 --- a/x-pack/filebeat/modules.d/snort.yml.disabled +++ b/x-pack/filebeat/modules.d/snort.yml.disabled @@ -1,5 +1,5 @@ # Module: snort -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-snort.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-snort.html - module: snort log: diff --git a/x-pack/filebeat/modules.d/snyk.yml.disabled b/x-pack/filebeat/modules.d/snyk.yml.disabled index f92cf1d71f0..ab6b379f389 100644 --- a/x-pack/filebeat/modules.d/snyk.yml.disabled +++ b/x-pack/filebeat/modules.d/snyk.yml.disabled @@ -1,5 +1,5 @@ # Module: snyk -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-snyk.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-snyk.html - module: snyk audit: diff --git a/x-pack/filebeat/modules.d/sonicwall.yml.disabled b/x-pack/filebeat/modules.d/sonicwall.yml.disabled index f267d355b37..cf0706bdd81 100644 --- a/x-pack/filebeat/modules.d/sonicwall.yml.disabled +++ b/x-pack/filebeat/modules.d/sonicwall.yml.disabled @@ -1,5 +1,5 @@ # Module: sonicwall -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-sonicwall.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-sonicwall.html - module: sonicwall firewall: diff --git a/x-pack/filebeat/modules.d/sophos.yml.disabled b/x-pack/filebeat/modules.d/sophos.yml.disabled index e875354ad62..42aa513de7e 100644 --- a/x-pack/filebeat/modules.d/sophos.yml.disabled +++ b/x-pack/filebeat/modules.d/sophos.yml.disabled @@ -1,5 +1,5 @@ # Module: sophos -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-sophos.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-sophos.html - module: sophos xg: diff --git a/x-pack/filebeat/modules.d/squid.yml.disabled b/x-pack/filebeat/modules.d/squid.yml.disabled index 81d5f6e0af0..bc34fdcb5a6 100644 --- a/x-pack/filebeat/modules.d/squid.yml.disabled +++ b/x-pack/filebeat/modules.d/squid.yml.disabled @@ -1,5 +1,5 @@ # Module: squid -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-squid.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-squid.html - module: squid log: diff --git a/x-pack/filebeat/modules.d/suricata.yml.disabled b/x-pack/filebeat/modules.d/suricata.yml.disabled index 98e905fff23..14b1855a058 100644 --- a/x-pack/filebeat/modules.d/suricata.yml.disabled +++ b/x-pack/filebeat/modules.d/suricata.yml.disabled @@ -1,5 +1,5 @@ # Module: suricata -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-suricata.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-suricata.html - module: suricata # All logs diff --git a/x-pack/filebeat/modules.d/threatintel.yml.disabled b/x-pack/filebeat/modules.d/threatintel.yml.disabled index 717de295f33..d5a0365f40c 100644 --- a/x-pack/filebeat/modules.d/threatintel.yml.disabled +++ b/x-pack/filebeat/modules.d/threatintel.yml.disabled @@ -1,5 +1,5 @@ # Module: threatintel -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-threatintel.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-threatintel.html - module: threatintel abuseurl: diff --git a/x-pack/filebeat/modules.d/tomcat.yml.disabled b/x-pack/filebeat/modules.d/tomcat.yml.disabled index dc7a8d7eadd..1fda24706e3 100644 --- a/x-pack/filebeat/modules.d/tomcat.yml.disabled +++ b/x-pack/filebeat/modules.d/tomcat.yml.disabled @@ -1,5 +1,5 @@ # Module: tomcat -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-tomcat.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-tomcat.html - module: tomcat log: diff --git a/x-pack/filebeat/modules.d/zeek.yml.disabled b/x-pack/filebeat/modules.d/zeek.yml.disabled index 2ceeeea911d..4017a6e3997 100644 --- a/x-pack/filebeat/modules.d/zeek.yml.disabled +++ b/x-pack/filebeat/modules.d/zeek.yml.disabled @@ -1,5 +1,5 @@ # Module: zeek -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-zeek.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-zeek.html - module: zeek capture_loss: diff --git a/x-pack/filebeat/modules.d/zookeeper.yml.disabled b/x-pack/filebeat/modules.d/zookeeper.yml.disabled index f632c0de9e7..a2cb2977935 100644 --- a/x-pack/filebeat/modules.d/zookeeper.yml.disabled +++ b/x-pack/filebeat/modules.d/zookeeper.yml.disabled @@ -1,5 +1,5 @@ # Module: zookeeper -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-zookeeper.