From 6d35a7fe810dbefd73b606d75f28122bf2871f1a Mon Sep 17 00:00:00 2001 From: apmmachine Date: Tue, 18 Jul 2023 10:06:03 +0000 Subject: [PATCH] [automation] Publish kubernetes templates for elastic-agent --- .../templates.d/activemq.yml | 2 + .../templates.d/apache.yml | 3 + .../templates.d/cassandra.yml | 2 + .../templates.d/cef.yml | 41 +++---- .../templates.d/checkpoint.yml | 3 + .../templates.d/cockroachdb.yml | 2 + .../templates.d/crowdstrike.yml | 62 +++++------ .../templates.d/cyberarkpas.yml | 3 + .../templates.d/elasticsearch.yml | 2 + .../templates.d/endpoint.yml | 1 + .../templates.d/fireeye.yml | 3 + .../templates.d/haproxy.yml | 3 + .../templates.d/hashicorp_vault.yml | 3 + .../templates.d/hid_bravura_monitor.yml | 2 + .../templates.d/iis.yml | 2 + .../templates.d/infoblox_nios.yml | 45 ++++---- .../templates.d/iptables.yml | 33 +++--- .../templates.d/kafka.yml | 2 + .../templates.d/keycloak.yml | 1 + .../templates.d/kibana.yml | 73 +++++++------ .../templates.d/log.yml | 1 + .../templates.d/logstash.yml | 2 + .../templates.d/mattermost.yml | 1 + .../templates.d/microsoft_sqlserver.yml | 27 ++--- .../templates.d/mimecast.yml | 2 + .../templates.d/modsecurity.yml | 1 + .../templates.d/mongodb.yml | 6 +- .../templates.d/mysql.yml | 78 +++++++------- .../templates.d/mysql_enterprise.yml | 1 + .../templates.d/nats.yml | 46 ++++---- .../templates.d/netflow.yml | 2 + .../templates.d/nginx.yml | 101 +++++++++--------- .../templates.d/nginx_ingress_controller.yml | 1 + .../templates.d/oracle.yml | 54 +++++----- .../templates.d/panw.yml | 3 + .../templates.d/panw_cortex_xdr.yml | 2 + .../templates.d/pfsense.yml | 41 +++---- .../templates.d/postgresql.yml | 2 + .../templates.d/prometheus.yml | 6 +- .../templates.d/qnap_nas.yml | 3 + .../templates.d/rabbitmq.yml | 58 +++++----- .../templates.d/redis.yml | 75 ++++++------- .../templates.d/santa.yml | 1 + .../templates.d/security_detection_engine.yml | 1 + .../templates.d/sentinel_one.yml | 2 + .../templates.d/snort.yml | 2 + .../templates.d/snyk.yml | 2 + .../templates.d/stan.yml | 2 + .../templates.d/suricata.yml | 1 + .../templates.d/symantec_endpoint.yml | 3 + .../templates.d/synthetics.yml | 67 ++++++------ .../templates.d/tcp.yml | 2 + .../templates.d/tomcat.yml | 3 + .../templates.d/traefik.yml | 2 + .../templates.d/udp.yml | 2 + .../templates.d/zeek.yml | 2 + .../templates.d/zookeeper.yml | 2 + 57 files changed, 510 insertions(+), 385 deletions(-) diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/activemq.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/activemq.yml index cbdaf66311f..95d9566cf31 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/activemq.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/activemq.yml @@ -1,5 +1,6 @@ inputs: - name: filestream-activemq + id: filestream-activemq-${kubernetes.hints.container_id} type: filestream use_output: default streams: @@ -45,6 +46,7 @@ inputs: - activemq-log data_stream.namespace: default - name: activemq/metrics-activemq + id: activemq/metrics-activemq-${kubernetes.hints.container_id} type: activemq/metrics use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/apache.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/apache.yml index 42ae66a4d2e..e1586d3c5ea 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/apache.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/apache.yml @@ -1,5 +1,6 @@ inputs: - name: filestream-apache + id: filestream-apache-${kubernetes.hints.container_id} type: filestream use_output: default streams: @@ -41,6 +42,7 @@ inputs: - apache-error data_stream.namespace: default - name: httpjson-apache + id: httpjson-apache-${kubernetes.hints.container_id} type: httpjson use_output: default streams: @@ -122,6 +124,7 @@ inputs: - apache-error data_stream.namespace: default - name: apache/metrics-apache + id: apache/metrics-apache-${kubernetes.hints.container_id} type: apache/metrics use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/cassandra.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/cassandra.yml index aafef542628..1d6e88f57a6 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/cassandra.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/cassandra.yml @@ -1,5 +1,6 @@ inputs: - name: filestream-cassandra + id: filestream-cassandra-${kubernetes.hints.container_id} type: filestream use_output: default streams: @@ -27,6 +28,7 @@ inputs: - cassandra-systemlogs data_stream.namespace: default - name: jolokia/metrics-cassandra + id: jolokia/metrics-cassandra-${kubernetes.hints.container_id} type: jolokia/metrics use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/cef.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/cef.yml index 7cfc79e1ea9..659dd1ec979 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/cef.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/cef.yml @@ -1,20 +1,14 @@ inputs: - - name: filestream-cef - type: filestream + - name: udp-cef + id: udp-cef-${kubernetes.hints.container_id} + type: udp use_output: default streams: - condition: ${kubernetes.hints.cef.log.enabled} == true or ${kubernetes.hints.cef.enabled} == true data_stream: dataset: cef.log type: logs - exclude_files: - - .gz$ - parsers: - - container: - format: auto - stream: ${kubernetes.hints.cef.log.stream|'all'} - paths: - - /var/log/containers/*${kubernetes.hints.container_id}.log + host: localhost:9003 processors: - rename: fields: @@ -22,22 +16,20 @@ inputs: to: event.original - decode_cef: field: event.original - prospector: - scanner: - symlinks: true tags: - cef - forwarded data_stream.namespace: default - - name: udp-cef - type: udp + - name: tcp-cef + id: tcp-cef-${kubernetes.hints.container_id} + type: tcp use_output: default streams: - condition: ${kubernetes.hints.cef.log.enabled} == true or ${kubernetes.hints.cef.enabled} == true data_stream: dataset: cef.log type: logs - host: localhost:9003 + host: localhost:9004 processors: - rename: fields: @@ -49,15 +41,23 @@ inputs: - cef - forwarded data_stream.namespace: default - - name: tcp-cef - type: tcp + - name: filestream-cef + id: filestream-cef-${kubernetes.hints.container_id} + type: filestream use_output: default streams: - condition: ${kubernetes.hints.cef.log.enabled} == true or ${kubernetes.hints.cef.enabled} == true data_stream: dataset: cef.log type: logs - host: localhost:9004 + exclude_files: + - .gz$ + parsers: + - container: + format: auto + stream: ${kubernetes.hints.cef.log.stream|'all'} + paths: + - /var/log/containers/*${kubernetes.hints.container_id}.log processors: - rename: fields: @@ -65,6 +65,9 @@ inputs: to: event.original - decode_cef: field: event.original + prospector: + scanner: + symlinks: true tags: - cef - forwarded diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/checkpoint.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/checkpoint.yml index c46ce17f6b2..97bdf20b5a4 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/checkpoint.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/checkpoint.yml @@ -1,5 +1,6 @@ inputs: - name: filestream-checkpoint + id: filestream-checkpoint-${kubernetes.hints.container_id} type: filestream use_output: default streams: @@ -34,6 +35,7 @@ inputs: - forwarded data_stream.namespace: default - name: tcp-checkpoint + id: tcp-checkpoint-${kubernetes.hints.container_id} type: tcp use_output: default streams: @@ -48,6 +50,7 @@ inputs: - forwarded data_stream.namespace: default - name: udp-checkpoint + id: udp-checkpoint-${kubernetes.hints.container_id} type: udp use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/cockroachdb.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/cockroachdb.yml index 2810a327a8e..c26e8512a12 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/cockroachdb.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/cockroachdb.yml @@ -1,5 +1,6 @@ inputs: - name: prometheus/metrics-cockroachdb + id: prometheus/metrics-cockroachdb-${kubernetes.hints.container_id} type: prometheus/metrics use_output: default streams: @@ -22,6 +23,7 @@ inputs: username: ${kubernetes.hints.cockroachdb.status.username|kubernetes.hints.cockroachdb.username|''} data_stream.namespace: default - name: filestream-cockroachdb + id: filestream-cockroachdb-${kubernetes.hints.container_id} type: filestream use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/crowdstrike.