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-zookeeper.html - module: zookeeper # All logs diff --git a/x-pack/filebeat/modules.d/zoom.yml.disabled b/x-pack/filebeat/modules.d/zoom.yml.disabled index b7a5bc35a00..8fb6dffcaff 100644 --- a/x-pack/filebeat/modules.d/zoom.yml.disabled +++ b/x-pack/filebeat/modules.d/zoom.yml.disabled @@ -1,5 +1,5 @@ # Module: zoom -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-zoom.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-zoom.html - module: zoom webhook: diff --git a/x-pack/filebeat/modules.d/zscaler.yml.disabled b/x-pack/filebeat/modules.d/zscaler.yml.disabled index 732a033073b..8ca0cea079c 100644 --- a/x-pack/filebeat/modules.d/zscaler.yml.disabled +++ b/x-pack/filebeat/modules.d/zscaler.yml.disabled @@ -1,5 +1,5 @@ # Module: zscaler -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-zscaler.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-zscaler.html - module: zscaler zia: diff --git a/x-pack/metricbeat/modules.d/activemq.yml.disabled b/x-pack/metricbeat/modules.d/activemq.yml.disabled index 33716db01c9..de0ecb7c79f 100644 --- a/x-pack/metricbeat/modules.d/activemq.yml.disabled +++ b/x-pack/metricbeat/modules.d/activemq.yml.disabled @@ -1,5 +1,5 @@ # Module: activemq -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-activemq.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-activemq.html - module: activemq metricsets: ['broker', 'queue', 'topic'] diff --git a/x-pack/metricbeat/modules.d/airflow.yml.disabled b/x-pack/metricbeat/modules.d/airflow.yml.disabled index 010b1daadd8..e874fcf7db0 100644 --- a/x-pack/metricbeat/modules.d/airflow.yml.disabled +++ b/x-pack/metricbeat/modules.d/airflow.yml.disabled @@ -1,5 +1,5 @@ # Module: airflow -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-airflow.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-airflow.html - module: airflow host: "localhost" diff --git a/x-pack/metricbeat/modules.d/aws.yml.disabled b/x-pack/metricbeat/modules.d/aws.yml.disabled index 3fc7c43a108..ddd36a4c326 100644 --- a/x-pack/metricbeat/modules.d/aws.yml.disabled +++ b/x-pack/metricbeat/modules.d/aws.yml.disabled @@ -1,5 +1,5 @@ # Module: aws -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-aws.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-aws.html - module: aws period: 1m diff --git a/x-pack/metricbeat/modules.d/awsfargate.yml.disabled b/x-pack/metricbeat/modules.d/awsfargate.yml.disabled index b2b91f06ee4..81c34f5759d 100644 --- a/x-pack/metricbeat/modules.d/awsfargate.yml.disabled +++ b/x-pack/metricbeat/modules.d/awsfargate.yml.disabled @@ -1,5 +1,5 @@ # Module: awsfargate -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-awsfargate.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-awsfargate.html - module: awsfargate period: 10s diff --git a/x-pack/metricbeat/modules.d/azure.yml.disabled b/x-pack/metricbeat/modules.d/azure.yml.disabled index 10d00e003cf..e42f064618a 100644 --- a/x-pack/metricbeat/modules.d/azure.yml.disabled +++ b/x-pack/metricbeat/modules.d/azure.yml.disabled @@ -1,5 +1,5 @@ # Module: azure -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-azure.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-azure.html - module: azure metricsets: diff --git a/x-pack/metricbeat/modules.d/cloudfoundry.yml.disabled b/x-pack/metricbeat/modules.d/cloudfoundry.yml.disabled index 22a600e51d8..e082545a78d 100644 --- a/x-pack/metricbeat/modules.d/cloudfoundry.yml.disabled +++ b/x-pack/metricbeat/modules.d/cloudfoundry.yml.disabled @@ -1,5 +1,5 @@ # Module: cloudfoundry -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-cloudfoundry.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-cloudfoundry.html - module: cloudfoundry metricsets: diff --git a/x-pack/metricbeat/modules.d/cockroachdb.yml.disabled b/x-pack/metricbeat/modules.d/cockroachdb.yml.disabled index 5b0a48e86bb..198fb66f8d8 100644 --- a/x-pack/metricbeat/modules.d/cockroachdb.yml.disabled +++ b/x-pack/metricbeat/modules.d/cockroachdb.yml.disabled @@ -1,5 +1,5 @@ # Module: cockroachdb -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-cockroachdb.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-cockroachdb.html - module: cockroachdb metricsets: ['status'] diff --git a/x-pack/metricbeat/modules.d/containerd.yml.disabled b/x-pack/metricbeat/modules.d/containerd.yml.disabled index f21b32139eb..20b03cd9e50 100644 --- a/x-pack/metricbeat/modules.d/containerd.yml.disabled +++ b/x-pack/metricbeat/modules.d/containerd.yml.disabled @@ -1,5 +1,5 @@ # Module: containerd -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-containerd.