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/crowdstrike.yml index 05c1e754378..760582f2305 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/crowdstrike.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/crowdstrike.yml @@ -1,35 +1,6 @@ inputs: - - name: aws-s3-crowdstrike - type: aws-s3 - use_output: default - streams: - - condition: ${kubernetes.hints.crowdstrike.fdr.enabled} == true or ${kubernetes.hints.crowdstrike.enabled} == true - data_stream: - dataset: crowdstrike.fdr - type: logs - queue_url: null - sqs.notification_parsing_script.source: | - function parse(n) { - var m = JSON.parse(n); - var evts = []; - var files = m.files; - var bucket = m.bucket; - if (!Array.isArray(files) || (files.length == 0) || bucket == null || bucket == "") { - return evts; - } - files.forEach(function(f){ - var evt = new S3EventV2(); - evt.SetS3BucketName(bucket); - evt.SetS3ObjectKey(f.path); - evts.push(evt); - }); - return evts; - } - tags: - - forwarded - - crowdstrike-fdr - data_stream.namespace: default - name: filestream-crowdstrike + id: filestream-crowdstrike-${kubernetes.hints.container_id} type: filestream use_output: default streams: @@ -77,3 +48,34 @@ inputs: - forwarded - crowdstrike-fdr data_stream.namespace: default + - name: aws-s3-crowdstrike + id: aws-s3-crowdstrike-${kubernetes.hints.container_id} + type: aws-s3 + use_output: default + streams: + - condition: ${kubernetes.hints.crowdstrike.fdr.enabled} == true or ${kubernetes.hints.crowdstrike.enabled} == true + data_stream: + dataset: crowdstrike.fdr + type: logs + queue_url: null + sqs.notification_parsing_script.source: | + function parse(n) { + var m = JSON.parse(n); + var evts = []; + var files = m.files; + var bucket = m.bucket; + if (!Array.isArray(files) || (files.length == 0) || bucket == null || bucket == "") { + return evts; + } + files.forEach(function(f){ + var evt = new S3EventV2(); + evt.SetS3BucketName(bucket); + evt.SetS3ObjectKey(f.path); + evts.push(evt); + }); + return evts; + } + tags: + - forwarded + - crowdstrike-fdr + data_stream.namespace: default diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/cyberarkpas.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/cyberarkpas.yml index efd5f7211d7..80cdc1bb0fa 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/cyberarkpas.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/cyberarkpas.yml @@ -1,5 +1,6 @@ inputs: - name: tcp-cyberarkpas + id: tcp-cyberarkpas-${kubernetes.hints.container_id} type: tcp use_output: default streams: @@ -16,6 +17,7 @@ inputs: tcp: null data_stream.namespace: default - name: udp-cyberarkpas + id: udp-cyberarkpas-${kubernetes.hints.container_id} type: udp use_output: default streams: @@ -32,6 +34,7 @@ inputs: udp: null data_stream.namespace: default - name: filestream-cyberarkpas + id: filestream-cyberarkpas-${kubernetes.hints.container_id} type: filestream use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/elasticsearch.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/elasticsearch.yml index ed5aae8dcc6..a5d43104711 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/elasticsearch.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/elasticsearch.yml @@ -1,5 +1,6 @@ inputs: - name: filestream-elasticsearch + id: filestream-elasticsearch-${kubernetes.hints.container_id} type: filestream use_output: default streams: @@ -124,6 +125,7 @@ inputs: symlinks: true data_stream.namespace: default - name: elasticsearch/metrics-elasticsearch + id: elasticsearch/metrics-elasticsearch-${kubernetes.hints.container_id} type: elasticsearch/metrics use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/endpoint.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/endpoint.yml index 81e0684ae0c..ffd93d407fd 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/endpoint.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/endpoint.yml @@ -1,5 +1,6 @@ inputs: - name: filestream-endpoint + id: filestream-endpoint-${kubernetes.hints.container_id} type: filestream use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/fireeye.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/fireeye.yml index 44b8074cb5a..44bd23b95d6 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/fireeye.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/fireeye.yml @@ -1,5 +1,6 @@ inputs: - name: filestream-fireeye + id: filestream-fireeye-${kubernetes.hints.container_id} type: filestream use_output: default streams: @@ -24,6 +25,7 @@ inputs: - fireeye-nx data_stream.namespace: default - name: udp-fireeye + id: udp-fireeye-${kubernetes.hints.container_id} type: udp use_output: default streams: @@ -41,6 +43,7 @@ inputs: udp: null data_stream.namespace: default - name: tcp-fireeye + id: tcp-fireeye-${kubernetes.hints.container_id} type: tcp use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/haproxy.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/haproxy.yml index 265a6c17863..2a69222df44 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/haproxy.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/haproxy.yml @@ -1,5 +1,6 @@ inputs: - name: filestream-haproxy + id: filestream-haproxy-${kubernetes.hints.container_id} type: filestream use_output: default streams: @@ -24,6 +25,7 @@ inputs: - haproxy-log data_stream.namespace: default - name: syslog-haproxy + id: syslog-haproxy-${kubernetes.hints.container_id} type: syslog use_output: default streams: @@ -40,6 +42,7 @@ inputs: - haproxy-log data_stream.namespace: default - name: haproxy/metrics-haproxy + id: haproxy/metrics-haproxy-${kubernetes.hints.container_id} type: haproxy/metrics use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/hashicorp_vault.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/hashicorp_vault.yml index 28bfd77da77..b98a748f878 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/hashicorp_vault.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/hashicorp_vault.yml @@ -1,5 +1,6 @@ inputs: - name: filestream-hashicorp_vault + id: filestream-hashicorp_vault-${kubernetes.hints.container_id} type: filestream use_output: default streams: @@ -39,6 +40,7 @@ inputs: - hashicorp-vault-log data_stream.namespace: default - name: tcp-hashicorp_vault + id: tcp-hashicorp_vault-${kubernetes.hints.container_id} type: tcp use_output: default streams: @@ -53,6 +55,7 @@ inputs: - forwarded data_stream.namespace: default - name: prometheus/metrics-hashicorp_vault + id: prometheus/metrics-hashicorp_vault-${kubernetes.hints.container_id} type: prometheus/metrics use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/hid_bravura_monitor.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/hid_bravura_monitor.yml index 28d8f782d69..92907934bce 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/hid_bravura_monitor.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/hid_bravura_monitor.yml @@ -1,5 +1,6 @@ inputs: - name: filestream-hid_bravura_monitor + id: filestream-hid_bravura_monitor-${kubernetes.hints.container_id} type: filestream use_output: default streams: @@ -30,6 +31,7 @@ inputs: tags: null data_stream.namespace: default - name: winlog-hid_bravura_monitor + id: winlog-hid_bravura_monitor-${kubernetes.hints.container_id} type: winlog use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/iis.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/iis.yml index 53b68610de2..8f35f1980e2 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/iis.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/iis.yml @@ -1,5 +1,6 @@ inputs: - name: filestream-iis + id: filestream-iis-${kubernetes.hints.container_id} type: filestream use_output: default streams: @@ -45,6 +46,7 @@ inputs: - iis-error data_stream.namespace: default - name: iis/metrics-iis + id: iis/metrics-iis-${kubernetes.hints.container_id} type: iis/metrics use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/infoblox_nios.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/infoblox_nios.yml index ae91786e742..413683e2d18 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/infoblox_nios.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/infoblox_nios.yml @@ -1,23 +1,37 @@ inputs: - - name: tcp-infoblox_nios - type: tcp + - name: filestream-infoblox_nios + id: filestream-infoblox_nios-${kubernetes.hints.container_id} + type: filestream use_output: default streams: - condition: ${kubernetes.hints.infoblox_nios.log.enabled} == true or ${kubernetes.hints.infoblox_nios.enabled} == true data_stream: dataset: infoblox_nios.log type: logs + exclude_files: + - .gz$ fields: _conf: tz_offset: local fields_under_root: true - host: localhost:9027 + parsers: + - container: + format: auto + stream: ${kubernetes.hints.infoblox_nios.log.stream|'all'} + paths: + - /var/log/containers/*${kubernetes.hints.container_id}.log + processors: + - add_locale: null + prospector: + scanner: + symlinks: true tags: - forwarded - infoblox_nios-log data_stream.namespace: default - - name: udp-infoblox_nios - type: udp + - name: tcp-infoblox_nios + id: tcp-infoblox_nios-${kubernetes.hints.container_id} + type: tcp use_output: default streams: - condition: ${kubernetes.hints.infoblox_nios.log.enabled} == true or ${kubernetes.hints.infoblox_nios.enabled} == true @@ -28,36 +42,25 @@ inputs: _conf: tz_offset: local fields_under_root: true - host: localhost:9028 + host: localhost:9027 tags: - forwarded - infoblox_nios-log data_stream.namespace: default - - name: filestream-infoblox_nios - type: filestream + - name: udp-infoblox_nios + id: udp-infoblox_nios-${kubernetes.hints.container_id} + type: udp use_output: default streams: - condition: ${kubernetes.hints.infoblox_nios.log.enabled} == true or ${kubernetes.hints.infoblox_nios.enabled} == true data_stream: dataset: infoblox_nios.log type: logs - exclude_files: - - .gz$ fields: _conf: tz_offset: local fields_under_root: true - parsers: - - container: - format: auto - stream: ${kubernetes.hints.infoblox_nios.log.stream|'all'} - paths: - - /var/log/containers/*${kubernetes.hints.container_id}.log - processors: - - add_locale: null - prospector: - scanner: - symlinks: true + host: localhost:9028 tags: - forwarded - infoblox_nios-log diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/iptables.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/iptables.yml index 662f0a4bf18..9ccbf653368 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/iptables.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/iptables.yml @@ -1,20 +1,6 @@ inputs: - - name: udp-iptables - type: udp - use_output: default - streams: - - condition: ${kubernetes.hints.iptables.log.enabled} == true or ${kubernetes.hints.iptables.enabled} == true - data_stream: - dataset: iptables.log - type: logs - host: localhost:9001 - processors: - - add_locale: null - tags: - - iptables-log - - forwarded - data_stream.namespace: default - name: filestream-iptables + id: filestream-iptables-${kubernetes.hints.container_id} type: filestream use_output: default streams: @@ -40,6 +26,7 @@ inputs: - forwarded data_stream.namespace: default - name: journald-iptables + id: journald-iptables-${kubernetes.hints.container_id} type: journald use_output: default streams: @@ -54,3 +41,19 @@ inputs: tags: - iptables-log data_stream.namespace: default + - name: udp-iptables + id: udp-iptables-${kubernetes.hints.container_id} + type: udp + use_output: default + streams: + - condition: ${kubernetes.hints.iptables.log.enabled} == true or ${kubernetes.hints.iptables.enabled} == true + data_stream: + dataset: iptables.log + type: logs + host: localhost:9001 + processors: + - add_locale: null + tags: + - iptables-log + - forwarded + data_stream.namespace: default diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/kafka.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/kafka.yml index c403b902c23..a167b6e182f 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/kafka.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/kafka.yml @@ -1,5 +1,6 @@ inputs: - name: kafka/metrics-kafka + id: kafka/metrics-kafka-${kubernetes.hints.container_id} type: kafka/metrics use_output: default streams: @@ -36,6 +37,7 @@ inputs: username: ${kubernetes.hints.kafka.partition.username|kubernetes.hints.kafka.username|''} data_stream.namespace: default - name: filestream-kafka + id: filestream-kafka-${kubernetes.hints.container_id} type: filestream use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/keycloak.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/keycloak.yml index 794d014d41c..b9b37780589 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/keycloak.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/keycloak.yml @@ -1,5 +1,6 @@ inputs: - name: filestream-keycloak + id: filestream-keycloak-${kubernetes.hints.container_id} type: filestream use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/kibana.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/kibana.yml index 5f33f274c14..499a6e9d659 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/kibana.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/kibana.yml @@ -1,5 +1,42 @@ inputs: + - name: filestream-kibana + id: filestream-kibana-${kubernetes.hints.container_id} + type: filestream + use_output: default + streams: + - condition: ${kubernetes.hints.kibana.audit.enabled} == true or ${kubernetes.hints.kibana.enabled} == true + data_stream: + dataset: kibana.audit + type: logs + exclude_files: + - .gz$ + parsers: + - container: + format: auto + stream: ${kubernetes.hints.kibana.audit.stream|'all'} + paths: + - /var/log/containers/*${kubernetes.hints.container_id}.log + prospector: + scanner: + symlinks: true + - condition: ${kubernetes.hints.kibana.log.enabled} == true or ${kubernetes.hints.kibana.enabled} == true + data_stream: + dataset: kibana.log + type: logs + exclude_files: + - .gz$ + parsers: + - container: + format: auto + stream: ${kubernetes.hints.kibana.log.stream|'all'} + paths: + - /var/log/containers/*${kubernetes.hints.container_id}.log + prospector: + scanner: + symlinks: true + data_stream.namespace: default - name: http/metrics-kibana + id: http/metrics-kibana-${kubernetes.hints.container_id} type: http/metrics use_output: default streams: @@ -26,6 +63,7 @@ inputs: username: ${kubernetes.hints.kibana.background_task_utilization.username|kubernetes.hints.kibana.username|''} data_stream.namespace: default - name: kibana/metrics-kibana + id: kibana/metrics-kibana-${kubernetes.hints.container_id} type: kibana/metrics use_output: default streams: @@ -96,38 +134,3 @@ inputs: period: ${kubernetes.hints.kibana.status.period|kubernetes.hints.kibana.period|'10s'} username: ${kubernetes.hints.kibana.status.username|kubernetes.hints.kibana.username|''} data_stream.namespace: default - - name: filestream-kibana - type: filestream - use_output: default - streams: - - condition: ${kubernetes.hints.kibana.audit.enabled} == true or ${kubernetes.hints.kibana.enabled} == true - data_stream: - dataset: kibana.audit - type: logs - exclude_files: - - .gz$ - parsers: - - container: - format: auto - stream: ${kubernetes.hints.kibana.audit.stream|'all'} - paths: - - /var/log/containers/*${kubernetes.hints.container_id}.log - prospector: - scanner: - symlinks: true - - condition: ${kubernetes.hints.kibana.log.enabled} == true or ${kubernetes.hints.kibana.enabled} == true - data_stream: - dataset: kibana.log - type: logs - exclude_files: - - .gz$ - parsers: - - container: - format: auto - stream: ${kubernetes.hints.kibana.log.stream|'all'} - paths: - - /var/log/containers/*${kubernetes.hints.container_id}.log - prospector: - scanner: - symlinks: true - data_stream.namespace: default diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/log.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/log.yml index 284ffe589ee..2c5f2136097 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/log.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/log.yml @@ -1,5 +1,6 @@ inputs: - name: filestream-log + id: filestream-log-${kubernetes.hints.container_id} type: filestream use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/logstash.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/logstash.yml index fbe4bb2f0b6..89c3aed53ca 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/logstash.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/logstash.yml @@ -1,5 +1,6 @@ inputs: - name: logstash/metrics-logstash + id: logstash/metrics-logstash-${kubernetes.hints.container_id} type: logstash/metrics use_output: default streams: @@ -27,6 +28,7 @@ inputs: username: ${kubernetes.hints.logstash.node_stats.username|kubernetes.hints.logstash.username|''} data_stream.namespace: default - name: filestream-logstash + id: filestream-logstash-${kubernetes.hints.container_id} type: filestream use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/mattermost.