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-containerd.html - module: containerd metricsets: ["cpu", "memory", "blkio"] diff --git a/x-pack/metricbeat/modules.d/coredns.yml.disabled b/x-pack/metricbeat/modules.d/coredns.yml.disabled index 644a62bc4b7..60e8b71c32c 100644 --- a/x-pack/metricbeat/modules.d/coredns.yml.disabled +++ b/x-pack/metricbeat/modules.d/coredns.yml.disabled @@ -1,5 +1,5 @@ # Module: coredns -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-coredns.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-coredns.html - module: coredns metricsets: ["stats"] diff --git a/x-pack/metricbeat/modules.d/enterprisesearch-xpack.yml.disabled b/x-pack/metricbeat/modules.d/enterprisesearch-xpack.yml.disabled index e42dde843c2..0af7916573a 100644 --- a/x-pack/metricbeat/modules.d/enterprisesearch-xpack.yml.disabled +++ b/x-pack/metricbeat/modules.d/enterprisesearch-xpack.yml.disabled @@ -1,5 +1,5 @@ # Module: enterprisesearch -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-enterprisesearch.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-enterprisesearch.html - module: enterprisesearch xpack.enabled: true diff --git a/x-pack/metricbeat/modules.d/enterprisesearch.yml.disabled b/x-pack/metricbeat/modules.d/enterprisesearch.yml.disabled index 241791cc203..122e56b627b 100644 --- a/x-pack/metricbeat/modules.d/enterprisesearch.yml.disabled +++ b/x-pack/metricbeat/modules.d/enterprisesearch.yml.disabled @@ -1,5 +1,5 @@ # Module: enterprisesearch -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-enterprisesearch.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-enterprisesearch.html - module: enterprisesearch metricsets: ["health", "stats"] diff --git a/x-pack/metricbeat/modules.d/gcp.yml.disabled b/x-pack/metricbeat/modules.d/gcp.yml.disabled index 4a42e04b311..f79e1607a45 100644 --- a/x-pack/metricbeat/modules.d/gcp.yml.disabled +++ b/x-pack/metricbeat/modules.d/gcp.yml.disabled @@ -1,5 +1,5 @@ # Module: gcp -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-gcp.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-gcp.html - module: gcp metricsets: diff --git a/x-pack/metricbeat/modules.d/ibmmq.yml.disabled b/x-pack/metricbeat/modules.d/ibmmq.yml.disabled index a2fdf552f1c..43940532263 100644 --- a/x-pack/metricbeat/modules.d/ibmmq.yml.disabled +++ b/x-pack/metricbeat/modules.d/ibmmq.yml.disabled @@ -1,5 +1,5 @@ # Module: ibmmq -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-ibmmq.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-ibmmq.html - module: ibmmq metricsets: ['qmgr'] diff --git a/x-pack/metricbeat/modules.d/iis.yml.disabled b/x-pack/metricbeat/modules.d/iis.yml.disabled index f81d67eedff..19f348a2875 100644 --- a/x-pack/metricbeat/modules.d/iis.yml.disabled +++ b/x-pack/metricbeat/modules.d/iis.yml.disabled @@ -1,5 +1,5 @@ # Module: iis -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-iis.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-iis.html - module: iis metricsets: diff --git a/x-pack/metricbeat/modules.d/istio.yml.disabled b/x-pack/metricbeat/modules.d/istio.yml.disabled index 55c2a1d715a..ccb0884610a 100644 --- a/x-pack/metricbeat/modules.d/istio.yml.disabled +++ b/x-pack/metricbeat/modules.d/istio.yml.disabled @@ -1,5 +1,5 @@ # Module: istio -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-istio.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-istio.html # Istio mesh. To collect all Mixer-generated metrics. For versions of Istio prior to 1.5. - module: istio diff --git a/x-pack/metricbeat/modules.d/mssql.yml.disabled b/x-pack/metricbeat/modules.d/mssql.yml.disabled index 12eff0522ee..fbbb7bad8fc 100644 --- a/x-pack/metricbeat/modules.d/mssql.yml.disabled +++ b/x-pack/metricbeat/modules.d/mssql.yml.disabled @@ -1,5 +1,5 @@ # Module: mssql -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-mssql.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-mssql.html - module: mssql metricsets: diff --git a/x-pack/metricbeat/modules.d/oracle.yml.disabled b/x-pack/metricbeat/modules.d/oracle.yml.disabled index 99d59eb2c3a..445924b61ea 100644 --- a/x-pack/metricbeat/modules.d/oracle.yml.disabled +++ b/x-pack/metricbeat/modules.d/oracle.yml.disabled @@ -1,5 +1,5 @@ # Module: oracle -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-oracle.