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/mattermost.yml index 3f4144bd41e..61235d40965 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/mattermost.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/mattermost.yml @@ -1,5 +1,6 @@ inputs: - name: filestream-mattermost + id: filestream-mattermost-${kubernetes.hints.container_id} type: filestream use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/microsoft_sqlserver.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/microsoft_sqlserver.yml index d3885086fc3..5c9eb7fddc2 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/microsoft_sqlserver.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/microsoft_sqlserver.yml @@ -1,5 +1,19 @@ inputs: + - name: winlog-microsoft_sqlserver + id: winlog-microsoft_sqlserver-${kubernetes.hints.container_id} + type: winlog + use_output: default + streams: + - condition: ${kubernetes.hints.microsoft_sqlserver.audit.enabled} == true or ${kubernetes.hints.microsoft_sqlserver.enabled} == true + data_stream: + dataset: microsoft_sqlserver.audit + type: logs + event_id: 33205 + ignore_older: 72h + name: Security + data_stream.namespace: default - name: filestream-microsoft_sqlserver + id: filestream-microsoft_sqlserver-${kubernetes.hints.container_id} type: filestream use_output: default streams: @@ -26,6 +40,7 @@ inputs: - mssql-logs data_stream.namespace: default - name: sql/metrics-microsoft_sqlserver + id: sql/metrics-microsoft_sqlserver-${kubernetes.hints.container_id} type: sql/metrics use_output: default streams: @@ -116,15 +131,3 @@ inputs: - query: USE [msdb] ; SELECT @@servername AS server_name, @@servicename AS instance_name, name As 'database_name', l.database_id, l.total_log_size_in_bytes As total_log_size_bytes, l.used_log_space_in_bytes As used_log_space_bytes, l.used_log_space_in_percent As used_log_space_pct, l.log_space_in_bytes_since_last_backup from sys.dm_db_log_space_usage l INNER JOIN sys.databases s ON l.database_id = s.database_id WHERE s.database_id = DB_ID('msdb') ; response_format: table data_stream.namespace: default - - name: winlog-microsoft_sqlserver - type: winlog - use_output: default - streams: - - condition: ${kubernetes.hints.microsoft_sqlserver.audit.enabled} == true or ${kubernetes.hints.microsoft_sqlserver.enabled} == true - data_stream: - dataset: microsoft_sqlserver.audit - type: logs - event_id: 33205 - ignore_older: 72h - name: Security - data_stream.namespace: default diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/mimecast.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/mimecast.yml index 58841855549..c7a82f2812c 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/mimecast.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/mimecast.yml @@ -1,5 +1,6 @@ inputs: - name: httpjson-mimecast + id: httpjson-mimecast-${kubernetes.hints.container_id} type: httpjson use_output: default streams: @@ -364,6 +365,7 @@ inputs: - mimecast-ttp-url data_stream.namespace: default - name: filestream-mimecast + id: filestream-mimecast-${kubernetes.hints.container_id} type: filestream use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/modsecurity.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/modsecurity.yml index 511ebeb16d9..bfdfd059ebe 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/modsecurity.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/modsecurity.yml @@ -1,5 +1,6 @@ inputs: - name: filestream-modsecurity + id: filestream-modsecurity-${kubernetes.hints.container_id} type: filestream use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/mongodb.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/mongodb.yml index 79ea7a4de93..6af480629d2 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/mongodb.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/mongodb.yml @@ -1,5 +1,6 @@ inputs: - name: filestream-mongodb + id: filestream-mongodb-${kubernetes.hints.container_id} type: filestream use_output: default streams: @@ -22,6 +23,7 @@ inputs: - mongodb-logs data_stream.namespace: default - name: mongodb/metrics-mongodb + id: mongodb/metrics-mongodb-${kubernetes.hints.container_id} type: mongodb/metrics use_output: default streams: @@ -51,7 +53,7 @@ inputs: password: ${kubernetes.hints.mongodb.dbstats.password|kubernetes.hints.mongodb.password|''} period: ${kubernetes.hints.mongodb.dbstats.period|kubernetes.hints.mongodb.period|'10s'} ssl.certificate: null - ssl.enabled: null + ssl.enabled: false ssl.key: null ssl.verification_mode: null username: ${kubernetes.hints.mongodb.dbstats.username|kubernetes.hints.mongodb.username|''} @@ -66,7 +68,7 @@ inputs: password: ${kubernetes.hints.mongodb.metrics.password|kubernetes.hints.mongodb.password|''} period: ${kubernetes.hints.mongodb.metrics.period|kubernetes.hints.mongodb.period|'10s'} ssl.certificate: null - ssl.enabled: false + ssl.enabled: null ssl.key: null ssl.verification_mode: null username: ${kubernetes.hints.mongodb.metrics.username|kubernetes.hints.mongodb.username|''} diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/mysql.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/mysql.yml index aa8ad8e0a02..df50544f5d9 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/mysql.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/mysql.yml @@ -1,5 +1,45 @@ inputs: + - name: mysql/metrics-mysql + id: mysql/metrics-mysql-${kubernetes.hints.container_id} + type: mysql/metrics + use_output: default + streams: + - condition: ${kubernetes.hints.mysql.galera_status.enabled} == true and ${kubernetes.hints.mysql.enabled} == true + data_stream: + dataset: mysql.galera_status + type: metrics + hosts: + - ${kubernetes.hints.mysql.galera_status.host|kubernetes.hints.mysql.host|'tcp(127.0.0.1:3306)/'} + metricsets: + - galera_status + password: ${kubernetes.hints.mysql.galera_status.password|kubernetes.hints.mysql.password|'test'} + period: ${kubernetes.hints.mysql.galera_status.period|kubernetes.hints.mysql.period|'10s'} + username: ${kubernetes.hints.mysql.galera_status.username|kubernetes.hints.mysql.username|'root'} + - condition: ${kubernetes.hints.mysql.performance.enabled} == true or ${kubernetes.hints.mysql.enabled} == true + data_stream: + dataset: mysql.performance + type: metrics + hosts: + - ${kubernetes.hints.mysql.performance.host|kubernetes.hints.mysql.host|'tcp(127.0.0.1:3306)/'} + metricsets: + - performance + password: ${kubernetes.hints.mysql.performance.password|kubernetes.hints.mysql.password|'test'} + period: ${kubernetes.hints.mysql.performance.period|kubernetes.hints.mysql.period|'10s'} + username: ${kubernetes.hints.mysql.performance.username|kubernetes.hints.mysql.username|'root'} + - condition: ${kubernetes.hints.mysql.status.enabled} == true or ${kubernetes.hints.mysql.enabled} == true + data_stream: + dataset: mysql.status + type: metrics + hosts: + - ${kubernetes.hints.mysql.status.host|kubernetes.hints.mysql.host|'tcp(127.0.0.1:3306)/'} + metricsets: + - status + password: ${kubernetes.hints.mysql.status.password|kubernetes.hints.mysql.password|'test'} + period: ${kubernetes.hints.mysql.status.period|kubernetes.hints.mysql.period|'10s'} + username: ${kubernetes.hints.mysql.status.username|kubernetes.hints.mysql.username|'root'} + data_stream.namespace: default - name: filestream-mysql + id: filestream-mysql-${kubernetes.hints.container_id} type: filestream use_output: default streams: @@ -47,41 +87,3 @@ inputs: scanner: symlinks: true data_stream.namespace: default - - name: mysql/metrics-mysql - type: mysql/metrics - use_output: default - streams: - - condition: ${kubernetes.hints.mysql.galera_status.enabled} == true and ${kubernetes.hints.mysql.enabled} == true - data_stream: - dataset: mysql.galera_status - type: metrics - hosts: - - ${kubernetes.hints.mysql.galera_status.host|kubernetes.hints.mysql.host|'tcp(127.0.0.1:3306)/'} - metricsets: - - galera_status - password: ${kubernetes.hints.mysql.galera_status.password|kubernetes.hints.mysql.password|'test'} - period: ${kubernetes.hints.mysql.galera_status.period|kubernetes.hints.mysql.period|'10s'} - username: ${kubernetes.hints.mysql.galera_status.username|kubernetes.hints.mysql.username|'root'} - - condition: ${kubernetes.hints.mysql.performance.enabled} == true or ${kubernetes.hints.mysql.enabled} == true - data_stream: - dataset: mysql.performance - type: metrics - hosts: - - ${kubernetes.hints.mysql.performance.host|kubernetes.hints.mysql.host|'tcp(127.0.0.1:3306)/'} - metricsets: - - performance - password: ${kubernetes.hints.mysql.performance.password|kubernetes.hints.mysql.password|'test'} - period: ${kubernetes.hints.mysql.performance.period|kubernetes.hints.mysql.period|'10s'} - username: ${kubernetes.hints.mysql.performance.username|kubernetes.hints.mysql.username|'root'} - - condition: ${kubernetes.hints.mysql.status.enabled} == true or ${kubernetes.hints.mysql.enabled} == true - data_stream: - dataset: mysql.status - type: metrics - hosts: - - ${kubernetes.hints.mysql.status.host|kubernetes.hints.mysql.host|'tcp(127.0.0.1:3306)/'} - metricsets: - - status - password: ${kubernetes.hints.mysql.status.password|kubernetes.hints.mysql.password|'test'} - period: ${kubernetes.hints.mysql.status.period|kubernetes.hints.mysql.period|'10s'} - username: ${kubernetes.hints.mysql.status.username|kubernetes.hints.mysql.username|'root'} - data_stream.namespace: default diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/mysql_enterprise.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/mysql_enterprise.yml index d943bb661ff..e3aca3b5b7c 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/mysql_enterprise.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/mysql_enterprise.yml @@ -1,5 +1,6 @@ inputs: - name: filestream-mysql_enterprise + id: filestream-mysql_enterprise-${kubernetes.hints.container_id} type: filestream use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/nats.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/nats.yml index af4da4e87ec..4630a5b5e9e 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/nats.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/nats.yml @@ -1,27 +1,6 @@ inputs: - - name: filestream-nats - type: filestream - use_output: default - streams: - - condition: ${kubernetes.hints.nats.log.enabled} == true or ${kubernetes.hints.nats.enabled} == true - data_stream: - dataset: nats.log - type: logs - exclude_files: - - .gz$ - parsers: - - container: - format: auto - stream: ${kubernetes.hints.nats.log.stream|'all'} - paths: - - /var/log/containers/*${kubernetes.hints.container_id}.log - prospector: - scanner: - symlinks: true - tags: - - nats-log - data_stream.namespace: default - name: nats/metrics-nats + id: nats/metrics-nats-${kubernetes.hints.container_id} type: nats/metrics use_output: default streams: @@ -80,3 +59,26 @@ inputs: - subscriptions period: ${kubernetes.hints.nats.subscriptions.period|kubernetes.hints.nats.period|'10s'} data_stream.namespace: default + - name: filestream-nats + id: filestream-nats-${kubernetes.hints.container_id} + type: filestream + use_output: default + streams: + - condition: ${kubernetes.hints.nats.log.enabled} == true or ${kubernetes.hints.nats.enabled} == true + data_stream: + dataset: nats.log + type: logs + exclude_files: + - .gz$ + parsers: + - container: + format: auto + stream: ${kubernetes.hints.nats.log.stream|'all'} + paths: + - /var/log/containers/*${kubernetes.hints.container_id}.log + prospector: + scanner: + symlinks: true + tags: + - nats-log + data_stream.namespace: default diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/netflow.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/netflow.yml index bbb1f92261d..b43760795e5 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/netflow.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/netflow.yml @@ -1,5 +1,6 @@ inputs: - name: netflow-netflow + id: netflow-netflow-${kubernetes.hints.container_id} type: netflow use_output: default streams: @@ -26,6 +27,7 @@ inputs: timeout: ${kubernetes.hints.netflow.log.timeout|kubernetes.hints.netflow.timeout|'} data_stream.namespace: default - name: filestream-netflow + id: filestream-netflow-${kubernetes.hints.container_id} type: filestream use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/nginx.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/nginx.yml index 098fecf78af..4e5879469a4 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/nginx.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/nginx.yml @@ -1,54 +1,6 @@ inputs: - - name: filestream-nginx - type: filestream - use_output: default - streams: - - condition: ${kubernetes.hints.nginx.access.enabled} == true or ${kubernetes.hints.nginx.enabled} == true - data_stream: - dataset: nginx.access - type: logs - exclude_files: - - .gz$ - ignore_older: 72h - parsers: - - container: - format: auto - stream: ${kubernetes.hints.nginx.access.stream|'all'} - paths: - - /var/log/containers/*${kubernetes.hints.container_id}.log - processors: - - add_locale: null - prospector: - scanner: - symlinks: true - tags: - - nginx-access - - condition: ${kubernetes.hints.nginx.error.enabled} == true or ${kubernetes.hints.nginx.enabled} == true - data_stream: - dataset: nginx.error - type: logs - exclude_files: - - .gz$ - ignore_older: 72h - multiline: - match: after - negate: true - pattern: '^\d{4}\/\d{2}\/\d{2} ' - parsers: - - container: - format: auto - stream: ${kubernetes.hints.nginx.error.stream|'all'} - paths: - - /var/log/containers/*${kubernetes.hints.container_id}.log - processors: - - add_locale: null - prospector: - scanner: - symlinks: true - tags: - - nginx-error - data_stream.namespace: default - name: httpjson-nginx + id: httpjson-nginx-${kubernetes.hints.container_id} type: httpjson use_output: default streams: @@ -130,6 +82,7 @@ inputs: - nginx-error data_stream.namespace: default - name: nginx/metrics-nginx + id: nginx/metrics-nginx-${kubernetes.hints.container_id} type: nginx/metrics use_output: default streams: @@ -144,3 +97,53 @@ inputs: period: ${kubernetes.hints.nginx.stubstatus.period|kubernetes.hints.nginx.period|'10s'} server_status_path: /nginx_status data_stream.namespace: default + - name: filestream-nginx + id: filestream-nginx-${kubernetes.hints.container_id} + type: filestream + use_output: default + streams: + - condition: ${kubernetes.hints.nginx.access.enabled} == true or ${kubernetes.hints.nginx.enabled} == true + data_stream: + dataset: nginx.access + type: logs + exclude_files: + - .gz$ + ignore_older: 72h + parsers: + - container: + format: auto + stream: ${kubernetes.hints.nginx.access.stream|'all'} + paths: + - /var/log/containers/*${kubernetes.hints.container_id}.log + processors: + - add_locale: null + prospector: + scanner: + symlinks: true + tags: + - nginx-access + - condition: ${kubernetes.hints.nginx.error.enabled} == true or ${kubernetes.hints.nginx.enabled} == true + data_stream: + dataset: nginx.error + type: logs + exclude_files: + - .gz$ + ignore_older: 72h + multiline: + match: after + negate: true + pattern: '^\d{4}\/\d{2}\/\d{2} ' + parsers: + - container: + format: auto + stream: ${kubernetes.hints.nginx.error.stream|'all'} + paths: + - /var/log/containers/*${kubernetes.hints.container_id}.log + processors: + - add_locale: null + prospector: + scanner: + symlinks: true + tags: + - nginx-error + data_stream.namespace: default diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/nginx_ingress_controller.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/nginx_ingress_controller.yml index 0ceeffddedd..f3f3941190c 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/nginx_ingress_controller.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/nginx_ingress_controller.yml @@ -1,5 +1,6 @@ inputs: - name: filestream-nginx_ingress_controller + id: filestream-nginx_ingress_controller-${kubernetes.hints.container_id} type: filestream use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/oracle.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/oracle.yml index c6a5cb725a3..29e0c8f1699 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/oracle.