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-oracle.html # Module: oracle diff --git a/x-pack/metricbeat/modules.d/prometheus.yml.disabled b/x-pack/metricbeat/modules.d/prometheus.yml.disabled index d6e00936b2a..11cc449ba47 100644 --- a/x-pack/metricbeat/modules.d/prometheus.yml.disabled +++ b/x-pack/metricbeat/modules.d/prometheus.yml.disabled @@ -1,5 +1,5 @@ # Module: prometheus -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-prometheus.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-prometheus.html - module: prometheus period: 10s diff --git a/x-pack/metricbeat/modules.d/redisenterprise.yml.disabled b/x-pack/metricbeat/modules.d/redisenterprise.yml.disabled index c3121d7c2fb..350843a88e9 100644 --- a/x-pack/metricbeat/modules.d/redisenterprise.yml.disabled +++ b/x-pack/metricbeat/modules.d/redisenterprise.yml.disabled @@ -1,5 +1,5 @@ # Module: redisenterprise -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-redisenterprise.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-redisenterprise.html - module: redisenterprise metricsets: diff --git a/x-pack/metricbeat/modules.d/sql.yml.disabled b/x-pack/metricbeat/modules.d/sql.yml.disabled index 5663e03b1ef..f45644b0b11 100644 --- a/x-pack/metricbeat/modules.d/sql.yml.disabled +++ b/x-pack/metricbeat/modules.d/sql.yml.disabled @@ -1,5 +1,5 @@ # Module: sql -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-sql.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-sql.html - module: sql metricsets: diff --git a/x-pack/metricbeat/modules.d/stan.yml.disabled b/x-pack/metricbeat/modules.d/stan.yml.disabled index 0f93c0f5a0c..b3f19229874 100644 --- a/x-pack/metricbeat/modules.d/stan.yml.disabled +++ b/x-pack/metricbeat/modules.d/stan.yml.disabled @@ -1,5 +1,5 @@ # Module: stan -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-stan.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-stan.html - module: stan metricsets: ["stats", "subscriptions", "channels"] diff --git a/x-pack/metricbeat/modules.d/statsd.yml.disabled b/x-pack/metricbeat/modules.d/statsd.yml.disabled index ced946c242f..16712fd96b3 100644 --- a/x-pack/metricbeat/modules.d/statsd.yml.disabled +++ b/x-pack/metricbeat/modules.d/statsd.yml.disabled @@ -1,5 +1,5 @@ # Module: statsd -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-statsd.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-statsd.html - module: statsd host: "localhost" diff --git a/x-pack/metricbeat/modules.d/syncgateway.yml.disabled b/x-pack/metricbeat/modules.d/syncgateway.yml.disabled index 54c42a11809..f37b367c959 100644 --- a/x-pack/metricbeat/modules.d/syncgateway.yml.disabled +++ b/x-pack/metricbeat/modules.d/syncgateway.yml.disabled @@ -1,5 +1,5 @@ # Module: syncgateway -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-syncgateway.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-syncgateway.html - module: syncgateway metricsets: diff --git a/x-pack/metricbeat/modules.d/tomcat.yml.disabled b/x-pack/metricbeat/modules.d/tomcat.yml.disabled index 58a9a4038f7..623f5a888d5 100644 --- a/x-pack/metricbeat/modules.d/tomcat.yml.disabled +++ b/x-pack/metricbeat/modules.d/tomcat.yml.disabled @@ -1,5 +1,5 @@ # Module: tomcat -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-tomcat.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-tomcat.html - module: tomcat metricsets: ['threading', 'cache', 'memory', 'requests'] From f60c665d64769536d89505f7f3d18516476c6034 Mon Sep 17 00:00:00 2001 From: Kush Rana <89848966+kush-elastic@users.noreply.github.com> Date: Wed, 26 Jul 2023 13:58:05 +0530 Subject: [PATCH 7/7] Add CODEOWNER for salesforce as obs-infraobs-integrations (#36160) --- .github/CODEOWNERS | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 13edaaaf091..2ee0bafb361 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -155,6 +155,7 @@ CHANGELOG* /x-pack/filebeat/module/proofpoint @elastic/security-external-integrations /x-pack/filebeat/module/rabbitmq @elastic/obs-infraobs-integrations /x-pack/filebeat/module/radware @elastic/security-external-integrations +/x-pack/filebeat/module/salesforce @elastic/obs-infraobs-integrations /x-pack/filebeat/module/snort @elastic/security-external-integrations /x-pack/filebeat/module/snyk @elastic/security-external-integrations /x-pack/filebeat/module/sonicwall @elastic/security-external-integrations