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/oracle.yml @@ -1,31 +1,6 @@ inputs: - - name: filestream-oracle - type: filestream - use_output: default - streams: - - condition: ${kubernetes.hints.oracle.database_audit.enabled} == true or ${kubernetes.hints.oracle.enabled} == true - data_stream: - dataset: oracle.database_audit - type: logs - exclude_files: - - .gz$ - exclude_lines: - - ^Audit file - parsers: - - multiline: - match: after - negate: true - pattern: ^[A-Za-z]{3}\s+[A-Za-z]{3}\s+[0-9]{1,2}\s[0-9]{2}:[0-9]{2}:[0-9]{2}\s[0-9]{4}\s\S[0-9]{2}:[0-9]{2} - timeout: 10 - type: pattern - paths: - - /var/log/containers/*${kubernetes.hints.container_id}.log - processors: - - add_locale: null - tags: - - oracle-database_audit - data_stream.namespace: default - name: sql/metrics-oracle + id: sql/metrics-oracle-${kubernetes.hints.container_id} type: sql/metrics use_output: default streams: @@ -117,3 +92,30 @@ inputs: - query: WITH data_files AS (SELECT file_name, file_id, tablespace_name, bytes, status, maxbytes, user_bytes, online_status FROM sys.dba_data_files UNION SELECT file_name, file_id, tablespace_name, bytes, status, maxbytes, user_bytes, status AS ONLINE_STATUS FROM sys.dba_temp_files), spaces AS (SELECT b.tablespace_name TB_NAME, tbs_size TB_SIZE_USED, a.free_space TB_SIZE_FREE FROM (SELECT tablespace_name, SUM(bytes) AS free_space FROM dba_free_space GROUP BY tablespace_name) a, (SELECT tablespace_name, SUM(bytes) AS tbs_size FROM dba_data_files GROUP BY tablespace_name) b WHERE a.tablespace_name(+) = b.tablespace_name AND a.tablespace_name != 'TEMP'), temp_spaces AS (SELECT tablespace_name, tablespace_size, allocated_space, free_space FROM dba_temp_free_space WHERE tablespace_name = 'TEMP'), details AS (SELECT df.file_name, df.file_id, df.tablespace_name, df.bytes, df.status, df.maxbytes, df.user_bytes, df.online_status, sp.tb_size_used, sp.tb_size_free FROM data_files df, spaces sp WHERE df.tablespace_name = sp.tb_name UNION SELECT df.file_name, df.file_id, df.tablespace_name, df.bytes, df.status, df.maxbytes, df.user_bytes, df.online_status, tsp.tablespace_size - tsp.free_space AS TB_SIZE_USED, tsp.free_space AS TB_SIZE_FREE FROM data_files df, temp_spaces tsp WHERE df.tablespace_name = tsp.tablespace_name) SELECT file_name, file_id, tablespace_name, bytes, status, maxbytes, user_bytes, online_status, tb_size_used, tb_size_free, SUM(bytes) over() AS TOTAL_BYTES FROM details response_format: table data_stream.namespace: default + - name: filestream-oracle + id: filestream-oracle-${kubernetes.hints.container_id} + type: filestream + use_output: default + streams: + - condition: ${kubernetes.hints.oracle.database_audit.enabled} == true or ${kubernetes.hints.oracle.enabled} == true + data_stream: + dataset: oracle.database_audit + type: logs + exclude_files: + - .gz$ + exclude_lines: + - ^Audit file + parsers: + - multiline: + match: after + negate: true + pattern: ^[A-Za-z]{3}\s+[A-Za-z]{3}\s+[0-9]{1,2}\s[0-9]{2}:[0-9]{2}:[0-9]{2}\s[0-9]{4}\s\S[0-9]{2}:[0-9]{2} + timeout: 10 + type: pattern + paths: + - /var/log/containers/*${kubernetes.hints.container_id}.log + processors: + - add_locale: null + tags: + - oracle-database_audit + data_stream.namespace: default diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/panw.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/panw.yml index ad50f49f29c..7aeb20e1ccc 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/panw.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/panw.yml @@ -1,5 +1,6 @@ inputs: - name: tcp-panw + id: tcp-panw-${kubernetes.hints.container_id} type: tcp use_output: default streams: @@ -31,6 +32,7 @@ inputs: - forwarded data_stream.namespace: default - name: udp-panw + id: udp-panw-${kubernetes.hints.container_id} type: udp use_output: default streams: @@ -61,6 +63,7 @@ inputs: - forwarded data_stream.namespace: default - name: filestream-panw + id: filestream-panw-${kubernetes.hints.container_id} type: filestream use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/panw_cortex_xdr.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/panw_cortex_xdr.yml index bbd2aebfa4b..b5aa8858c7e 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/panw_cortex_xdr.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/panw_cortex_xdr.yml @@ -1,5 +1,6 @@ inputs: - name: httpjson-panw_cortex_xdr + id: httpjson-panw_cortex_xdr-${kubernetes.hints.container_id} type: httpjson use_output: default streams: @@ -68,6 +69,7 @@ inputs: - panw_cortex_xdr data_stream.namespace: default - name: filestream-panw_cortex_xdr + id: filestream-panw_cortex_xdr-${kubernetes.hints.container_id} type: filestream use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/pfsense.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/pfsense.yml index 814bd0dc2ce..f21316d7581 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/pfsense.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/pfsense.yml @@ -1,24 +1,6 @@ inputs: - - name: tcp-pfsense - type: tcp - use_output: default - streams: - - condition: ${kubernetes.hints.pfsense.log.enabled} == true and ${kubernetes.hints.pfsense.enabled} == true - data_stream: - dataset: pfsense.log - type: logs - host: localhost:9001 - processors: - - add_locale: null - - add_fields: - fields: - tz_offset: local - target: _tmp - tags: - - pfsense - - forwarded - data_stream.namespace: default - name: filestream-pfsense + id: filestream-pfsense-${kubernetes.hints.container_id} type: filestream use_output: default streams: @@ -40,6 +22,7 @@ inputs: tags: [] data_stream.namespace: default - name: udp-pfsense + id: udp-pfsense-${kubernetes.hints.container_id} type: udp use_output: default streams: @@ -60,3 +43,23 @@ inputs: - pfsense - forwarded data_stream.namespace: default + - name: tcp-pfsense + id: tcp-pfsense-${kubernetes.hints.container_id} + type: tcp + use_output: default + streams: + - condition: ${kubernetes.hints.pfsense.log.enabled} == true and ${kubernetes.hints.pfsense.enabled} == true + data_stream: + dataset: pfsense.log + type: logs + host: localhost:9001 + processors: + - add_locale: null + - add_fields: + fields: + tz_offset: local + target: _tmp + tags: + - pfsense + - forwarded + data_stream.namespace: default diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/postgresql.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/postgresql.yml index c6ba715606c..18c9cf3ed4b 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/postgresql.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/postgresql.yml @@ -1,5 +1,6 @@ inputs: - name: filestream-postgresql + id: filestream-postgresql-${kubernetes.hints.container_id} type: filestream use_output: default streams: @@ -26,6 +27,7 @@ inputs: - postgresql-log data_stream.namespace: default - name: postgresql/metrics-postgresql + id: postgresql/metrics-postgresql-${kubernetes.hints.container_id} type: postgresql/metrics use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/prometheus.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/prometheus.yml index 0d1783f7741..e5b613a4804 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/prometheus.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/prometheus.yml @@ -1,5 +1,6 @@ inputs: - name: prometheus/metrics-prometheus + id: prometheus/metrics-prometheus-${kubernetes.hints.container_id} type: prometheus/metrics use_output: default streams: @@ -58,14 +59,15 @@ inputs: - remote_write port: 9201 rate_counters: true - ssl.certificate: null + ssl.certificate: /etc/pki/server/cert.pem ssl.enabled: null - ssl.key: /etc/pki/server/cert.key + ssl.key: null types_patterns.exclude: null types_patterns.include: null use_types: true data_stream.namespace: default - name: filestream-prometheus + id: filestream-prometheus-${kubernetes.hints.container_id} type: filestream use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/qnap_nas.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/qnap_nas.yml index 3d517763b74..792f25ecc22 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/qnap_nas.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/qnap_nas.yml @@ -1,5 +1,6 @@ inputs: - name: tcp-qnap_nas + id: tcp-qnap_nas-${kubernetes.hints.container_id} type: tcp use_output: default streams: @@ -19,6 +20,7 @@ inputs: - forwarded data_stream.namespace: default - name: udp-qnap_nas + id: udp-qnap_nas-${kubernetes.hints.container_id} type: udp use_output: default streams: @@ -38,6 +40,7 @@ inputs: - forwarded data_stream.namespace: default - name: filestream-qnap_nas + id: filestream-qnap_nas-${kubernetes.hints.container_id} type: filestream use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/rabbitmq.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/rabbitmq.yml index 7117fd1d369..698bb87070c 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/rabbitmq.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/rabbitmq.yml @@ -1,5 +1,35 @@ inputs: + - name: filestream-rabbitmq + id: filestream-rabbitmq-${kubernetes.hints.container_id} + type: filestream + use_output: default + streams: + - condition: ${kubernetes.hints.rabbitmq.log.enabled} == true or ${kubernetes.hints.rabbitmq.enabled} == true + data_stream: + dataset: rabbitmq.log + type: logs + exclude_files: + - .gz$ + multiline: + match: after + negate: true + pattern: '[0-9]{4}-[0-9]{2}-[0-9]{2}' + parsers: + - container: + format: auto + stream: ${kubernetes.hints.rabbitmq.log.stream|'all'} + paths: + - /var/log/containers/*${kubernetes.hints.container_id}.log + processors: + - add_locale: null + prospector: + scanner: + symlinks: true + tags: + - forwarded + data_stream.namespace: default - name: rabbitmq/metrics-rabbitmq + id: rabbitmq/metrics-rabbitmq-${kubernetes.hints.container_id} type: rabbitmq/metrics use_output: default streams: @@ -49,31 +79,3 @@ inputs: period: ${kubernetes.hints.rabbitmq.queue.period|kubernetes.hints.rabbitmq.period|'10s'} username: ${kubernetes.hints.rabbitmq.queue.username|kubernetes.hints.rabbitmq.username|''} data_stream.namespace: default - - name: filestream-rabbitmq - type: filestream - use_output: default - streams: - - condition: ${kubernetes.hints.rabbitmq.log.enabled} == true or ${kubernetes.hints.rabbitmq.enabled} == true - data_stream: - dataset: rabbitmq.log - type: logs - exclude_files: - - .gz$ - multiline: - match: after - negate: true - pattern: '[0-9]{4}-[0-9]{2}-[0-9]{2}' - parsers: - - container: - format: auto - stream: ${kubernetes.hints.rabbitmq.log.stream|'all'} - paths: - - /var/log/containers/*${kubernetes.hints.container_id}.log - processors: - - add_locale: null - prospector: - scanner: - symlinks: true - tags: - - forwarded - data_stream.namespace: default diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/redis.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/redis.yml index 00e548b50f5..eefb7e7a008 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/redis.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/redis.yml @@ -1,5 +1,44 @@ inputs: + - name: filestream-redis + id: filestream-redis-${kubernetes.hints.container_id} + type: filestream + use_output: default + streams: + - condition: ${kubernetes.hints.redis.log.enabled} == true or ${kubernetes.hints.redis.enabled} == true + data_stream: + dataset: redis.log + type: logs + exclude_files: + - .gz$ + exclude_lines: + - ^\s+[\-`('.|_] + parsers: + - container: + format: auto + stream: ${kubernetes.hints.redis.log.stream|'all'} + paths: + - /var/log/containers/*${kubernetes.hints.container_id}.log + prospector: + scanner: + symlinks: true + tags: + - redis-log + data_stream.namespace: default + - name: redis-redis + id: redis-redis-${kubernetes.hints.container_id} + type: redis + use_output: default + streams: + - condition: ${kubernetes.hints.redis.slowlog.enabled} == true or ${kubernetes.hints.redis.enabled} == true + data_stream: + dataset: redis.slowlog + type: logs + hosts: + - ${kubernetes.hints.redis.slowlog.host|kubernetes.hints.redis.host|'127.0.0.1:6379'} + password: ${kubernetes.hints.redis.slowlog.password|kubernetes.hints.redis.password|''} + data_stream.namespace: default - name: redis/metrics-redis + id: redis/metrics-redis-${kubernetes.hints.container_id} type: redis/metrics use_output: default streams: @@ -46,39 +85,3 @@ inputs: password: ${kubernetes.hints.redis.keyspace.password|kubernetes.hints.redis.password|''} period: ${kubernetes.hints.redis.keyspace.period|kubernetes.hints.redis.period|'10s'} data_stream.namespace: default - - name: filestream-redis - type: filestream - use_output: default - streams: - - condition: ${kubernetes.hints.redis.log.enabled} == true or ${kubernetes.hints.redis.enabled} == true - data_stream: - dataset: redis.log - type: logs - exclude_files: - - .gz$ - exclude_lines: - - ^\s+[\-`('.|_] - parsers: - - container: - format: auto - stream: ${kubernetes.hints.redis.log.stream|'all'} - paths: - - /var/log/containers/*${kubernetes.hints.container_id}.log - prospector: - scanner: - symlinks: true - tags: - - redis-log - data_stream.namespace: default - - name: redis-redis - type: redis - use_output: default - streams: - - condition: ${kubernetes.hints.redis.slowlog.enabled} == true or ${kubernetes.hints.redis.enabled} == true - data_stream: - dataset: redis.slowlog - type: logs - hosts: - - ${kubernetes.hints.redis.slowlog.host|kubernetes.hints.redis.host|'127.0.0.1:6379'} - password: ${kubernetes.hints.redis.slowlog.password|kubernetes.hints.redis.password|''} - data_stream.namespace: default diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/santa.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/santa.yml index d60bfeb744a..3797fadc554 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/santa.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/santa.yml @@ -1,5 +1,6 @@ inputs: - name: filestream-santa + id: filestream-santa-${kubernetes.hints.container_id} type: filestream use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/security_detection_engine.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/security_detection_engine.yml index aee90809a9f..73688205194 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/security_detection_engine.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/security_detection_engine.yml @@ -1,5 +1,6 @@ inputs: - name: filestream-security_detection_engine + id: filestream-security_detection_engine-${kubernetes.hints.container_id} type: filestream use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/sentinel_one.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/sentinel_one.yml index f633448c651..8557717a5db 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/sentinel_one.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/sentinel_one.yml @@ -1,5 +1,6 @@ inputs: - name: httpjson-sentinel_one + id: httpjson-sentinel_one-${kubernetes.hints.container_id} type: httpjson use_output: default streams: @@ -195,6 +196,7 @@ inputs: - sentinel_one-threat data_stream.namespace: default - name: filestream-sentinel_one + id: filestream-sentinel_one-${kubernetes.hints.container_id} type: filestream use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/snort.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/snort.yml index 80ed6df384a..36254df2c53 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/snort.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/snort.yml @@ -1,5 +1,6 @@ inputs: - name: filestream-snort + id: filestream-snort-${kubernetes.hints.container_id} type: filestream use_output: default streams: @@ -31,6 +32,7 @@ inputs: - snort.log data_stream.namespace: default - name: udp-snort + id: udp-snort-${kubernetes.hints.container_id} type: udp use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/snyk.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/snyk.yml index 4f857c2233c..990c39b9f14 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/snyk.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/snyk.yml @@ -1,5 +1,6 @@ inputs: - name: httpjson-snyk + id: httpjson-snyk-${kubernetes.hints.container_id} type: httpjson use_output: default streams: @@ -117,6 +118,7 @@ inputs: - snyk-vulnerabilities data_stream.namespace: default - name: filestream-snyk + id: filestream-snyk-${kubernetes.hints.container_id} type: filestream use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/stan.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/stan.yml index ea77d57ed81..9d94ff431d4 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/stan.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/stan.yml @@ -1,5 +1,6 @@ inputs: - name: filestream-stan + id: filestream-stan-${kubernetes.hints.container_id} type: filestream use_output: default streams: @@ -23,6 +24,7 @@ inputs: - stan-log data_stream.namespace: default - name: stan/metrics-stan + id: stan/metrics-stan-${kubernetes.hints.container_id} type: stan/metrics use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/suricata.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/suricata.yml index 374d369783e..cbb037a11d1 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/suricata.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/suricata.yml @@ -1,5 +1,6 @@ inputs: - name: filestream-suricata + id: filestream-suricata-${kubernetes.hints.container_id} type: filestream use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/symantec_endpoint.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/symantec_endpoint.yml index 006729bc60f..17f23d019e6 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/symantec_endpoint.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/symantec_endpoint.yml @@ -1,5 +1,6 @@ inputs: - name: filestream-symantec_endpoint + id: filestream-symantec_endpoint-${kubernetes.hints.container_id} type: filestream use_output: default streams: @@ -28,6 +29,7 @@ inputs: - forwarded data_stream.namespace: default - name: tcp-symantec_endpoint + id: tcp-symantec_endpoint-${kubernetes.hints.container_id} type: tcp use_output: default streams: @@ -47,6 +49,7 @@ inputs: - forwarded data_stream.namespace: default - name: udp-symantec_endpoint + id: udp-symantec_endpoint-${kubernetes.hints.container_id} type: udp use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/synthetics.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/synthetics.yml index 78bbf49a5c6..96a643f41ea 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/synthetics.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/synthetics.yml @@ -1,36 +1,6 @@ inputs: - - name: synthetics/http-synthetics - type: synthetics/http - use_output: default - streams: - - __ui: null - check.request.method: null - condition: ${kubernetes.hints.synthetics.http.enabled} == true and ${kubernetes.hints.synthetics.enabled} == true - data_stream: - dataset: http - type: synthetics - enabled: true - ipv4: true - ipv6: true - max_redirects: null - name: null - password: ${kubernetes.hints.synthetics.http.password|kubernetes.hints.synthetics.password|''} - processors: - - add_fields: - fields: - monitor.fleet_managed: true - target: "" - response.include_body: null - response.include_headers: null - run_from.geo.name: Fleet managed - run_from.id: fleet_managed - schedule: '@every 3m' - timeout: ${kubernetes.hints.synthetics.http.timeout|kubernetes.hints.synthetics.timeout|''} - type: http - urls: null - username: ${kubernetes.hints.synthetics.http.username|kubernetes.hints.synthetics.username|''} - data_stream.namespace: default - name: synthetics/tcp-synthetics + id: synthetics/tcp-synthetics-${kubernetes.hints.container_id} type: synthetics/tcp use_output: default streams: @@ -57,6 +27,7 @@ inputs: type: tcp data_stream.namespace: default - name: synthetics/icmp-synthetics + id: synthetics/icmp-synthetics-${kubernetes.hints.container_id} type: synthetics/icmp use_output: default streams: @@ -83,6 +54,7 @@ inputs: wait: 1s data_stream.namespace: default - name: synthetics/browser-synthetics + id: synthetics/browser-synthetics-${kubernetes.hints.container_id} type: synthetics/browser use_output: default streams: @@ -124,6 +96,7 @@ inputs: target: "" data_stream.namespace: default - name: filestream-synthetics + id: filestream-synthetics-${kubernetes.hints.container_id} type: filestream use_output: default streams: @@ -144,3 +117,35 @@ inputs: symlinks: true tags: [] data_stream.namespace: default + - name: synthetics/http-synthetics + id: synthetics/http-synthetics-${kubernetes.hints.container_id} + type: synthetics/http + use_output: default + streams: + - __ui: null + check.request.method: null + condition: ${kubernetes.hints.synthetics.http.enabled} == true and ${kubernetes.hints.synthetics.enabled} == true + data_stream: + dataset: http + type: synthetics + enabled: true + ipv4: true + ipv6: true + max_redirects: null + name: null + password: ${kubernetes.hints.synthetics.http.password|kubernetes.hints.synthetics.password|''} + processors: + - add_fields: + fields: + monitor.fleet_managed: true + target: "" + response.include_body: null + response.include_headers: null + run_from.geo.name: Fleet managed + run_from.id: fleet_managed + schedule: '@every 3m' + timeout: ${kubernetes.hints.synthetics.http.timeout|kubernetes.hints.synthetics.timeout|''} + type: http + urls: null + username: ${kubernetes.hints.synthetics.http.username|kubernetes.hints.synthetics.username|''} + data_stream.namespace: default diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/tcp.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/tcp.yml index 678e905e473..80f4f2062c3 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/tcp.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/tcp.yml @@ -1,5 +1,6 @@ inputs: - name: tcp-tcp + id: tcp-tcp-${kubernetes.hints.container_id} type: tcp use_output: default streams: @@ -11,6 +12,7 @@ inputs: timeout: ${kubernetes.hints.tcp.generic.timeout|kubernetes.hints.tcp.timeout|''} data_stream.namespace: default - name: filestream-tcp + id: filestream-tcp-${kubernetes.hints.container_id} type: filestream use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/tomcat.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/tomcat.yml index e31b69fcbf1..e88d1490bc4 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/tomcat.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/tomcat.yml @@ -1,5 +1,6 @@ inputs: - name: filestream-tomcat + id: filestream-tomcat-${kubernetes.hints.container_id} type: filestream use_output: default streams: @@ -2771,6 +2772,7 @@ inputs: - forwarded data_stream.namespace: default - name: udp-tomcat + id: udp-tomcat-${kubernetes.hints.container_id} type: udp use_output: default streams: @@ -5533,6 +5535,7 @@ inputs: udp: null data_stream.namespace: default - name: tcp-tomcat + id: tcp-tomcat-${kubernetes.hints.container_id} type: tcp use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/traefik.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/traefik.yml index 15b7ffbbba9..dbd3b642d42 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/traefik.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/traefik.yml @@ -1,5 +1,6 @@ inputs: - name: filestream-traefik + id: filestream-traefik-${kubernetes.hints.container_id} type: filestream use_output: default streams: @@ -22,6 +23,7 @@ inputs: - forwarded data_stream.namespace: default - name: traefik/metrics-traefik + id: traefik/metrics-traefik-${kubernetes.hints.container_id} type: traefik/metrics use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/udp.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/udp.yml index 48e547ede3b..bc21b484f27 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/udp.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/udp.yml @@ -1,5 +1,6 @@ inputs: - name: udp-udp + id: udp-udp-${kubernetes.hints.container_id} type: udp use_output: default streams: @@ -12,6 +13,7 @@ inputs: timeout: ${kubernetes.hints.udp.generic.timeout|kubernetes.hints.udp.timeout|''} data_stream.namespace: default - name: filestream-udp + id: filestream-udp-${kubernetes.hints.container_id} type: filestream use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/zeek.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/zeek.yml index 0bd6c14afb4..871e2ade541 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/zeek.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/zeek.yml @@ -1,5 +1,6 @@ inputs: - name: filestream-zeek + id: filestream-zeek-${kubernetes.hints.container_id} type: filestream use_output: default streams: @@ -862,6 +863,7 @@ inputs: - zeek-x509 data_stream.namespace: default - name: httpjson-zeek + id: httpjson-zeek-${kubernetes.hints.container_id} type: httpjson use_output: default streams: diff --git a/deploy/kubernetes/elastic-agent-standalone/templates.d/zookeeper.yml b/deploy/kubernetes/elastic-agent-standalone/templates.d/zookeeper.yml index 411d454e031..fa7f8e54e7a 100644 --- a/deploy/kubernetes/elastic-agent-standalone/templates.d/zookeeper.yml +++ b/deploy/kubernetes/elastic-agent-standalone/templates.d/zookeeper.yml @@ -1,5 +1,6 @@ inputs: - name: zookeeper/metrics-zookeeper + id: zookeeper/metrics-zookeeper-${kubernetes.hints.container_id} type: zookeeper/metrics use_output: default streams: @@ -32,6 +33,7 @@ inputs: period: ${kubernetes.hints.zookeeper.server.period|kubernetes.hints.zookeeper.period|'10s'} data_stream.namespace: default - name: filestream-zookeeper + id: filestream-zookeeper-${kubernetes.hints.container_id} type: filestream use_output: default streams: