diff --git a/packages/cassandra/_dev/build/build.yml b/packages/cassandra/_dev/build/build.yml index aaafc5d833b6..2bfcfc223b04 100644 --- a/packages/cassandra/_dev/build/build.yml +++ b/packages/cassandra/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.5.1 + reference: "git@v8.11.0" diff --git a/packages/cassandra/_dev/build/docs/README.md b/packages/cassandra/_dev/build/docs/README.md index a0d9e9a1264f..2133b03f80b7 100644 --- a/packages/cassandra/_dev/build/docs/README.md +++ b/packages/cassandra/_dev/build/docs/README.md @@ -79,6 +79,10 @@ Cassandra system logs from cassandra.log files. {{event "log"}} +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "log"}} ## Metrics @@ -87,4 +91,8 @@ Cassandra metrics using jolokia agent installed on cassandra. {{event "metrics"}} +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "metrics"}} diff --git a/packages/cassandra/changelog.yml b/packages/cassandra/changelog.yml index 24133cab15cd..feef1fcc3682 100644 --- a/packages/cassandra/changelog.yml +++ b/packages/cassandra/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.14.0" + changes: + - description: ECS version updated to 8.11.0. Update the kibana constraint to ^8.13.0. Modified the field definitions to remove ECS fields made redundant by the ecs@mappings component template. + type: enhancement + link: https://github.com/elastic/integrations/pull/10171 - version: "1.13.0" changes: - description: Add global filter on data_stream.dataset to improve performance. diff --git a/packages/cassandra/data_stream/log/_dev/test/pipeline/test-cassandra.log-expected.json b/packages/cassandra/data_stream/log/_dev/test/pipeline/test-cassandra.log-expected.json index 52e9860ef343..7e78021035bb 100644 --- a/packages/cassandra/data_stream/log/_dev/test/pipeline/test-cassandra.log-expected.json +++ b/packages/cassandra/data_stream/log/_dev/test/pipeline/test-cassandra.log-expected.json @@ -3,17 +3,19 @@ { "@timestamp": "2021-07-21T12:18:15.910Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ "database" ], - "ingested": "2023-10-11T21:02:06.332290589Z", + "ingested": "2024-06-17T12:09:55.250489457Z", "kind": "event", "module": "cassandra", "original": "INFO [main] 2021-07-21 12:18:15,910 YamlConfigurationLoader.java:92 - Configuration location: file:/C:/Users/kush.rana/Desktop/Projects/elasticconnectors/apache-cassandra-3.11.10/conf/cassandra.yaml", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "INFO", @@ -42,17 +44,19 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ "database" ], - "ingested": "2023-10-11T21:02:06.332297964Z", + "ingested": "2024-06-17T12:09:55.250550934Z", "kind": "event", "module": "cassandra", "original": "INFO [nioEventLoopGroup-2-1] 2021-07-21 12:23:32,856 Message.java:826 - Unexpected exception during request; channel = [id: 0xa6112238, L:/127.0.0.1:9042 - R:/127.0.0.1:60106]\njava.io.IOException: An existing connection was forcibly closed by the remote host\n\tat sun.nio.ch.SocketDispatcher.read0(Native Method) ~[na:1.8.0_291]\n\tat sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:43) ~[na:1.8.0_291]\n\tat sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223) ~[na:1.8.0_291]\n\tat sun.nio.ch.IOUtil.read(IOUtil.java:192) ~[na:1.8.0_291]\n\tat sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:378) ~[na:1.8.0_291]\n\tat io.netty.buffer.PooledUnsafeDirectByteBuf.setBytes(PooledUnsafeDirectByteBuf.java:221) ~[netty-all-4.0.44.Final.jar:4.0.44.Final]\n\tat io.netty.buffer.AbstractByteBuf.writeBytes(AbstractByteBuf.java:899) ~[netty-all-4.0.44.Final.jar:4.0.44.Final]\n\tat io.netty.channel.socket.nio.NioSocketChannel.doReadBytes(NioSocketChannel.java:276) ~[netty-all-4.0.44.Final.jar:4.0.44.Final]\n\tat io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:119) ~[netty-all-4.0.44.Final.jar:4.0.44.Final]\n\tat io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:643) [netty-all-4.0.44.Final.jar:4.0.44.Final]\n\tat io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:566) [netty-all-4.0.44.Final.jar:4.0.44.Final]\n\tat io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:480) [netty-all-4.0.44.Final.jar:4.0.44.Final]\n\tat io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:442) [netty-all-4.0.44.Final.jar:4.0.44.Final]\n\tat io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:131) [netty-all-4.0.44.Final.jar:4.0.44.Final]\n\tat io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:144) [netty-all-4.0.44.Final.jar:4.0.44.Final]\n\tat java.lang.Thread.run(Thread.java:748) [na:1.8.0_291]", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "INFO", @@ -81,17 +85,19 @@ } }, "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ "database" ], - "ingested": "2023-10-11T21:02:06.332299172Z", + "ingested": "2024-06-17T12:09:55.250555078Z", "kind": "event", "module": "cassandra", "original": "INFO [main] 2021-07-22 15:16:10,134 StorageService.java:681 - Token metadata: Normal Tokens:\nlocalhost/127.0.0.1:[-9213409579976581007, -9208536521948527928, -9138148778360337250, -9127679418115980016, -8976989747173636951, -8928929930114662189, -8850922876008716693, -8742572573666294013, -8682790054622712291, -8602448569428641857, -8427444260690062087, -8322248594442534434, -8320001287302042084, -8254990830747485697, -8249957862499495790, -8189195602746080394, -8129887952616066480, -8056374640546524116, -8038761382995613210, -8037170110133462140, -7992011367541245422, -7880071995925335357, -7749009042440224717, -7617052974926155684, -7579992376331554614, -7547752740136860669, -7483309149196458963, -7403928085586378365, -7295126747625344073, -7285427200042709300, -7208686794243768519, -7117693125722831897, -6883722024573005241, -6720612224987504455, -6717012773506031630, -6634852508780100068, -6552838126854940220, -6342653427563558228, -6320996911175515573, -5938863381584705682, -5937138028307335156, -5863008324229999355, -5557902421394732795, -5507288642909724159, -5359164966940526093, -5270856020393654677, -5140336908990033565, -5086699786885043460, -5074000871253631366, -5073978841190866944, -5033423903877820246, -4943085258474057592, -4910543332786614489, -4879770268169959108, -4850099303163390815, -4807455567471793547, -4719159438210854274, -4619781027025280965, -4544597174348575652, -4485428936415138994, -4472739122485282685, -4373079504728124492, -4181301628202154089, -4126388626984258138, -4023053100851092991, -3922047779752166298, -3906718855618646650, -3868634824115722238, -3745879358169402556, -3690097830756775997, -3670927950016768037, -3616747246231509319, -3591426209432189634, -3490702446505255801, -3483385134981416558, -3429491430707856745, -3416053347785698066, -3413943292199611161, -3382417634862376426, -3349947830775906953, -3296542850568272055, -3176473778862080919, -3166346545442410180, -3132772882761113905, -3043642279006642678, -2954123492179139102, -2863171390983702241, -2654073953489285272, -2590940177673686644, -2587080257265847771, -2251605852203586301, -2198878564462361531, -2145896005604227928, -2124367674677225113, -2100796974152514459, -2100767007153930839, -2048246436708511951, -1940231583736341613, -1918276191425512270, -1901156852629539284, -1880561834882743663, -1746302695032098428, -1656872679451617615, -1548673391155746482, -1488479865253002047, -1379516031698548835, -1375032214470929604, -1314590380943603420, -1308375119031032813, -1285371162065374453, -1236769884793871491, -1079440989079766338, -869710792032024432, -789236985842188234, -455105751942515560, -444051516445821516, -361900680170942718, -168328735467397181, -134714950793282931, 60826037083339962, 84541622509618720, 144554169302448103, 196774206633592259, 198562324344386301, 238610642455775463, 278056991129882380, 279880939653579207, 282592745265744974, 410971596053594328, 495924051707529203, 526093410792433875, 575034598008591456, 579720708854555015, 589085295330075427, 590435486579344463, 776031051171600786, 781641065494177208, 846457757495601745, 850257452008846361, 900686269816010653, 1051126519181924424, 1203321605454295227, 1203895566636331975, 1211465458560787736, 1225960882717793263, 1241774140877981683, 1292414550010972366, 1334361932455738343, 1337377210995562847, 1419081732672037948, 1419381122950575881, 1490964106631451820, 1639326652578045878, 1705770160551872440, 1832285348848161986, 1847497393690487631, 1879480685217394570, 1891538878205257739, 1989643415414534081, 1994910556424959679, 1998064184769937808, 2155104014043103344, 2220336291482261989, 2283828190095512675, 2306824176141659302, 2451278539468942429, 2598912773538613706, 2762278292210005010, 2773437737237250294, 2832174370654635432, 2934442852597210012, 2945700216164622238, 2952556039929943093, 3107437902315470865, 3123397929954224804, 3186025726071011271, 3188208477416257432, 3200767480243736192, 3215706690514302654, 3276105622621268635, 3365884355288559483, 3401162000846683197, 3490150748579176060, 3504387869819626580, 3724159158070359927, 3885983949513817526, 3928206314063268933, 4115069486609707213, 4242350427466708713, 4386862705409556464, 4404914535424634841, 4486289098334426088, 4615905347775520925, 4650730553761950776, 4664032552573343869, 4741710988150565521, 4824314289830954773, 4855150021956252527, 4979447180744678768, 5010835932690867774, 5135899429065919974, 5230763194691689473, 5318582515931199681, 5558115297723062617, 5588210318754588806, 5615741481489697481, 5681975707573416981, 5826288747232227118, 6135206485758434356, 6163357531758535338, 6192919223175738327, 6193503193865707083, 6251171521552312359, 6370634172051452277, 6440400015024985128, 6444714481840758288, 6619609681089611411, 6698206135058175326, 6723548174665139367, 6744705100400054244, 6777227783060561616, 6840248229536654533, 6903596833014731591, 6939254918732562615, 6986844194665101330, 6999783490815861150, 7081735174733692632, 7088499763485696293, 7164209991011322273, 7180706869985461496, 7369129159637618981, 7375016321335570664, 7518640636490654215, 7584590997557423209, 7665483325181367542, 7751011211020015083, 7808711095476824306, 7905270090323370693, 7930480210183871741, 8027805212938904497, 8086730665555500916, 8156173380772627797, 8455783018781361766, 8522975246241517657, 8525946248784902240, 8547978838832864285, 8580320166686867118, 8587722170086323264, 8726678858413102621, 8732783454936618116, 8734728266269135300, 8789489738850249699, 8799590254811299859, 8825243461020618263, 9047662432134874749, 9087960439561935209]\n", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "INFO", diff --git a/packages/cassandra/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cassandra/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 9a90b36d4ca3..2641b60fe2a8 100644 --- a/packages/cassandra/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cassandra/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -8,7 +8,7 @@ processors: ignore_failure: true - set: field: ecs.version - value: 8.5.1 + value: 8.11.0 ignore_empty_value: true ignore_failure: true - set: @@ -51,9 +51,9 @@ processors: source: >- def err_levels = ["FATAL", "ERROR", "WARN"]; if (err_levels.contains(ctx.log.level)) { - ctx.event.type = "error"; + ctx.event.type = ["error"]; } else { - ctx.event.type = "info"; + ctx.event.type = ["info"]; } - script: description: Drops null/empty values recursively. diff --git a/packages/cassandra/data_stream/log/fields/ecs.yml b/packages/cassandra/data_stream/log/fields/ecs.yml deleted file mode 100644 index 7eedd8975cc7..000000000000 --- a/packages/cassandra/data_stream/log/fields/ecs.yml +++ /dev/null @@ -1,24 +0,0 @@ -- external: ecs - name: ecs.version -- external: ecs - name: error.message -- external: ecs - name: event.category -- external: ecs - name: event.ingested -- external: ecs - name: event.kind -- external: ecs - name: log.file.path -- external: ecs - name: log.level -- external: ecs - name: log.origin.file.line -- external: ecs - name: log.origin.file.name -- external: ecs - name: message -- external: ecs - name: process.thread.name -- external: ecs - name: tags diff --git a/packages/cassandra/data_stream/log/sample_event.json b/packages/cassandra/data_stream/log/sample_event.json index 4116c93963d8..45a6715cff91 100644 --- a/packages/cassandra/data_stream/log/sample_event.json +++ b/packages/cassandra/data_stream/log/sample_event.json @@ -1,12 +1,11 @@ { - "@timestamp": "2022-08-01T07:33:01.952Z", + "@timestamp": "2024-06-18T06:33:32.952Z", "agent": { - "ephemeral_id": "d6102ad8-04fe-46fa-bf67-cc98e3665348", - "hostname": "docker-fleet-agent", - "id": "d1a9277c-e5a2-4ee3-a973-18f2b62e3ad8", + "ephemeral_id": "b1e9fa09-5c73-45d9-b26f-184761635dd9", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "filebeat", - "version": "7.15.0" + "version": "8.13.0" }, "data_stream": { "dataset": "cassandra.log", @@ -14,12 +13,12 @@ "type": "logs" }, "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "elastic_agent": { - "id": "d1a9277c-e5a2-4ee3-a973-18f2b62e3ad8", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "7.15.0" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", @@ -27,11 +26,12 @@ "database" ], "dataset": "cassandra.log", - "ingested": "2022-08-01T07:33:17Z", + "ingested": "2024-06-18T06:34:02Z", "kind": "event", "module": "cassandra", - "original": "INFO [main] 2022-08-01 07:33:01,952 YamlConfigurationLoader.java:92 - Configuration location: file:/etc/cassandra/cassandra.yaml", - "type": "info" + "type": [ + "info" + ] }, "input": { "type": "log" diff --git a/packages/cassandra/data_stream/metrics/elasticsearch/ingest_pipeline/default.yml b/packages/cassandra/data_stream/metrics/elasticsearch/ingest_pipeline/default.yml index 12af7fe3a581..ad007766c9a2 100644 --- a/packages/cassandra/data_stream/metrics/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cassandra/data_stream/metrics/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Cassandra metrics. processors: - set: field: ecs.version - value: 8.5.1 + value: 8.11.0 ignore_empty_value: true ignore_failure: true - set: diff --git a/packages/cassandra/data_stream/metrics/fields/ecs.yml b/packages/cassandra/data_stream/metrics/fields/ecs.yml index a3869dc710e0..d0a842204dc6 100644 --- a/packages/cassandra/data_stream/metrics/fields/ecs.yml +++ b/packages/cassandra/data_stream/metrics/fields/ecs.yml @@ -1,32 +1,12 @@ -- external: ecs - name: ecs.version -- external: ecs - name: error.message -- external: ecs - name: event.category -- external: ecs - name: event.created -- external: ecs - name: event.dataset -- external: ecs - name: event.kind -- external: ecs - name: event.module -- external: ecs - name: event.type - external: ecs name: service.address dimension: true -- external: ecs - name: service.type - external: ecs name: host.name dimension: true - external: ecs name: agent.id dimension: true -- external: ecs - name: cloud.project.id - external: ecs name: cloud.instance.id dimension: true diff --git a/packages/cassandra/data_stream/metrics/sample_event.json b/packages/cassandra/data_stream/metrics/sample_event.json index 8ab84497048a..a8513f018fb8 100644 --- a/packages/cassandra/data_stream/metrics/sample_event.json +++ b/packages/cassandra/data_stream/metrics/sample_event.json @@ -1,21 +1,20 @@ { - "@timestamp": "2022-08-02T07:46:20.906Z", + "@timestamp": "2024-06-18T06:35:01.265Z", "agent": { - "ephemeral_id": "dd01aaac-f888-4fdb-832d-d05840060d78", - "hostname": "docker-fleet-agent", - "id": "f8436de1-7850-497f-905d-b6c9ca3116ca", + "ephemeral_id": "51e65675-8699-4d2e-8c14-ecde813096e9", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "7.15.0" + "version": "8.13.0" }, "cassandra": { "metrics": { "cache": { "key_cache": { "capacity": 104857600, - "one_minute_hit_rate": 0.7055988630359871, + "one_minute_hit_rate": 0, "requests": { - "one_minute_rate": 10.000444146293233 + "one_minute_rate": 12 } }, "row_cache": { @@ -59,10 +58,10 @@ } }, "column_family": { - "total_disk_space_used": 72611 + "total_disk_space_used": 72566 }, "compaction": { - "completed": 45, + "completed": 44, "pending": 0 }, "dropped_message": { @@ -81,11 +80,11 @@ "gc": { "concurrent_mark_sweep": { "collection_count": 1, - "collection_time": 27 + "collection_time": 26 }, "par_new": { "collection_count": 1, - "collection_time": 24 + "collection_time": 29 } }, "memory": { @@ -93,34 +92,32 @@ "committed": 4054777856, "init": 4158652416, "max": 4054777856, - "used": 478032264 + "used": 481894272 }, "other_usage": { - "committed": 62853120, + "committed": 62337024, "init": 2555904, "max": -1, - "used": 61234528 + "used": 60729840 } }, "storage": { "exceptions": 0, - "load": 72611, + "load": 72566, "total_hint_in_progress": 0, "total_hints": 0 }, "system": { "cluster": "Test Cluster", "data_center": "datacenter1", - "live_nodes": [ - "192.168.224.2" - ], + "live_nodes": "192.168.247.2", "rack": "rack1", "version": "3.11.11" }, "table": { - "all_memtables_heap_size": 4569, + "all_memtables_heap_size": 4584, "all_memtables_off_heap_size": 0, - "live_disk_space_used": 72611, + "live_disk_space_used": 72566, "live_ss_table_count": 11 }, "task": { @@ -168,22 +165,22 @@ "type": "metrics" }, "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "elastic_agent": { - "id": "f8436de1-7850-497f-905d-b6c9ca3116ca", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "7.15.0" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", "category": [ "database" ], - "created": "2022-08-02T07:46:20.906Z", + "created": "2024-06-18T06:35:01.265Z", "dataset": "cassandra.metrics", - "duration": 13448617, - "ingested": "2022-08-02T07:46:24Z", + "duration": 110507236, + "ingested": "2024-06-18T06:35:13Z", "kind": "event", "module": "cassandra", "type": [ @@ -194,22 +191,22 @@ "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", - "id": "2cbd07697ac16c7d26f103cb3d40e3aa", + "id": "8259e024976a406e8a54cdbffeb84fec", "ip": [ - "192.168.192.7" + "192.168.245.7" ], "mac": [ - "02:42:c0:a8:c0:07" + "02-42-C0-A8-F5-07" ], "name": "docker-fleet-agent", "os": { - "codename": "Core", - "family": "redhat", - "kernel": "3.10.0-1160.71.1.el7.x86_64", - "name": "CentOS Linux", - "platform": "centos", + "codename": "focal", + "family": "debian", + "kernel": "3.10.0-1160.102.1.el7.x86_64", + "name": "Ubuntu", + "platform": "ubuntu", "type": "linux", - "version": "7 (Core)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "metricset": { @@ -217,7 +214,7 @@ "period": 10000 }, "service": { - "address": "http://elastic-package-service_cassandra_1:8778/jolokia/%3FignoreErrors=true\u0026canonicalNaming=false", + "address": "http://elastic-package-service-cassandra-1:8778/jolokia/%3FignoreErrors=true&canonicalNaming=false", "type": "jolokia" } } \ No newline at end of file diff --git a/packages/cassandra/docs/README.md b/packages/cassandra/docs/README.md index 6fd49998757a..6633888a0066 100644 --- a/packages/cassandra/docs/README.md +++ b/packages/cassandra/docs/README.md @@ -81,14 +81,13 @@ An example event for `log` looks as following: ```json { - "@timestamp": "2022-08-01T07:33:01.952Z", + "@timestamp": "2024-06-18T06:33:32.952Z", "agent": { - "ephemeral_id": "d6102ad8-04fe-46fa-bf67-cc98e3665348", - "hostname": "docker-fleet-agent", - "id": "d1a9277c-e5a2-4ee3-a973-18f2b62e3ad8", + "ephemeral_id": "b1e9fa09-5c73-45d9-b26f-184761635dd9", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "filebeat", - "version": "7.15.0" + "version": "8.13.0" }, "data_stream": { "dataset": "cassandra.log", @@ -96,12 +95,12 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "elastic_agent": { - "id": "d1a9277c-e5a2-4ee3-a973-18f2b62e3ad8", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "7.15.0" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", @@ -109,11 +108,12 @@ An example event for `log` looks as following: "database" ], "dataset": "cassandra.log", - "ingested": "2022-08-01T07:33:17Z", + "ingested": "2024-06-18T06:34:02Z", "kind": "event", "module": "cassandra", - "original": "INFO [main] 2022-08-01 07:33:01,952 YamlConfigurationLoader.java:92 - Configuration location: file:/etc/cassandra/cassandra.yaml", - "type": "info" + "type": [ + "info" + ] }, "input": { "type": "log" @@ -144,6 +144,10 @@ An example event for `log` looks as following: } ``` +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | @@ -153,21 +157,9 @@ An example event for `log` looks as following: | data_stream.dataset | Data stream dataset. | constant_keyword | | data_stream.namespace | Data stream namespace. | constant_keyword | | data_stream.type | Data stream type. | constant_keyword | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | -| error.message | Error message. | match_only_text | -| event.category | This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. `event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories. | keyword | -| event.ingested | Timestamp when an event arrived in the central data store. This is different from `@timestamp`, which is when the event originally occurred. It's also different from `event.created`, which is meant to capture the first time an agent saw the event. In normal conditions, assuming no tampering, the timestamps should chronologically look like this: `@timestamp` \< `event.created` \< `event.ingested`. | date | -| event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword | | input.type | Type of Filebeat input. | keyword | -| log.file.path | Full path to the log file this event came from, including the file name. It should include the drive letter, when appropriate. If the event wasn't read from a log file, do not populate this field. | keyword | | log.flags | Flags for the log file. | keyword | -| log.level | Original log level of the log event. If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). Some examples are `warn`, `err`, `i`, `informational`. | keyword | | log.offset | Offset of the entry in the log file. | long | -| log.origin.file.line | The line number of the file containing the source code which originated the log event. | long | -| log.origin.file.name | The name of the file containing the source code which originated the log event. Note that this field is not meant to capture the log file. The correct field to capture the log file is `log.file.path`. | keyword | -| message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | -| process.thread.name | Thread name. | keyword | -| tags | List of keywords used to tag each event. | keyword | ## Metrics @@ -178,23 +170,22 @@ An example event for `metrics` looks as following: ```json { - "@timestamp": "2022-08-02T07:46:20.906Z", + "@timestamp": "2024-06-18T06:35:01.265Z", "agent": { - "ephemeral_id": "dd01aaac-f888-4fdb-832d-d05840060d78", - "hostname": "docker-fleet-agent", - "id": "f8436de1-7850-497f-905d-b6c9ca3116ca", + "ephemeral_id": "51e65675-8699-4d2e-8c14-ecde813096e9", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "7.15.0" + "version": "8.13.0" }, "cassandra": { "metrics": { "cache": { "key_cache": { "capacity": 104857600, - "one_minute_hit_rate": 0.7055988630359871, + "one_minute_hit_rate": 0, "requests": { - "one_minute_rate": 10.000444146293233 + "one_minute_rate": 12 } }, "row_cache": { @@ -238,10 +229,10 @@ An example event for `metrics` looks as following: } }, "column_family": { - "total_disk_space_used": 72611 + "total_disk_space_used": 72566 }, "compaction": { - "completed": 45, + "completed": 44, "pending": 0 }, "dropped_message": { @@ -260,11 +251,11 @@ An example event for `metrics` looks as following: "gc": { "concurrent_mark_sweep": { "collection_count": 1, - "collection_time": 27 + "collection_time": 26 }, "par_new": { "collection_count": 1, - "collection_time": 24 + "collection_time": 29 } }, "memory": { @@ -272,34 +263,32 @@ An example event for `metrics` looks as following: "committed": 4054777856, "init": 4158652416, "max": 4054777856, - "used": 478032264 + "used": 481894272 }, "other_usage": { - "committed": 62853120, + "committed": 62337024, "init": 2555904, "max": -1, - "used": 61234528 + "used": 60729840 } }, "storage": { "exceptions": 0, - "load": 72611, + "load": 72566, "total_hint_in_progress": 0, "total_hints": 0 }, "system": { "cluster": "Test Cluster", "data_center": "datacenter1", - "live_nodes": [ - "192.168.224.2" - ], + "live_nodes": "192.168.247.2", "rack": "rack1", "version": "3.11.11" }, "table": { - "all_memtables_heap_size": 4569, + "all_memtables_heap_size": 4584, "all_memtables_off_heap_size": 0, - "live_disk_space_used": 72611, + "live_disk_space_used": 72566, "live_ss_table_count": 11 }, "task": { @@ -347,22 +336,22 @@ An example event for `metrics` looks as following: "type": "metrics" }, "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "elastic_agent": { - "id": "f8436de1-7850-497f-905d-b6c9ca3116ca", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "7.15.0" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", "category": [ "database" ], - "created": "2022-08-02T07:46:20.906Z", + "created": "2024-06-18T06:35:01.265Z", "dataset": "cassandra.metrics", - "duration": 13448617, - "ingested": "2022-08-02T07:46:24Z", + "duration": 110507236, + "ingested": "2024-06-18T06:35:13Z", "kind": "event", "module": "cassandra", "type": [ @@ -373,22 +362,22 @@ An example event for `metrics` looks as following: "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", - "id": "2cbd07697ac16c7d26f103cb3d40e3aa", + "id": "8259e024976a406e8a54cdbffeb84fec", "ip": [ - "192.168.192.7" + "192.168.245.7" ], "mac": [ - "02:42:c0:a8:c0:07" + "02-42-C0-A8-F5-07" ], "name": "docker-fleet-agent", "os": { - "codename": "Core", - "family": "redhat", - "kernel": "3.10.0-1160.71.1.el7.x86_64", - "name": "CentOS Linux", - "platform": "centos", + "codename": "focal", + "family": "debian", + "kernel": "3.10.0-1160.102.1.el7.x86_64", + "name": "Ubuntu", + "platform": "ubuntu", "type": "linux", - "version": "7 (Core)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "metricset": { @@ -396,12 +385,16 @@ An example event for `metrics` looks as following: "period": 10000 }, "service": { - "address": "http://elastic-package-service_cassandra_1:8778/jolokia/%3FignoreErrors=true\u0026canonicalNaming=false", + "address": "http://elastic-package-service-cassandra-1:8778/jolokia/%3FignoreErrors=true&canonicalNaming=false", "type": "jolokia" } } ``` +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | Metric Type | @@ -492,22 +485,12 @@ An example event for `metrics` looks as following: | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | | cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | | | cloud.instance.id | Instance ID of the host machine. | keyword | | -| cloud.project.id | The cloud project identifier. Examples: Google Cloud Project id, Azure Project id. | keyword | | | cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | | | cloud.region | Region in which this host, resource, or service is located. | keyword | | | container.id | Unique container id. | keyword | | | data_stream.dataset | Data stream dataset. | constant_keyword | | | data_stream.namespace | Data stream namespace. | constant_keyword | | | data_stream.type | Data stream type. | constant_keyword | | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | -| error.message | Error message. | match_only_text | | -| event.category | This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. `event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories. | keyword | | -| event.created | event.created contains the date/time when the event was first read by an agent, or by your pipeline. This field is distinct from @timestamp in that @timestamp typically contain the time extracted from the original event. In most situations, these two timestamps will be slightly different. The difference can be used to calculate the delay between your source generating an event, and the time when your agent first processed it. This can be used to monitor your agent's or pipeline's ability to keep up with your event source. In case the two timestamps are identical, @timestamp should be used. | date | | -| event.dataset | Name of the dataset. If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. | keyword | | -| event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword | | -| event.module | Name of the module this data is coming from. If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. | keyword | | -| event.type | This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. `event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. This field is an array. This will allow proper categorization of some events that fall in multiple event types. | keyword | | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | | service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | | -| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | diff --git a/packages/cassandra/manifest.yml b/packages/cassandra/manifest.yml index cc1728f49bc5..52e113f4d703 100644 --- a/packages/cassandra/manifest.yml +++ b/packages/cassandra/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: cassandra title: Cassandra -version: "1.13.0" +version: "1.14.0" description: This Elastic integration collects logs and metrics from cassandra. type: integration categories: @@ -9,7 +9,7 @@ categories: - observability conditions: kibana: - version: "^8.12.0" + version: "^8.13.0" elastic: subscription: basic screenshots: diff --git a/packages/nats/_dev/build/build.yml b/packages/nats/_dev/build/build.yml index 47cbed9fed86..2bfcfc223b04 100644 --- a/packages/nats/_dev/build/build.yml +++ b/packages/nats/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.0.0 + reference: "git@v8.11.0" diff --git a/packages/nats/_dev/build/docs/README.md b/packages/nats/_dev/build/docs/README.md index 80decafa0713..466cb052c7fc 100644 --- a/packages/nats/_dev/build/docs/README.md +++ b/packages/nats/_dev/build/docs/README.md @@ -16,6 +16,10 @@ The `log` dataset collects the NATS logs. {{event "log"}} +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "log"}} ## Metrics @@ -31,6 +35,10 @@ metrics from a Nats instance. {{event "stats"}} +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "stats"}} ### connections @@ -40,6 +48,10 @@ metrics about connections from a Nats instance. {{event "connections"}} +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "connections"}} ### routes @@ -49,6 +61,10 @@ metrics about routes from a Nats instance. {{event "routes"}} +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "routes"}} ### subscriptions @@ -58,6 +74,10 @@ metrics about subscriptions from a Nats instance. {{event "subscriptions"}} +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "subscriptions"}} ### connection @@ -67,6 +87,10 @@ metrics per connection from a Nats instance. {{event "connection"}} +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "connection"}} ### route @@ -76,4 +100,8 @@ metric per route from a Nats instance. {{event "route"}} +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "route"}} diff --git a/packages/nats/changelog.yml b/packages/nats/changelog.yml index db8e9767cc95..b6eefe539b1f 100644 --- a/packages/nats/changelog.yml +++ b/packages/nats/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: ECS version updated to 8.11.0. Update the kibana constraint to ^8.13.0. Modified the field definitions to remove ECS fields made redundant by the ecs@mappings component template. + type: enhancement + link: https://github.com/elastic/integrations/pull/10171 - version: "1.6.0" changes: - description: Add global filter on data_stream.dataset to improve performance. diff --git a/packages/nats/data_stream/connection/fields/ecs.yml b/packages/nats/data_stream/connection/fields/ecs.yml index ee085159b8c3..37cf21eb8269 100644 --- a/packages/nats/data_stream/connection/fields/ecs.yml +++ b/packages/nats/data_stream/connection/fields/ecs.yml @@ -1,10 +1,6 @@ -- external: ecs - name: ecs.version - external: ecs name: service.address dimension: true -- external: ecs - name: service.type - external: ecs name: agent.id dimension: true diff --git a/packages/nats/data_stream/connection/manifest.yml b/packages/nats/data_stream/connection/manifest.yml index 7576e4498a30..456054bdd2ec 100644 --- a/packages/nats/data_stream/connection/manifest.yml +++ b/packages/nats/data_stream/connection/manifest.yml @@ -14,4 +14,4 @@ streams: enabled: false description: Collect metrics for all NATS connections elasticsearch: - index_mode: "time_series" \ No newline at end of file + index_mode: "time_series" diff --git a/packages/nats/data_stream/connection/sample_event.json b/packages/nats/data_stream/connection/sample_event.json index 256d10b2c767..0582eb7075d2 100644 --- a/packages/nats/data_stream/connection/sample_event.json +++ b/packages/nats/data_stream/connection/sample_event.json @@ -1,11 +1,11 @@ { - "@timestamp": "2022-01-12T02:43:51.172Z", + "@timestamp": "2024-06-18T06:39:34.665Z", "agent": { - "ephemeral_id": "3cf8068e-3998-4da7-b2f1-de14207c5d44", - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "ephemeral_id": "3565b6dd-89b9-4d31-bc0e-52bd652289ee", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "8.0.0-beta1" + "version": "8.13.0" }, "data_stream": { "dataset": "nats.connection", @@ -13,40 +13,36 @@ "type": "metrics" }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, "elastic_agent": { - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", "dataset": "nats.connection", - "duration": 276175024, - "ingested": "2022-01-12T02:43:52Z", + "duration": 1778759, + "ingested": "2024-06-18T06:39:46Z", "module": "nats" }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", - "id": "4ccba669f0df47fa3f57a9e4169ae7f1", - "ip": [ - "172.18.0.4" - ], - "mac": [ - "02:42:ac:12:00:04" - ], + "id": "8259e024976a406e8a54cdbffeb84fec", + "ip": "192.168.245.7", + "mac": "02-42-C0-A8-F5-07", "name": "docker-fleet-agent", "os": { - "codename": "Core", - "family": "redhat", - "kernel": "5.11.0-44-generic", - "name": "CentOS Linux", - "platform": "centos", + "codename": "focal", + "family": "debian", + "kernel": "3.10.0-1160.102.1.el7.x86_64", + "name": "Ubuntu", + "platform": "ubuntu", "type": "linux", - "version": "7 (Core)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "metricset": { @@ -57,8 +53,8 @@ "connection": { "idle_time": 0, "in": { - "bytes": 10310992, - "messages": 644437 + "bytes": 31946336, + "messages": 1996646 }, "name": "NATS Benchmark", "out": { @@ -67,10 +63,10 @@ }, "pending_bytes": 0, "subscriptions": 0, - "uptime": 24 + "uptime": 14 }, "server": { - "id": "NAMJNT4IYFE3N7FCYJWAKX3OKMQVIUSL7CN4EPBUXJNKSCTYCRHSVNTB" + "id": "NCKVGU7EX4KDOQDL6CQIEYBWSAVCA37KXRD5UOGRNGIFXOMDAV3VYKFJ" } }, "service": { diff --git a/packages/nats/data_stream/connections/fields/ecs.yml b/packages/nats/data_stream/connections/fields/ecs.yml index d3c8fbe2618e..37cf21eb8269 100644 --- a/packages/nats/data_stream/connections/fields/ecs.yml +++ b/packages/nats/data_stream/connections/fields/ecs.yml @@ -1,10 +1,6 @@ -- external: ecs - name: ecs.version - external: ecs name: service.address dimension: true -- external: ecs - name: service.type - external: ecs name: agent.id dimension: true @@ -28,4 +24,4 @@ dimension: true - external: ecs name: host.name - dimension: true \ No newline at end of file + dimension: true diff --git a/packages/nats/data_stream/connections/manifest.yml b/packages/nats/data_stream/connections/manifest.yml index 8c1dd270cd8f..37a98d97c4c9 100644 --- a/packages/nats/data_stream/connections/manifest.yml +++ b/packages/nats/data_stream/connections/manifest.yml @@ -13,4 +13,4 @@ streams: title: NATS connections generic metrics description: Collect NATS generic connections metrics elasticsearch: - index_mode: "time_series" \ No newline at end of file + index_mode: "time_series" diff --git a/packages/nats/data_stream/connections/sample_event.json b/packages/nats/data_stream/connections/sample_event.json index 046bf8da2432..d357184fb9d1 100644 --- a/packages/nats/data_stream/connections/sample_event.json +++ b/packages/nats/data_stream/connections/sample_event.json @@ -1,11 +1,11 @@ { - "@timestamp": "2022-01-12T02:46:48.367Z", + "@timestamp": "2024-06-18T06:42:06.763Z", "agent": { - "ephemeral_id": "3886806d-b880-4842-a4be-79391a8fc2e4", - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "ephemeral_id": "dd10a7db-f158-4b9b-aaf2-af4cdc3d6b06", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "8.0.0-beta1" + "version": "8.13.0" }, "data_stream": { "dataset": "nats.connections", @@ -13,40 +13,36 @@ "type": "metrics" }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, "elastic_agent": { - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", "dataset": "nats.connections", - "duration": 125128016, - "ingested": "2022-01-12T02:46:50Z", + "duration": 1514602, + "ingested": "2024-06-18T06:42:18Z", "module": "nats" }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", - "id": "4ccba669f0df47fa3f57a9e4169ae7f1", - "ip": [ - "172.18.0.4" - ], - "mac": [ - "02:42:ac:12:00:04" - ], + "id": "8259e024976a406e8a54cdbffeb84fec", + "ip": "192.168.245.7", + "mac": "02-42-C0-A8-F5-07", "name": "docker-fleet-agent", "os": { - "codename": "Core", - "family": "redhat", - "kernel": "5.11.0-44-generic", - "name": "CentOS Linux", - "platform": "centos", + "codename": "focal", + "family": "debian", + "kernel": "3.10.0-1160.102.1.el7.x86_64", + "name": "Ubuntu", + "platform": "ubuntu", "type": "linux", - "version": "7 (Core)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "metricset": { @@ -58,8 +54,8 @@ "total": 1 }, "server": { - "id": "NBBIEC4H2KI3XR4SUAATGL5INXZZS72ZUYMVJBCLKVDDEWCJCFZOXH7W", - "time": "2022-01-12T02:46:48.367495135Z" + "id": "NCNKDXBFQLH5L4U6H3BPZX2CYTOLLFFFKKMAPUCSKE2QYMMS2S7HGYMN", + "time": "2024-06-18T06:42:06.763Z" } }, "service": { diff --git a/packages/nats/data_stream/log/_dev/test/pipeline/test-log-sample.log-expected.json b/packages/nats/data_stream/log/_dev/test/pipeline/test-log-sample.log-expected.json index 4d2eb5ff17ac..f8e2563c2ef0 100644 --- a/packages/nats/data_stream/log/_dev/test/pipeline/test-log-sample.log-expected.json +++ b/packages/nats/data_stream/log/_dev/test/pipeline/test-log-sample.log-expected.json @@ -1,36 +1,23 @@ { "expected": [ { - "nats": { - "log": { - "msg": {} - } - }, - "process": { - "pid": 1 - }, "@timestamp": "2019-02-06T07:19:40.624Z", "ecs": { - "version": "8.0.0" - }, - "log": { - "level": "info" + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T02:38:49.677249628Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:17:56.064945369Z", + "kind": "event", "original": "[1] 2019/02/06 07:19:40.624334 [INF] Starting nats-server version 1.3.0", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "info" }, "message": "Starting nats-server version 1.3.0", - "tags": [ - "preserve_original_event" - ] - }, - { "nats": { "log": { "msg": {} @@ -39,28 +26,28 @@ "process": { "pid": 1 }, + "tags": [ + "preserve_original_event" + ] + }, + { "@timestamp": "2019-02-06T07:19:40.624Z", "ecs": { - "version": "8.0.0" - }, - "log": { - "level": "info" + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T02:38:49.677258175Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:17:56.064955666Z", + "kind": "event", "original": "[1] 2019/02/06 07:19:40.624547 [INF] Git commit [eed4fbc]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "info" }, "message": "Git commit [eed4fbc]", - "tags": [ - "preserve_original_event" - ] - }, - { "nats": { "log": { "msg": {} @@ -69,28 +56,28 @@ "process": { "pid": 1 }, + "tags": [ + "preserve_original_event" + ] + }, + { "@timestamp": "2019-02-06T07:19:40.624Z", "ecs": { - "version": "8.0.0" - }, - "log": { - "level": "info" + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T02:38:49.677259946Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:17:56.064957158Z", + "kind": "event", "original": "[1] 2019/02/06 07:19:40.624674 [INF] Listening for client connections on 0.0.0.0:4222", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "info" }, "message": "Listening for client connections on 0.0.0.0:4222", - "tags": [ - "preserve_original_event" - ] - }, - { "nats": { "log": { "msg": {} @@ -99,732 +86,745 @@ "process": { "pid": 1 }, + "tags": [ + "preserve_original_event" + ] + }, + { "@timestamp": "2019-02-06T07:19:40.624Z", "ecs": { - "version": "8.0.0" - }, - "log": { - "level": "info" + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T02:38:49.677261399Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:17:56.064958521Z", + "kind": "event", "original": "[1] 2019/02/06 07:19:40.624690 [INF] Server is ready", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "info" }, "message": "Server is ready", - "tags": [ - "preserve_original_event" - ] - }, - { "nats": { "log": { - "msg": {}, - "client": { - "id": "1" - } + "msg": {} } }, "process": { "pid": 1 }, + "tags": [ + "preserve_original_event" + ] + }, + { "@timestamp": "2019-02-06T07:20:08.508Z", - "ecs": { - "version": "8.0.0" - }, - "related": { - "ip": [ - "172.18.0.1" - ] - }, - "log": { - "level": "debug" - }, "client": { - "port": 38630, - "ip": "172.18.0.1" + "ip": "172.18.0.1", + "port": 38630 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T02:38:49.677262707Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:17:56.064959591Z", + "kind": "event", "original": "[1] 2019/02/06 07:20:08.508891 [DBG] 172.18.0.1:38630 - cid:1 - Client connection created", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "debug" }, "message": "Client connection created", - "tags": [ - "preserve_original_event" - ] - }, - { "nats": { "log": { - "msg": { - "type": "connection" - }, "client": { "id": "1" - } + }, + "msg": {} } }, "process": { "pid": 1 }, - "log": { - "level": "trace" - }, - "message": "{\"verbose\":false,\"pedantic\":false,\"tls_required\":false,\"name\":\"NATS Benchmark\",\"lang\":\"go\",\"version\":\"1.7.0\",\"protocol\":1,\"echo\":true}", - "tags": [ - "preserve_original_event" - ], - "network": { - "direction": "outbound" - }, - "@timestamp": "2019-02-06T07:20:08.510Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "172.18.0.1" ] }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-02-06T07:20:08.510Z", "client": { - "port": 38630, - "ip": "172.18.0.1" + "ip": "172.18.0.1", + "port": 38630 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T02:38:49.677264020Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:17:56.064960672Z", + "kind": "event", "original": "[1] 2019/02/06 07:20:08.510296 [TRC] 172.18.0.1:38630 - cid:1 - -\u003e\u003e [CONNECT {\"verbose\":false,\"pedantic\":false,\"tls_required\":false,\"name\":\"NATS Benchmark\",\"lang\":\"go\",\"version\":\"1.7.0\",\"protocol\":1,\"echo\":true}]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - } - }, - { + ] + }, + "log": { + "level": "trace" + }, + "message": "{\"verbose\":false,\"pedantic\":false,\"tls_required\":false,\"name\":\"NATS Benchmark\",\"lang\":\"go\",\"version\":\"1.7.0\",\"protocol\":1,\"echo\":true}", "nats": { "log": { - "msg": { - "type": "subscribe", - "subject": "foo", - "sid": "1" - }, "client": { "id": "1" + }, + "msg": { + "type": "connection" } } }, + "network": { + "direction": "outbound" + }, "process": { "pid": 1 }, - "@timestamp": "2019-02-06T07:20:08.512Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "172.18.0.1" ] }, - "log": { - "level": "trace" - }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-02-06T07:20:08.512Z", "client": { - "port": 38630, - "ip": "172.18.0.1" + "ip": "172.18.0.1", + "port": 38630 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T02:38:49.677265346Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:17:56.064961756Z", + "kind": "event", "original": "[1] 2019/02/06 07:20:08.512052 [TRC] 172.18.0.1:38630 - cid:1 - -\u003e\u003e [SUB foo 1]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], - "network": { - "direction": "outbound" - } - }, - { "nats": { "log": { - "msg": { - "type": "ping" - }, "client": { "id": "1" + }, + "msg": { + "sid": "1", + "subject": "foo", + "type": "subscribe" } } }, + "network": { + "direction": "outbound" + }, "process": { "pid": 1 }, - "@timestamp": "2019-02-06T07:20:08.512Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "172.18.0.1" ] }, - "log": { - "level": "trace" - }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-02-06T07:20:08.512Z", "client": { - "port": 38630, - "ip": "172.18.0.1" + "ip": "172.18.0.1", + "port": 38630 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T02:38:49.677266644Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:17:56.064962833Z", + "kind": "event", "original": "[1] 2019/02/06 07:20:08.512128 [TRC] 172.18.0.1:38630 - cid:1 - -\u003e\u003e [PING]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], - "network": { - "direction": "outbound" - } - }, - { "nats": { "log": { - "msg": { - "type": "pong" - }, "client": { "id": "1" + }, + "msg": { + "type": "ping" } } }, + "network": { + "direction": "outbound" + }, "process": { "pid": 1 }, - "@timestamp": "2019-02-06T07:20:08.512Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "172.18.0.1" ] }, - "log": { - "level": "trace" - }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-02-06T07:20:08.512Z", "client": { - "port": 38630, - "ip": "172.18.0.1" + "ip": "172.18.0.1", + "port": 38630 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T02:38:49.677267936Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:17:56.064963920Z", + "kind": "event", "original": "[1] 2019/02/06 07:20:08.512153 [TRC] 172.18.0.1:38630 - cid:1 - \u003c\u003c- [PONG]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], - "network": { - "direction": "inbound" - } - }, - { "nats": { "log": { - "msg": { - "reply_to": "_INBOX.e3hAUbP4r5wbjw3Hudw42r.udigGiHn", - "type": "publish", - "subject": "aiuser.platinum1.pingpeer", - "bytes": 20 - }, "client": { - "id": "3" + "id": "1" + }, + "msg": { + "type": "pong" } } }, + "network": { + "direction": "inbound" + }, "process": { "pid": 1 }, - "@timestamp": "2019-02-04T15:40:02.717Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ - "67.43.156.14" + "172.18.0.1" ] }, - "log": { - "level": "trace" - }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-02-04T15:40:02.717Z", "client": { - "port": 62388, - "ip": "67.43.156.14" + "ip": "67.43.156.14", + "port": 62388 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T02:38:49.677269258Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:17:56.064965510Z", + "kind": "event", "original": "[1] 2019/02/04 15:40:02.717819 [TRC] 67.43.156.14:62388 - cid:3 - -\u003e\u003e [PUB aiuser.platinum1.pingpeer _INBOX.e3hAUbP4r5wbjw3Hudw42r.udigGiHn 20]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], - "network": { - "direction": "outbound" - } - }, - { "nats": { "log": { - "msg": { - "type": "payload" - }, "client": { "id": "3" + }, + "msg": { + "bytes": 20, + "reply_to": "_INBOX.e3hAUbP4r5wbjw3Hudw42r.udigGiHn", + "subject": "aiuser.platinum1.pingpeer", + "type": "publish" } } }, + "network": { + "direction": "outbound" + }, "process": { "pid": 1 }, - "@timestamp": "2019-02-04T15:40:02.717Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "67.43.156.14" ] }, - "log": { - "level": "trace" - }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-02-04T15:40:02.717Z", "client": { - "port": 62388, - "ip": "67.43.156.14" + "ip": "67.43.156.14", + "port": 62388 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T02:38:49.677270638Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:17:56.064966633Z", + "kind": "event", "original": "[1] 2019/02/04 15:40:02.717825 [TRC] 67.43.156.14:62388 - cid:3 - -\u003e\u003e MSG_PAYLOAD: [peer, are you alive?]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], - "network": { - "direction": "outbound" - } - }, - { "nats": { "log": { - "msg": { - "type": "payload" - }, "client": { "id": "3" + }, + "msg": { + "type": "payload" } } }, + "network": { + "direction": "outbound" + }, "process": { "pid": 1 }, - "@timestamp": "2019-02-04T15:40:02.717Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "67.43.156.14" ] }, - "log": { - "level": "trace" - }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-02-04T15:40:02.717Z", "client": { - "port": 62388, - "ip": "67.43.156.14" + "ip": "67.43.156.14", + "port": 62388 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T02:38:49.677272093Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:17:56.064967856Z", + "kind": "event", "original": "[1] 2019/02/04 15:40:02.717825 [TRC] 67.43.156.14:62388 - cid:3 - \u003c\u003c- MSG_PAYLOAD: [\\\"\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\"]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], - "network": { - "direction": "inbound" - } - }, - { "nats": { "log": { - "msg": { - "reply_to": "_INBOX.e3hAUbP4r5wbjw3Hudw42r.udigGiHn", - "type": "message", - "subject": "aiuser.platinum1.pingpeer", - "bytes": 20, - "sid": "1" - }, "client": { - "id": "4" + "id": "3" + }, + "msg": { + "type": "payload" } } }, + "network": { + "direction": "inbound" + }, "process": { "pid": 1 }, - "@timestamp": "2019-02-04T15:40:02.717Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ - "192.168.176.11" + "67.43.156.14" ] }, - "log": { - "level": "trace" - }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-02-04T15:40:02.717Z", "client": { - "port": 36262, - "ip": "192.168.176.11" + "ip": "192.168.176.11", + "port": 36262 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T02:38:49.677273420Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:17:56.064968950Z", + "kind": "event", "original": "[1] 2019/02/04 15:40:02.717832 [TRC] 192.168.176.11:36262 - cid:4 - \u003c\u003c- [MSG aiuser.platinum1.pingpeer 1 _INBOX.e3hAUbP4r5wbjw3Hudw42r.udigGiHn 20]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], - "network": { - "direction": "inbound" - } - }, - { "nats": { "log": { - "msg": { - "type": "publish", - "subject": "_INBOX.e3hAUbP4r5wbjw3Hudw42r.udigGiHn", - "bytes": 17 - }, "client": { "id": "4" + }, + "msg": { + "bytes": 20, + "reply_to": "_INBOX.e3hAUbP4r5wbjw3Hudw42r.udigGiHn", + "sid": "1", + "subject": "aiuser.platinum1.pingpeer", + "type": "message" } } }, + "network": { + "direction": "inbound" + }, "process": { "pid": 1 }, - "@timestamp": "2019-02-04T15:40:02.718Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "192.168.176.11" ] }, - "log": { - "level": "trace" - }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-02-04T15:40:02.718Z", "client": { - "port": 36262, - "ip": "192.168.176.11" + "ip": "192.168.176.11", + "port": 36262 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T02:38:49.677274697Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:17:56.064970025Z", + "kind": "event", "original": "[1] 2019/02/04 15:40:02.718007 [TRC] 192.168.176.11:36262 - cid:4 - -\u003e\u003e [PUB _INBOX.e3hAUbP4r5wbjw3Hudw42r.udigGiHn 17]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], - "network": { - "direction": "outbound" - } - }, - { "nats": { "log": { - "msg": { - "type": "payload" - }, "client": { "id": "4" + }, + "msg": { + "bytes": 17, + "subject": "_INBOX.e3hAUbP4r5wbjw3Hudw42r.udigGiHn", + "type": "publish" } } }, + "network": { + "direction": "outbound" + }, "process": { "pid": 1 }, - "@timestamp": "2019-02-04T15:40:02.718Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "192.168.176.11" ] }, - "log": { - "level": "trace" - }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-02-04T15:40:02.718Z", "client": { - "port": 36262, - "ip": "192.168.176.11" + "ip": "192.168.176.11", + "port": 36262 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T02:38:49.677276020Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:17:56.064971122Z", + "kind": "event", "original": "[1] 2019/02/04 15:40:02.718023 [TRC] 192.168.176.11:36262 - cid:4 - -\u003e\u003e MSG_PAYLOAD: [I am fine, agent!]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], - "network": { - "direction": "outbound" - } - }, - { "nats": { "log": { - "msg": { - "type": "message", - "subject": "_INBOX.e3hAUbP4r5wbjw3Hudw42r.udigGiHn", - "bytes": 17, - "sid": "11" - }, "client": { - "id": "3" + "id": "4" + }, + "msg": { + "type": "payload" } } }, + "network": { + "direction": "outbound" + }, "process": { "pid": 1 }, - "@timestamp": "2019-02-04T15:40:02.718Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ - "67.43.156.14" + "192.168.176.11" ] }, - "log": { - "level": "trace" - }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-02-04T15:40:02.718Z", "client": { - "port": 62388, - "ip": "67.43.156.14" + "ip": "67.43.156.14", + "port": 62388 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T02:38:49.677277316Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:17:56.064972447Z", + "kind": "event", "original": "[1] 2019/02/04 15:40:02.718044 [TRC] 67.43.156.14:62388 - cid:3 - \u003c\u003c- [MSG _INBOX.e3hAUbP4r5wbjw3Hudw42r.udigGiHn 11 17]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], - "network": { - "direction": "inbound" - } - }, - { "nats": { "log": { - "msg": { - "type": "publish", - "subject": "aiuser.platinum1.appstats", - "bytes": 1583 - }, "client": { "id": "3" + }, + "msg": { + "bytes": 17, + "sid": "11", + "subject": "_INBOX.e3hAUbP4r5wbjw3Hudw42r.udigGiHn", + "type": "message" } } }, + "network": { + "direction": "inbound" + }, "process": { "pid": 1 }, - "@timestamp": "2019-02-04T15:40:02.717Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "67.43.156.14" ] }, - "log": { - "level": "trace" - }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-02-04T15:40:02.717Z", "client": { - "port": 62388, - "ip": "67.43.156.14" + "ip": "67.43.156.14", + "port": 62388 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T02:38:49.677278699Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:17:56.064973874Z", + "kind": "event", "original": "[1] 2019/02/04 15:40:02.717600 [TRC] 67.43.156.14:62388 - cid:3 - -\u003e\u003e [PUB aiuser.platinum1.appstats 1583]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], - "network": { - "direction": "outbound" - } - }, - { "nats": { "log": { + "client": { + "id": "3" + }, "msg": { - "type": "message", - "subject": "aiuser.platinum1.appstats", "bytes": 1583, - "sid": "6" - }, - "client": { - "id": "4" + "subject": "aiuser.platinum1.appstats", + "type": "publish" } } }, + "network": { + "direction": "outbound" + }, "process": { "pid": 1 }, - "@timestamp": "2019-02-04T15:40:02.717Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ - "192.168.176.11" + "67.43.156.14" ] }, - "log": { - "level": "trace" - }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-02-04T15:40:02.717Z", "client": { - "port": 36262, - "ip": "192.168.176.11" + "ip": "192.168.176.11", + "port": 36262 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T02:38:49.677279994Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:17:56.064974970Z", + "kind": "event", "original": "[1] 2019/02/04 15:40:02.717811 [TRC] 192.168.176.11:36262 - cid:4 - \u003c\u003c- [MSG aiuser.platinum1.appstats 6 1583]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], - "network": { - "direction": "inbound" - } - }, - { "nats": { "log": { - "msg": { - "type": "acknowledge" - }, "client": { - "id": "1" + "id": "4" + }, + "msg": { + "bytes": 1583, + "sid": "6", + "subject": "aiuser.platinum1.appstats", + "type": "message" } } }, + "network": { + "direction": "inbound" + }, "process": { "pid": 1 }, - "@timestamp": "2019-02-16T07:20:08.512Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ - "172.18.0.1" + "192.168.176.11" ] }, - "log": { - "level": "trace" - }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-02-16T07:20:08.512Z", "client": { - "port": 38630, - "ip": "172.18.0.1" + "ip": "172.18.0.1", + "port": 38630 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T02:38:49.677281270Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:17:56.064976055Z", + "kind": "event", "original": "[1] 2019/02/16 07:20:08.512153 [TRC] 172.18.0.1:38630 - cid:1 - \u003c\u003c- [OK]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" + }, + "nats": { + "log": { + "client": { + "id": "1" + }, + "msg": { + "type": "acknowledge" + } + } }, - "tags": [ - "preserve_original_event" - ], "network": { "direction": "inbound" - } + }, + "process": { + "pid": 1 + }, + "related": { + "ip": [ + "172.18.0.1" + ] + }, + "tags": [ + "preserve_original_event" + ] } ] } \ No newline at end of file diff --git a/packages/nats/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/nats/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 61f50ea173d7..3e1a42e6f19e 100644 --- a/packages/nats/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/nats/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '8.0.0' + value: '8.11.0' - rename: field: message target_field: event.original diff --git a/packages/nats/data_stream/log/fields/base-fields.yml b/packages/nats/data_stream/log/fields/base-fields.yml index b60b0c5191ff..ec40410ed9bc 100644 --- a/packages/nats/data_stream/log/fields/base-fields.yml +++ b/packages/nats/data_stream/log/fields/base-fields.yml @@ -13,11 +13,6 @@ - name: input.type description: Type of Filebeat input. type: keyword -- name: log.file.path - description: Full path to the log file this event came from. - example: /var/log/fun-times.log - ignore_above: 1024 - type: keyword - name: log.offset type: long description: Offset of the entry in the log file. diff --git a/packages/nats/data_stream/log/fields/ecs.yml b/packages/nats/data_stream/log/fields/ecs.yml deleted file mode 100644 index 5bdf95442339..000000000000 --- a/packages/nats/data_stream/log/fields/ecs.yml +++ /dev/null @@ -1,26 +0,0 @@ -- external: ecs - name: client.ip -- external: ecs - name: client.port -- external: ecs - name: ecs.version -- external: ecs - name: error.message -- external: ecs - name: event.created -- external: ecs - name: event.kind -- external: ecs - name: event.type -- external: ecs - name: log.level -- external: ecs - name: message -- external: ecs - name: network.direction -- external: ecs - name: process.pid -- external: ecs - name: related.ip -- external: ecs - name: tags diff --git a/packages/nats/data_stream/log/sample_event.json b/packages/nats/data_stream/log/sample_event.json index 194839a89e8e..54f814f2f3b6 100644 --- a/packages/nats/data_stream/log/sample_event.json +++ b/packages/nats/data_stream/log/sample_event.json @@ -1,89 +1,89 @@ { - "nats": { - "log": { - "msg": { - "type": "payload" - }, - "client": { - "id": "86" - } - } - }, + "@timestamp": "2020-11-25T11:50:17.759Z", "agent": { + "ephemeral_id": "4f1426bb-db10-4b5d-9e1c-ba6da401dc34", "hostname": "5706c620a165", - "name": "5706c620a165", "id": "25c804ef-d8c8-4a2e-9228-64213daef566", + "name": "5706c620a165", "type": "filebeat", - "ephemeral_id": "4f1426bb-db10-4b5d-9e1c-ba6da401dc34", "version": "7.11.0" }, - "process": { - "pid": 6 + "client": { + "ip": "192.168.192.3", + "port": 53482 }, - "log": { - "file": { - "path": "/var/log/nats/nats.log" - }, - "offset": 36865655, - "level": "trace" + "data_stream": { + "dataset": "nats.log", + "namespace": "default", + "type": "logs" + }, + "ecs": { + "version": "8.11.0" }, "elastic_agent": { "id": "5a7b52c1-66ae-47ce-ad18-70dadf1bedfa", - "version": "7.11.0", - "snapshot": true - }, - "network": { - "direction": "inbound" - }, - "input": { - "type": "log" - }, - "@timestamp": "2020-11-25T11:50:17.759Z", - "ecs": { - "version": "1.6.0" + "snapshot": true, + "version": "7.11.0" }, - "related": { - "ip": [ - "192.168.192.3" + "event": { + "created": "2020-11-25T11:53:04.192Z", + "dataset": "nats.log", + "ingested": "2020-11-25T11:53:10.021181400Z", + "kind": "event", + "type": [ + "info" ] }, - "data_stream": { - "namespace": "default", - "type": "logs", - "dataset": "nats.log" - }, "host": { - "hostname": "5706c620a165", - "os": { - "kernel": "4.9.184-linuxkit", - "codename": "Core", - "name": "CentOS Linux", - "family": "redhat", - "version": "7 (Core)", - "platform": "centos" - }, + "architecture": "x86_64", "containerized": true, + "hostname": "5706c620a165", + "id": "06c26569966fd125c15acac5d7feffb6", "ip": [ "192.168.192.8" ], - "name": "5706c620a165", - "id": "06c26569966fd125c15acac5d7feffb6", "mac": [ - "02:42:c0:a8:c0:08" + "02-42-C0-A8-F5-07" ], - "architecture": "x86_64" + "name": "5706c620a165", + "os": { + "codename": "Core", + "family": "redhat", + "kernel": "4.9.184-linuxkit", + "name": "CentOS Linux", + "platform": "centos", + "version": "7 (Core)" + } }, - "client": { - "port": 53482, - "ip": "192.168.192.3" + "input": { + "type": "log" }, - "event": { - "ingested": "2020-11-25T11:53:10.021181400Z", - "created": "2020-11-25T11:53:04.192Z", - "kind": "event", - "type": [ - "info" - ], - "dataset": "nats.log" + "log": { + "file": { + "path": "/var/log/nats/nats.log" + }, + "level": "trace", + "offset": 36865655 + }, + "nats": { + "log": { + "client": { + "id": "86" + }, + "msg": { + "type": "payload" + } + } + }, + "network": { + "direction": "inbound" + }, + "process": { + "pid": 6 + }, + "related": { + "ip": [ + "192.168.192.3" + ] } } \ No newline at end of file diff --git a/packages/nats/data_stream/route/fields/ecs.yml b/packages/nats/data_stream/route/fields/ecs.yml index d3c8fbe2618e..37cf21eb8269 100644 --- a/packages/nats/data_stream/route/fields/ecs.yml +++ b/packages/nats/data_stream/route/fields/ecs.yml @@ -1,10 +1,6 @@ -- external: ecs - name: ecs.version - external: ecs name: service.address dimension: true -- external: ecs - name: service.type - external: ecs name: agent.id dimension: true @@ -28,4 +24,4 @@ dimension: true - external: ecs name: host.name - dimension: true \ No newline at end of file + dimension: true diff --git a/packages/nats/data_stream/route/manifest.yml b/packages/nats/data_stream/route/manifest.yml index 13269e4e0209..e45faf790fd2 100644 --- a/packages/nats/data_stream/route/manifest.yml +++ b/packages/nats/data_stream/route/manifest.yml @@ -14,4 +14,4 @@ streams: enabled: false description: Collect metrics for all NATS routes elasticsearch: - index_mode: "time_series" \ No newline at end of file + index_mode: "time_series" diff --git a/packages/nats/data_stream/route/sample_event.json b/packages/nats/data_stream/route/sample_event.json index 5327ad9c68d0..185e58efdd0c 100644 --- a/packages/nats/data_stream/route/sample_event.json +++ b/packages/nats/data_stream/route/sample_event.json @@ -1,11 +1,11 @@ { - "@timestamp": "2022-01-12T02:49:43.071Z", + "@timestamp": "2024-06-18T06:44:35.066Z", "agent": { - "ephemeral_id": "7603b971-4c23-4474-94d7-736540cccfbc", - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "ephemeral_id": "6003d8f1-6313-4eb7-8d62-101876d13951", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "8.0.0-beta1" + "version": "8.13.0" }, "data_stream": { "dataset": "nats.route", @@ -13,40 +13,36 @@ "type": "metrics" }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, "elastic_agent": { - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", "dataset": "nats.route", - "duration": 37120483, - "ingested": "2022-01-12T02:49:47Z", + "duration": 1372502, + "ingested": "2024-06-18T06:44:47Z", "module": "nats" }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", - "id": "4ccba669f0df47fa3f57a9e4169ae7f1", - "ip": [ - "172.18.0.4" - ], - "mac": [ - "02:42:ac:12:00:04" - ], + "id": "8259e024976a406e8a54cdbffeb84fec", + "ip": "192.168.245.7", + "mac": "02-42-C0-A8-F5-07", "name": "docker-fleet-agent", "os": { - "codename": "Core", - "family": "redhat", - "kernel": "5.11.0-44-generic", - "name": "CentOS Linux", - "platform": "centos", + "codename": "focal", + "family": "debian", + "kernel": "3.10.0-1160.102.1.el7.x86_64", + "name": "Ubuntu", + "platform": "ubuntu", "type": "linux", - "version": "7 (Core)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "metricset": { @@ -59,18 +55,18 @@ "bytes": 0, "messages": 0 }, - "ip": "172.23.0.2", + "ip": "192.168.254.2", "out": { "bytes": 0, "messages": 0 }, "pending_size": 0, - "port": 43132, - "remote_id": "ND6TIOITFXLQL7IOQ6YF4YA76FO5DZKZ7RADTQFJH5Y22554RBAN23HE", + "port": 43212, + "remote_id": "NDLBUBM32KU4PB6T3NDNQOFUCNPVHPGEVLS5K2CYY2RHGOV6M3UBBXCF", "subscriptions": 0 }, "server": { - "id": "NDLSAJ5QGWF5IZJSOSOC7P22NTXGFIQMULUEZR2VC4HT4STJU6L36AIB" + "id": "NADJLTRJXDJIDP4EJTJ2ZLIYQENQKIRX23VYDPNGHPAWEAHLESEEENNM" } }, "service": { diff --git a/packages/nats/data_stream/routes/fields/ecs.yml b/packages/nats/data_stream/routes/fields/ecs.yml index d3c8fbe2618e..37cf21eb8269 100644 --- a/packages/nats/data_stream/routes/fields/ecs.yml +++ b/packages/nats/data_stream/routes/fields/ecs.yml @@ -1,10 +1,6 @@ -- external: ecs - name: ecs.version - external: ecs name: service.address dimension: true -- external: ecs - name: service.type - external: ecs name: agent.id dimension: true @@ -28,4 +24,4 @@ dimension: true - external: ecs name: host.name - dimension: true \ No newline at end of file + dimension: true diff --git a/packages/nats/data_stream/routes/manifest.yml b/packages/nats/data_stream/routes/manifest.yml index b86d4a66c933..26e77c256d8b 100644 --- a/packages/nats/data_stream/routes/manifest.yml +++ b/packages/nats/data_stream/routes/manifest.yml @@ -13,4 +13,4 @@ streams: title: NATS routes generic metrics description: Collect NATS generic routes metrics elasticsearch: - index_mode: "time_series" \ No newline at end of file + index_mode: "time_series" diff --git a/packages/nats/data_stream/routes/sample_event.json b/packages/nats/data_stream/routes/sample_event.json index c9d44e7397ed..e887330a4b7f 100644 --- a/packages/nats/data_stream/routes/sample_event.json +++ b/packages/nats/data_stream/routes/sample_event.json @@ -1,11 +1,11 @@ { - "@timestamp": "2022-01-12T02:52:26.015Z", + "@timestamp": "2024-06-18T06:46:57.937Z", "agent": { - "ephemeral_id": "5ca072d2-2eac-4cad-9a39-bdfec64f2640", - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "ephemeral_id": "109393c6-0e20-4b2a-b653-3fa5e35b5f7c", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "8.0.0-beta1" + "version": "8.13.0" }, "data_stream": { "dataset": "nats.routes", @@ -13,40 +13,36 @@ "type": "metrics" }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, "elastic_agent": { - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", "dataset": "nats.routes", - "duration": 29566227, - "ingested": "2022-01-12T02:52:29Z", + "duration": 1390061, + "ingested": "2024-06-18T06:47:09Z", "module": "nats" }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", - "id": "4ccba669f0df47fa3f57a9e4169ae7f1", - "ip": [ - "172.18.0.4" - ], - "mac": [ - "02:42:ac:12:00:04" - ], + "id": "8259e024976a406e8a54cdbffeb84fec", + "ip": "192.168.245.7", + "mac": "02-42-C0-A8-F5-07", "name": "docker-fleet-agent", "os": { - "codename": "Core", - "family": "redhat", - "kernel": "5.11.0-44-generic", - "name": "CentOS Linux", - "platform": "centos", + "codename": "focal", + "family": "debian", + "kernel": "3.10.0-1160.102.1.el7.x86_64", + "name": "Ubuntu", + "platform": "ubuntu", "type": "linux", - "version": "7 (Core)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "metricset": { @@ -58,8 +54,8 @@ "total": 1 }, "server": { - "id": "NAGYMNF4IADKFHPNJEJMQUWPYUVOWX3KC3V2UINL5QJYDVGIAZB7N3L6", - "time": "2022-01-12T02:52:26.015311657Z" + "id": "NCTCCFMHSIRDQEDRY54BNE6H5D2S476BITJEDHPZMOMCKZOITM6WWA6V", + "time": "2024-06-18T06:46:57.937Z" } }, "service": { diff --git a/packages/nats/data_stream/stats/fields/ecs.yml b/packages/nats/data_stream/stats/fields/ecs.yml index d3c8fbe2618e..37cf21eb8269 100644 --- a/packages/nats/data_stream/stats/fields/ecs.yml +++ b/packages/nats/data_stream/stats/fields/ecs.yml @@ -1,10 +1,6 @@ -- external: ecs - name: ecs.version - external: ecs name: service.address dimension: true -- external: ecs - name: service.type - external: ecs name: agent.id dimension: true @@ -28,4 +24,4 @@ dimension: true - external: ecs name: host.name - dimension: true \ No newline at end of file + dimension: true diff --git a/packages/nats/data_stream/stats/manifest.yml b/packages/nats/data_stream/stats/manifest.yml index 1d9d76c1759b..436e558027e8 100644 --- a/packages/nats/data_stream/stats/manifest.yml +++ b/packages/nats/data_stream/stats/manifest.yml @@ -13,4 +13,4 @@ streams: title: NATS stats description: Collect NATS stats elasticsearch: - index_mode: "time_series" \ No newline at end of file + index_mode: "time_series" diff --git a/packages/nats/data_stream/stats/sample_event.json b/packages/nats/data_stream/stats/sample_event.json index 9a0068f73197..b6bbdfeedf29 100644 --- a/packages/nats/data_stream/stats/sample_event.json +++ b/packages/nats/data_stream/stats/sample_event.json @@ -1,11 +1,11 @@ { - "@timestamp": "2022-01-12T02:55:11.384Z", + "@timestamp": "2024-06-18T06:49:17.492Z", "agent": { - "ephemeral_id": "259312b7-26e3-4a70-8c3a-720386a6a71e", - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "ephemeral_id": "4b9c9086-97a0-4aec-9cc4-b227f25eaf7b", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "8.0.0-beta1" + "version": "8.13.0" }, "data_stream": { "dataset": "nats.stats", @@ -13,40 +13,36 @@ "type": "metrics" }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, "elastic_agent": { - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", "dataset": "nats.stats", - "duration": 49665904, - "ingested": "2022-01-12T02:55:14Z", + "duration": 1739425, + "ingested": "2024-06-18T06:49:29Z", "module": "nats" }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", - "id": "4ccba669f0df47fa3f57a9e4169ae7f1", - "ip": [ - "172.18.0.4" - ], - "mac": [ - "02:42:ac:12:00:04" - ], + "id": "8259e024976a406e8a54cdbffeb84fec", + "ip": "192.168.245.7", + "mac": "02-42-C0-A8-F5-07", "name": "docker-fleet-agent", "os": { - "codename": "Core", - "family": "redhat", - "kernel": "5.11.0-44-generic", - "name": "CentOS Linux", - "platform": "centos", + "codename": "focal", + "family": "debian", + "kernel": "3.10.0-1160.102.1.el7.x86_64", + "name": "Ubuntu", + "platform": "ubuntu", "type": "linux", - "version": "7 (Core)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "metricset": { @@ -55,12 +51,12 @@ }, "nats": { "server": { - "id": "NCXFULRLCZMWAWXMVPHIAESOUAOURC2INJOQFODIMJ2IHZ3QE7BH7X74", - "time": "2022-01-12T02:55:11.384194105Z" + "id": "NDCZVPEIJLTFLUSYR6Y4OSKTDJ5QD4LTTBSOKJ6HPX3K3QZPF6CI6VMI", + "time": "2024-06-18T06:49:17.492Z" }, "stats": { - "cores": 1, - "cpu": 0.28, + "cores": 12, + "cpu": 1.03, "http": { "req_stats": { "uri": { @@ -68,16 +64,16 @@ "root": 0, "routez": 0, "subsz": 0, - "varz": 2 + "varz": 1 } } }, "in": { - "bytes": 13072240, - "messages": 817015 + "bytes": 29849184, + "messages": 1865574 }, "mem": { - "bytes": 12103680 + "bytes": 8806400 }, "out": { "bytes": 0, @@ -86,7 +82,7 @@ "remotes": 1, "slow_consumers": 0, "total_connections": 1, - "uptime": 23 + "uptime": 13 } }, "service": { diff --git a/packages/nats/data_stream/subscriptions/fields/ecs.yml b/packages/nats/data_stream/subscriptions/fields/ecs.yml index d3c8fbe2618e..37cf21eb8269 100644 --- a/packages/nats/data_stream/subscriptions/fields/ecs.yml +++ b/packages/nats/data_stream/subscriptions/fields/ecs.yml @@ -1,10 +1,6 @@ -- external: ecs - name: ecs.version - external: ecs name: service.address dimension: true -- external: ecs - name: service.type - external: ecs name: agent.id dimension: true @@ -28,4 +24,4 @@ dimension: true - external: ecs name: host.name - dimension: true \ No newline at end of file + dimension: true diff --git a/packages/nats/data_stream/subscriptions/manifest.yml b/packages/nats/data_stream/subscriptions/manifest.yml index bfa52ccd008b..f02106dbe692 100644 --- a/packages/nats/data_stream/subscriptions/manifest.yml +++ b/packages/nats/data_stream/subscriptions/manifest.yml @@ -13,4 +13,4 @@ streams: title: NATS subscriptions metrics description: Collect NATS subscriptions metrics elasticsearch: - index_mode: "time_series" \ No newline at end of file + index_mode: "time_series" diff --git a/packages/nats/data_stream/subscriptions/sample_event.json b/packages/nats/data_stream/subscriptions/sample_event.json index 6fa8517e2dab..7b6d903f6820 100644 --- a/packages/nats/data_stream/subscriptions/sample_event.json +++ b/packages/nats/data_stream/subscriptions/sample_event.json @@ -1,11 +1,11 @@ { - "@timestamp": "2022-01-12T02:57:55.837Z", + "@timestamp": "2024-06-18T06:51:43.719Z", "agent": { - "ephemeral_id": "29d75d7c-e650-4bf4-ba7a-f769e4edd5da", - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "ephemeral_id": "20d397d4-1143-4670-8a66-d8b8bceb57ac", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "8.0.0-beta1" + "version": "8.13.0" }, "data_stream": { "dataset": "nats.subscriptions", @@ -13,40 +13,36 @@ "type": "metrics" }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, "elastic_agent": { - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", "dataset": "nats.subscriptions", - "duration": 11100010, - "ingested": "2022-01-12T02:57:59Z", + "duration": 1163583, + "ingested": "2024-06-18T06:51:55Z", "module": "nats" }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", - "id": "4ccba669f0df47fa3f57a9e4169ae7f1", - "ip": [ - "172.18.0.4" - ], - "mac": [ - "02:42:ac:12:00:04" - ], + "id": "8259e024976a406e8a54cdbffeb84fec", + "ip": "192.168.245.7", + "mac": "02-42-C0-A8-F5-07", "name": "docker-fleet-agent", "os": { - "codename": "Core", - "family": "redhat", - "kernel": "5.11.0-44-generic", - "name": "CentOS Linux", - "platform": "centos", + "codename": "focal", + "family": "debian", + "kernel": "3.10.0-1160.102.1.el7.x86_64", + "name": "Ubuntu", + "platform": "ubuntu", "type": "linux", - "version": "7 (Core)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "metricset": { diff --git a/packages/nats/docs/README.md b/packages/nats/docs/README.md index 4ef8f8701233..e9797a6d6b43 100644 --- a/packages/nats/docs/README.md +++ b/packages/nats/docs/README.md @@ -18,118 +18,112 @@ An example event for `log` looks as following: ```json { - "nats": { - "log": { - "msg": { - "type": "payload" - }, - "client": { - "id": "86" - } - } - }, + "@timestamp": "2020-11-25T11:50:17.759Z", "agent": { + "ephemeral_id": "4f1426bb-db10-4b5d-9e1c-ba6da401dc34", "hostname": "5706c620a165", - "name": "5706c620a165", "id": "25c804ef-d8c8-4a2e-9228-64213daef566", + "name": "5706c620a165", "type": "filebeat", - "ephemeral_id": "4f1426bb-db10-4b5d-9e1c-ba6da401dc34", "version": "7.11.0" }, - "process": { - "pid": 6 + "client": { + "ip": "192.168.192.3", + "port": 53482 }, - "log": { - "file": { - "path": "/var/log/nats/nats.log" - }, - "offset": 36865655, - "level": "trace" + "data_stream": { + "dataset": "nats.log", + "namespace": "default", + "type": "logs" + }, + "ecs": { + "version": "8.11.0" }, "elastic_agent": { "id": "5a7b52c1-66ae-47ce-ad18-70dadf1bedfa", - "version": "7.11.0", - "snapshot": true - }, - "network": { - "direction": "inbound" - }, - "input": { - "type": "log" - }, - "@timestamp": "2020-11-25T11:50:17.759Z", - "ecs": { - "version": "1.6.0" + "snapshot": true, + "version": "7.11.0" }, - "related": { - "ip": [ - "192.168.192.3" + "event": { + "created": "2020-11-25T11:53:04.192Z", + "dataset": "nats.log", + "ingested": "2020-11-25T11:53:10.021181400Z", + "kind": "event", + "type": [ + "info" ] }, - "data_stream": { - "namespace": "default", - "type": "logs", - "dataset": "nats.log" - }, "host": { - "hostname": "5706c620a165", - "os": { - "kernel": "4.9.184-linuxkit", - "codename": "Core", - "name": "CentOS Linux", - "family": "redhat", - "version": "7 (Core)", - "platform": "centos" - }, + "architecture": "x86_64", "containerized": true, + "hostname": "5706c620a165", + "id": "06c26569966fd125c15acac5d7feffb6", "ip": [ "192.168.192.8" ], - "name": "5706c620a165", - "id": "06c26569966fd125c15acac5d7feffb6", "mac": [ - "02:42:c0:a8:c0:08" + "02-42-C0-A8-F5-07" ], - "architecture": "x86_64" + "name": "5706c620a165", + "os": { + "codename": "Core", + "family": "redhat", + "kernel": "4.9.184-linuxkit", + "name": "CentOS Linux", + "platform": "centos", + "version": "7 (Core)" + } }, - "client": { - "port": 53482, - "ip": "192.168.192.3" + "input": { + "type": "log" }, - "event": { - "ingested": "2020-11-25T11:53:10.021181400Z", - "created": "2020-11-25T11:53:04.192Z", - "kind": "event", - "type": [ - "info" - ], - "dataset": "nats.log" + "log": { + "file": { + "path": "/var/log/nats/nats.log" + }, + "level": "trace", + "offset": 36865655 + }, + "nats": { + "log": { + "client": { + "id": "86" + }, + "msg": { + "type": "payload" + } + } + }, + "network": { + "direction": "inbound" + }, + "process": { + "pid": 6 + }, + "related": { + "ip": [ + "192.168.192.3" + ] } } ``` +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | |---|---|---| | @timestamp | Event timestamp. | date | -| client.ip | IP address of the client (IPv4 or IPv6). | ip | -| client.port | Port of the client. | long | | data_stream.dataset | Data stream dataset. | constant_keyword | | data_stream.namespace | Data stream namespace. | constant_keyword | | data_stream.type | Data stream type. | constant_keyword | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | -| error.message | Error message. | match_only_text | -| event.created | event.created contains the date/time when the event was first read by an agent, or by your pipeline. This field is distinct from @timestamp in that @timestamp typically contain the time extracted from the original event. In most situations, these two timestamps will be slightly different. The difference can be used to calculate the delay between your source generating an event, and the time when your agent first processed it. This can be used to monitor your agent's or pipeline's ability to keep up with your event source. In case the two timestamps are identical, @timestamp should be used. | date | | event.dataset | Event dataset | constant_keyword | -| event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword | | event.module | Event module | constant_keyword | -| event.type | This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. `event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. This field is an array. This will allow proper categorization of some events that fall in multiple event types. | keyword | | input.type | Type of Filebeat input. | keyword | -| log.file.path | Full path to the log file this event came from. | keyword | -| log.level | Original log level of the log event. If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). Some examples are `warn`, `err`, `i`, `informational`. | keyword | | log.offset | Offset of the entry in the log file. | long | -| message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | nats.log.client.id | The id of the client | integer | | nats.log.msg.bytes | Size of the payload in bytes | long | | nats.log.msg.error.message | Details about the error occurred | text | @@ -139,10 +133,6 @@ An example event for `log` looks as following: | nats.log.msg.sid | The unique alphanumeric subscription ID of the subject | integer | | nats.log.msg.subject | Subject name this message was received on | keyword | | nats.log.msg.type | The protocol message type | keyword | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | -| process.pid | Process id. | long | -| related.ip | All of the IPs seen on your event. | ip | -| tags | List of keywords used to tag each event. | keyword | ## Metrics @@ -160,13 +150,13 @@ An example event for `stats` looks as following: ```json { - "@timestamp": "2022-01-12T02:55:11.384Z", + "@timestamp": "2024-06-18T06:49:17.492Z", "agent": { - "ephemeral_id": "259312b7-26e3-4a70-8c3a-720386a6a71e", - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "ephemeral_id": "4b9c9086-97a0-4aec-9cc4-b227f25eaf7b", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "8.0.0-beta1" + "version": "8.13.0" }, "data_stream": { "dataset": "nats.stats", @@ -174,40 +164,36 @@ An example event for `stats` looks as following: "type": "metrics" }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, "elastic_agent": { - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", "dataset": "nats.stats", - "duration": 49665904, - "ingested": "2022-01-12T02:55:14Z", + "duration": 1739425, + "ingested": "2024-06-18T06:49:29Z", "module": "nats" }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", - "id": "4ccba669f0df47fa3f57a9e4169ae7f1", - "ip": [ - "172.18.0.4" - ], - "mac": [ - "02:42:ac:12:00:04" - ], + "id": "8259e024976a406e8a54cdbffeb84fec", + "ip": "192.168.245.7", + "mac": "02-42-C0-A8-F5-07", "name": "docker-fleet-agent", "os": { - "codename": "Core", - "family": "redhat", - "kernel": "5.11.0-44-generic", - "name": "CentOS Linux", - "platform": "centos", + "codename": "focal", + "family": "debian", + "kernel": "3.10.0-1160.102.1.el7.x86_64", + "name": "Ubuntu", + "platform": "ubuntu", "type": "linux", - "version": "7 (Core)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "metricset": { @@ -216,12 +202,12 @@ An example event for `stats` looks as following: }, "nats": { "server": { - "id": "NCXFULRLCZMWAWXMVPHIAESOUAOURC2INJOQFODIMJ2IHZ3QE7BH7X74", - "time": "2022-01-12T02:55:11.384194105Z" + "id": "NDCZVPEIJLTFLUSYR6Y4OSKTDJ5QD4LTTBSOKJ6HPX3K3QZPF6CI6VMI", + "time": "2024-06-18T06:49:17.492Z" }, "stats": { - "cores": 1, - "cpu": 0.28, + "cores": 12, + "cpu": 1.03, "http": { "req_stats": { "uri": { @@ -229,16 +215,16 @@ An example event for `stats` looks as following: "root": 0, "routez": 0, "subsz": 0, - "varz": 2 + "varz": 1 } } }, "in": { - "bytes": 13072240, - "messages": 817015 + "bytes": 29849184, + "messages": 1865574 }, "mem": { - "bytes": 12103680 + "bytes": 8806400 }, "out": { "bytes": 0, @@ -247,7 +233,7 @@ An example event for `stats` looks as following: "remotes": 1, "slow_consumers": 0, "total_connections": 1, - "uptime": 23 + "uptime": 13 } }, "service": { @@ -257,6 +243,10 @@ An example event for `stats` looks as following: } ``` +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | Metric Type | @@ -272,10 +262,9 @@ An example event for `stats` looks as following: | data_stream.dataset | Data stream dataset. | constant_keyword | | | data_stream.namespace | Data stream namespace. | constant_keyword | | | data_stream.type | Data stream type. | constant_keyword | | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | | event.dataset | Event dataset | constant_keyword | | | event.module | Event module | constant_keyword | | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | | nats.server.id | The server ID | keyword | | | nats.server.time | Server time of metric creation | date | | | nats.stats.cores | The number of logical cores the NATS process runs on | integer | gauge | @@ -295,7 +284,6 @@ An example event for `stats` looks as following: | nats.stats.total_connections | The number of totally created clients | long | counter | | nats.stats.uptime | The period the server is up (sec) | long | counter | | service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | | -| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | ### connections @@ -307,13 +295,13 @@ An example event for `connections` looks as following: ```json { - "@timestamp": "2022-01-12T02:46:48.367Z", + "@timestamp": "2024-06-18T06:42:06.763Z", "agent": { - "ephemeral_id": "3886806d-b880-4842-a4be-79391a8fc2e4", - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "ephemeral_id": "dd10a7db-f158-4b9b-aaf2-af4cdc3d6b06", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "8.0.0-beta1" + "version": "8.13.0" }, "data_stream": { "dataset": "nats.connections", @@ -321,40 +309,36 @@ An example event for `connections` looks as following: "type": "metrics" }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, "elastic_agent": { - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", "dataset": "nats.connections", - "duration": 125128016, - "ingested": "2022-01-12T02:46:50Z", + "duration": 1514602, + "ingested": "2024-06-18T06:42:18Z", "module": "nats" }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", - "id": "4ccba669f0df47fa3f57a9e4169ae7f1", - "ip": [ - "172.18.0.4" - ], - "mac": [ - "02:42:ac:12:00:04" - ], + "id": "8259e024976a406e8a54cdbffeb84fec", + "ip": "192.168.245.7", + "mac": "02-42-C0-A8-F5-07", "name": "docker-fleet-agent", "os": { - "codename": "Core", - "family": "redhat", - "kernel": "5.11.0-44-generic", - "name": "CentOS Linux", - "platform": "centos", + "codename": "focal", + "family": "debian", + "kernel": "3.10.0-1160.102.1.el7.x86_64", + "name": "Ubuntu", + "platform": "ubuntu", "type": "linux", - "version": "7 (Core)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "metricset": { @@ -366,8 +350,8 @@ An example event for `connections` looks as following: "total": 1 }, "server": { - "id": "NBBIEC4H2KI3XR4SUAATGL5INXZZS72ZUYMVJBCLKVDDEWCJCFZOXH7W", - "time": "2022-01-12T02:46:48.367495135Z" + "id": "NCNKDXBFQLH5L4U6H3BPZX2CYTOLLFFFKKMAPUCSKE2QYMMS2S7HGYMN", + "time": "2024-06-18T06:42:06.763Z" } }, "service": { @@ -377,6 +361,10 @@ An example event for `connections` looks as following: } ``` +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | Metric Type | @@ -392,15 +380,13 @@ An example event for `connections` looks as following: | data_stream.dataset | Data stream dataset. | constant_keyword | | | data_stream.namespace | Data stream namespace. | constant_keyword | | | data_stream.type | Data stream type. | constant_keyword | | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | | event.dataset | Event dataset | constant_keyword | | | event.module | Event module | constant_keyword | | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | | nats.connections.total | The number of currently active clients | integer | gauge | | nats.server.id | The server ID | keyword | | | nats.server.time | Server time of metric creation | date | | | service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | | -| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | ### routes @@ -412,13 +398,13 @@ An example event for `routes` looks as following: ```json { - "@timestamp": "2022-01-12T02:52:26.015Z", + "@timestamp": "2024-06-18T06:46:57.937Z", "agent": { - "ephemeral_id": "5ca072d2-2eac-4cad-9a39-bdfec64f2640", - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "ephemeral_id": "109393c6-0e20-4b2a-b653-3fa5e35b5f7c", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "8.0.0-beta1" + "version": "8.13.0" }, "data_stream": { "dataset": "nats.routes", @@ -426,40 +412,36 @@ An example event for `routes` looks as following: "type": "metrics" }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, "elastic_agent": { - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", "dataset": "nats.routes", - "duration": 29566227, - "ingested": "2022-01-12T02:52:29Z", + "duration": 1390061, + "ingested": "2024-06-18T06:47:09Z", "module": "nats" }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", - "id": "4ccba669f0df47fa3f57a9e4169ae7f1", - "ip": [ - "172.18.0.4" - ], - "mac": [ - "02:42:ac:12:00:04" - ], + "id": "8259e024976a406e8a54cdbffeb84fec", + "ip": "192.168.245.7", + "mac": "02-42-C0-A8-F5-07", "name": "docker-fleet-agent", "os": { - "codename": "Core", - "family": "redhat", - "kernel": "5.11.0-44-generic", - "name": "CentOS Linux", - "platform": "centos", + "codename": "focal", + "family": "debian", + "kernel": "3.10.0-1160.102.1.el7.x86_64", + "name": "Ubuntu", + "platform": "ubuntu", "type": "linux", - "version": "7 (Core)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "metricset": { @@ -471,8 +453,8 @@ An example event for `routes` looks as following: "total": 1 }, "server": { - "id": "NAGYMNF4IADKFHPNJEJMQUWPYUVOWX3KC3V2UINL5QJYDVGIAZB7N3L6", - "time": "2022-01-12T02:52:26.015311657Z" + "id": "NCTCCFMHSIRDQEDRY54BNE6H5D2S476BITJEDHPZMOMCKZOITM6WWA6V", + "time": "2024-06-18T06:46:57.937Z" } }, "service": { @@ -482,6 +464,10 @@ An example event for `routes` looks as following: } ``` +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | Metric Type | @@ -497,15 +483,13 @@ An example event for `routes` looks as following: | data_stream.dataset | Data stream dataset. | constant_keyword | | | data_stream.namespace | Data stream namespace. | constant_keyword | | | data_stream.type | Data stream type. | constant_keyword | | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | | event.dataset | Event dataset | constant_keyword | | | event.module | Event module | constant_keyword | | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | | nats.routes.total | The number of registered routes | integer | gauge | | nats.server.id | The server ID | keyword | | | nats.server.time | Server time of metric creation | date | | | service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | | -| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | ### subscriptions @@ -517,13 +501,13 @@ An example event for `subscriptions` looks as following: ```json { - "@timestamp": "2022-01-12T02:57:55.837Z", + "@timestamp": "2024-06-18T06:51:43.719Z", "agent": { - "ephemeral_id": "29d75d7c-e650-4bf4-ba7a-f769e4edd5da", - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "ephemeral_id": "20d397d4-1143-4670-8a66-d8b8bceb57ac", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "8.0.0-beta1" + "version": "8.13.0" }, "data_stream": { "dataset": "nats.subscriptions", @@ -531,40 +515,36 @@ An example event for `subscriptions` looks as following: "type": "metrics" }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, "elastic_agent": { - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", "dataset": "nats.subscriptions", - "duration": 11100010, - "ingested": "2022-01-12T02:57:59Z", + "duration": 1163583, + "ingested": "2024-06-18T06:51:55Z", "module": "nats" }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", - "id": "4ccba669f0df47fa3f57a9e4169ae7f1", - "ip": [ - "172.18.0.4" - ], - "mac": [ - "02:42:ac:12:00:04" - ], + "id": "8259e024976a406e8a54cdbffeb84fec", + "ip": "192.168.245.7", + "mac": "02-42-C0-A8-F5-07", "name": "docker-fleet-agent", "os": { - "codename": "Core", - "family": "redhat", - "kernel": "5.11.0-44-generic", - "name": "CentOS Linux", - "platform": "centos", + "codename": "focal", + "family": "debian", + "kernel": "3.10.0-1160.102.1.el7.x86_64", + "name": "Ubuntu", + "platform": "ubuntu", "type": "linux", - "version": "7 (Core)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "metricset": { @@ -594,6 +574,10 @@ An example event for `subscriptions` looks as following: } ``` +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | Metric Type | @@ -609,10 +593,9 @@ An example event for `subscriptions` looks as following: | data_stream.dataset | Data stream dataset. | constant_keyword | | | data_stream.namespace | Data stream namespace. | constant_keyword | | | data_stream.type | Data stream type. | constant_keyword | | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | | event.dataset | Event dataset | constant_keyword | | | event.module | Event module | constant_keyword | | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | | nats.server.id | The server ID | keyword | | | nats.server.time | Server time of metric creation | date | | | nats.subscriptions.cache.fanout.avg | The average fanout served by cache | double | gauge | @@ -624,7 +607,6 @@ An example event for `subscriptions` looks as following: | nats.subscriptions.removes | The number of remove operations in subscriptions list | long | counter | | nats.subscriptions.total | The number of active subscriptions | integer | gauge | | service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | | -| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | ### connection @@ -636,13 +618,13 @@ An example event for `connection` looks as following: ```json { - "@timestamp": "2022-01-12T02:43:51.172Z", + "@timestamp": "2024-06-18T06:39:34.665Z", "agent": { - "ephemeral_id": "3cf8068e-3998-4da7-b2f1-de14207c5d44", - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "ephemeral_id": "3565b6dd-89b9-4d31-bc0e-52bd652289ee", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "8.0.0-beta1" + "version": "8.13.0" }, "data_stream": { "dataset": "nats.connection", @@ -650,40 +632,36 @@ An example event for `connection` looks as following: "type": "metrics" }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, "elastic_agent": { - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", "dataset": "nats.connection", - "duration": 276175024, - "ingested": "2022-01-12T02:43:52Z", + "duration": 1778759, + "ingested": "2024-06-18T06:39:46Z", "module": "nats" }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", - "id": "4ccba669f0df47fa3f57a9e4169ae7f1", - "ip": [ - "172.18.0.4" - ], - "mac": [ - "02:42:ac:12:00:04" - ], + "id": "8259e024976a406e8a54cdbffeb84fec", + "ip": "192.168.245.7", + "mac": "02-42-C0-A8-F5-07", "name": "docker-fleet-agent", "os": { - "codename": "Core", - "family": "redhat", - "kernel": "5.11.0-44-generic", - "name": "CentOS Linux", - "platform": "centos", + "codename": "focal", + "family": "debian", + "kernel": "3.10.0-1160.102.1.el7.x86_64", + "name": "Ubuntu", + "platform": "ubuntu", "type": "linux", - "version": "7 (Core)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "metricset": { @@ -694,8 +672,8 @@ An example event for `connection` looks as following: "connection": { "idle_time": 0, "in": { - "bytes": 10310992, - "messages": 644437 + "bytes": 31946336, + "messages": 1996646 }, "name": "NATS Benchmark", "out": { @@ -704,10 +682,10 @@ An example event for `connection` looks as following: }, "pending_bytes": 0, "subscriptions": 0, - "uptime": 24 + "uptime": 14 }, "server": { - "id": "NAMJNT4IYFE3N7FCYJWAKX3OKMQVIUSL7CN4EPBUXJNKSCTYCRHSVNTB" + "id": "NCKVGU7EX4KDOQDL6CQIEYBWSAVCA37KXRD5UOGRNGIFXOMDAV3VYKFJ" } }, "service": { @@ -717,6 +695,10 @@ An example event for `connection` looks as following: } ``` +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | Metric Type | @@ -732,10 +714,9 @@ An example event for `connection` looks as following: | data_stream.dataset | Data stream dataset. | constant_keyword | | | data_stream.namespace | Data stream namespace. | constant_keyword | | | data_stream.type | Data stream type. | constant_keyword | | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | | event.dataset | Event dataset | constant_keyword | | | event.module | Event module | constant_keyword | | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | | nats.connection.idle_time | The period the connection is idle (sec) | long | counter | | nats.connection.in.bytes | The amount of incoming bytes | long | counter | | nats.connection.in.messages | The amount of incoming messages | long | counter | @@ -748,7 +729,6 @@ An example event for `connection` looks as following: | nats.server.id | The server ID | keyword | | | nats.server.time | Server time of metric creation | date | | | service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | | -| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | ### route @@ -760,13 +740,13 @@ An example event for `route` looks as following: ```json { - "@timestamp": "2022-01-12T02:49:43.071Z", + "@timestamp": "2024-06-18T06:44:35.066Z", "agent": { - "ephemeral_id": "7603b971-4c23-4474-94d7-736540cccfbc", - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "ephemeral_id": "6003d8f1-6313-4eb7-8d62-101876d13951", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "8.0.0-beta1" + "version": "8.13.0" }, "data_stream": { "dataset": "nats.route", @@ -774,40 +754,36 @@ An example event for `route` looks as following: "type": "metrics" }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, "elastic_agent": { - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", "dataset": "nats.route", - "duration": 37120483, - "ingested": "2022-01-12T02:49:47Z", + "duration": 1372502, + "ingested": "2024-06-18T06:44:47Z", "module": "nats" }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", - "id": "4ccba669f0df47fa3f57a9e4169ae7f1", - "ip": [ - "172.18.0.4" - ], - "mac": [ - "02:42:ac:12:00:04" - ], + "id": "8259e024976a406e8a54cdbffeb84fec", + "ip": "192.168.245.7", + "mac": "02-42-C0-A8-F5-07", "name": "docker-fleet-agent", "os": { - "codename": "Core", - "family": "redhat", - "kernel": "5.11.0-44-generic", - "name": "CentOS Linux", - "platform": "centos", + "codename": "focal", + "family": "debian", + "kernel": "3.10.0-1160.102.1.el7.x86_64", + "name": "Ubuntu", + "platform": "ubuntu", "type": "linux", - "version": "7 (Core)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "metricset": { @@ -820,18 +796,18 @@ An example event for `route` looks as following: "bytes": 0, "messages": 0 }, - "ip": "172.23.0.2", + "ip": "192.168.254.2", "out": { "bytes": 0, "messages": 0 }, "pending_size": 0, - "port": 43132, - "remote_id": "ND6TIOITFXLQL7IOQ6YF4YA76FO5DZKZ7RADTQFJH5Y22554RBAN23HE", + "port": 43212, + "remote_id": "NDLBUBM32KU4PB6T3NDNQOFUCNPVHPGEVLS5K2CYY2RHGOV6M3UBBXCF", "subscriptions": 0 }, "server": { - "id": "NDLSAJ5QGWF5IZJSOSOC7P22NTXGFIQMULUEZR2VC4HT4STJU6L36AIB" + "id": "NADJLTRJXDJIDP4EJTJ2ZLIYQENQKIRX23VYDPNGHPAWEAHLESEEENNM" } }, "service": { @@ -841,6 +817,10 @@ An example event for `route` looks as following: } ``` +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | Metric Type | @@ -856,10 +836,9 @@ An example event for `route` looks as following: | data_stream.dataset | Data stream dataset. | constant_keyword | | | data_stream.namespace | Data stream namespace. | constant_keyword | | | data_stream.type | Data stream type. | constant_keyword | | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | | event.dataset | Event dataset | constant_keyword | | | event.module | Event module | constant_keyword | | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | | nats.route.in.bytes | The amount of incoming bytes | long | counter | | nats.route.in.messages | The amount of incoming messages | long | counter | | nats.route.ip | The ip of the route | ip | | @@ -872,5 +851,4 @@ An example event for `route` looks as following: | nats.server.id | The server ID | keyword | | | nats.server.time | Server time of metric creation | date | | | service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | | -| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | diff --git a/packages/nats/manifest.yml b/packages/nats/manifest.yml index e7ed16eb17cf..6e5b56d93375 100644 --- a/packages/nats/manifest.yml +++ b/packages/nats/manifest.yml @@ -1,6 +1,6 @@ name: nats title: NATS -version: 1.6.0 +version: 1.7.0 release: ga description: Collect logs and metrics from NATS servers with Elastic Agent. type: integration @@ -15,7 +15,8 @@ categories: - observability - message_queue conditions: - kibana.version: "^8.10.2" + kibana: + version: "^8.13.0" screenshots: - src: /img/filebeat_nats_dashboard.png title: Filebeat NATS Dashboard diff --git a/packages/oracle_weblogic/_dev/build/build.yml b/packages/oracle_weblogic/_dev/build/build.yml index aaafc5d833b6..2bfcfc223b04 100755 --- a/packages/oracle_weblogic/_dev/build/build.yml +++ b/packages/oracle_weblogic/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.5.1 + reference: "git@v8.11.0" diff --git a/packages/oracle_weblogic/_dev/build/docs/README.md b/packages/oracle_weblogic/_dev/build/docs/README.md index f000dae45f83..e18bf219626f 100644 --- a/packages/oracle_weblogic/_dev/build/docs/README.md +++ b/packages/oracle_weblogic/_dev/build/docs/README.md @@ -47,6 +47,10 @@ The `access` data stream collects Access logs form `Access.log`. {{event "access"}} +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "access"}} ### Admin Server logs @@ -55,6 +59,10 @@ The `admin_server` data stream collects Admin Server logs from `Adminserver.log` {{event "admin_server"}} +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "admin_server"}} ### Domain logs @@ -63,6 +71,10 @@ The `domain` data stream collects Domain logs from `Domain.log`. {{event "domain"}} +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "domain"}} ### Managed Server Logs @@ -71,6 +83,10 @@ The `managed_server` data stream collects Managed Server logs from `Managedserve {{event "managed_server"}} +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "managed_server"}} ## Metrics @@ -81,6 +97,10 @@ The `deployed_application` data stream collects metrics of Deployed Application. {{event "deployed_application"}} +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "deployed_application"}} ### ThreadPool metrics @@ -89,4 +109,8 @@ This `threadpool` data stream collects metrics of ThreadPool. {{event "threadpool"}} +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "threadpool"}} diff --git a/packages/oracle_weblogic/changelog.yml b/packages/oracle_weblogic/changelog.yml index a51054204661..6f2e64f5af0c 100644 --- a/packages/oracle_weblogic/changelog.yml +++ b/packages/oracle_weblogic/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: ECS version updated to 8.11.0. Update the kibana constraint to ^8.13.0. Modified the field definitions to remove ECS fields made redundant by the ecs@mappings component template. + type: enhancement + link: https://github.com/elastic/integrations/pull/10171 - version: "1.6.0" changes: - description: Add global filter on data_stream.dataset to improve performance. diff --git a/packages/oracle_weblogic/data_stream/access/_dev/test/pipeline/test-access.log-expected.json b/packages/oracle_weblogic/data_stream/access/_dev/test/pipeline/test-access.log-expected.json index 190ffa109e87..5a1780342d3f 100644 --- a/packages/oracle_weblogic/data_stream/access/_dev/test/pipeline/test-access.log-expected.json +++ b/packages/oracle_weblogic/data_stream/access/_dev/test/pipeline/test-access.log-expected.json @@ -3,17 +3,19 @@ { "@timestamp": "2022-03-26T18:10:05.000Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "network" ], - "ingested": "2023-10-13T11:27:51.595108679Z", + "ingested": "2024-06-17T12:35:30.050027447Z", "kind": "event", "module": "oracle_weblogic", "original": "172.17.32.1 - - [26/Mar/2022:23:40:05 +0530] \"GET /medrec/javax.faces.resource/welcome.jpg.xhtml?ln=img&con=bayland HTTP/1.1\" 200 844071 ", - "type": "access" + "type": [ + "access" + ] }, "host": { "ip": [ @@ -44,17 +46,19 @@ { "@timestamp": "2022-03-26T18:10:05.000Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "network" ], - "ingested": "2023-10-13T11:27:51.595116845Z", + "ingested": "2024-06-17T12:35:30.050038021Z", "kind": "event", "module": "oracle_weblogic", "original": "172.17.32.1 - - [26/Mar/2022:23:40:05 +0530] \"GET /favicon.ico HTTP/1.1\" 404 1164 ", - "type": "access" + "type": [ + "access" + ] }, "host": { "ip": [ @@ -85,17 +89,19 @@ { "@timestamp": "2022-03-26T18:10:39.000Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "network" ], - "ingested": "2023-10-13T11:27:51.595117970Z", + "ingested": "2024-06-17T12:35:30.050039755Z", "kind": "event", "module": "oracle_weblogic", "original": "0:0:0:0:0:0:0:1 - - [26/Mar/2022:23:40:39 +0530] \"GET /favicon.ico HTTP/1.1\" 404 1164 ", - "type": "access" + "type": [ + "access" + ] }, "host": { "ip": [ @@ -126,17 +132,19 @@ { "@timestamp": "2022-03-26T18:13:44.000Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "network" ], - "ingested": "2023-10-13T11:27:51.595118887Z", + "ingested": "2024-06-17T12:35:30.050041221Z", "kind": "event", "module": "oracle_weblogic", "original": "172.17.32.1 - - [26/Mar/2022:23:43:44 +0530] \"GET /medrec/index.xhtml HTTP/1.1\" 200 8863 ", - "type": "access" + "type": [ + "access" + ] }, "host": { "ip": [ @@ -167,17 +175,19 @@ { "@timestamp": "2022-03-26T18:13:45.000Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "network" ], - "ingested": "2023-10-13T11:27:51.595119762Z", + "ingested": "2024-06-17T12:35:30.050042816Z", "kind": "event", "module": "oracle_weblogic", "original": "172.17.32.1 - - [26/Mar/2022:23:43:45 +0530] \"GET /medrec/javax.faces.resource/admin.jpg.xhtml?ln=img&con=bayland HTTP/1.1\" 200 8116 ", - "type": "access" + "type": [ + "access" + ] }, "host": { "ip": [ @@ -208,17 +218,19 @@ { "@timestamp": "2022-03-26T18:13:45.000Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "network" ], - "ingested": "2023-10-13T11:27:51.595120637Z", + "ingested": "2024-06-17T12:35:30.050044388Z", "kind": "event", "module": "oracle_weblogic", "original": "172.17.32.1 - - [26/Mar/2022:23:43:45 +0530] \"GET /medrec/javax.faces.resource/patient.jpg.xhtml?ln=img&con=bayland HTTP/1.1\" 200 10096 ", - "type": "access" + "type": [ + "access" + ] }, "host": { "ip": [ @@ -249,17 +261,19 @@ { "@timestamp": "2022-03-26T18:13:45.000Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "network" ], - "ingested": "2023-10-13T11:27:51.595121429Z", + "ingested": "2024-06-17T12:35:30.050045642Z", "kind": "event", "module": "oracle_weblogic", "original": "172.17.32.1 - - [26/Mar/2022:23:43:45 +0530] \"GET /medrec/javax.faces.resource/physician.jpg.xhtml?ln=img&con=bayland HTTP/1.1\" 200 10169 ", - "type": "access" + "type": [ + "access" + ] }, "host": { "ip": [ diff --git a/packages/oracle_weblogic/data_stream/access/elasticsearch/ingest_pipeline/default.yml b/packages/oracle_weblogic/data_stream/access/elasticsearch/ingest_pipeline/default.yml index a0187c735a04..9cec070e9ad4 100644 --- a/packages/oracle_weblogic/data_stream/access/elasticsearch/ingest_pipeline/default.yml +++ b/packages/oracle_weblogic/data_stream/access/elasticsearch/ingest_pipeline/default.yml @@ -8,7 +8,7 @@ processors: ignore_failure: true - set: field: ecs.version - value: 8.5.1 + value: 8.11.0 ignore_empty_value: true ignore_failure: true - set: @@ -23,13 +23,12 @@ processors: ignore_failure: true - set: field: event.type - value: access + value: ["access"] ignore_empty_value: true ignore_failure: true - append: field: event.category - value: - - log + value: ["network"] ignore_failure: true - rename: field: message diff --git a/packages/oracle_weblogic/data_stream/access/fields/ecs.yml b/packages/oracle_weblogic/data_stream/access/fields/ecs.yml deleted file mode 100644 index 4a9639543735..000000000000 --- a/packages/oracle_weblogic/data_stream/access/fields/ecs.yml +++ /dev/null @@ -1,18 +0,0 @@ -- external: ecs - name: ecs.version -- external: ecs - name: host.ip -- external: ecs - name: http.request.method -- external: ecs - name: http.request.referrer -- external: ecs - name: http.response.bytes -- external: ecs - name: http.response.status_code -- external: ecs - name: http.version -- external: ecs - name: log.file.path -- external: ecs - name: tags diff --git a/packages/oracle_weblogic/data_stream/access/sample_event.json b/packages/oracle_weblogic/data_stream/access/sample_event.json index 0a968f24b438..b9acfaa42f50 100644 --- a/packages/oracle_weblogic/data_stream/access/sample_event.json +++ b/packages/oracle_weblogic/data_stream/access/sample_event.json @@ -1,11 +1,11 @@ { - "@timestamp": "2022-03-26T18:10:04.000Z", + "@timestamp": "2024-06-18T06:57:37.000Z", "agent": { - "ephemeral_id": "803b783e-44fb-41f8-ba17-08c31c34aae8", - "id": "d17bdd23-2a9d-4013-abe7-0652f306d69d", + "ephemeral_id": "98e5ffe5-df03-43bc-bb8e-bfb3de694ee6", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.1.0" + "version": "8.13.0" }, "data_stream": { "dataset": "oracle_weblogic.access", @@ -13,53 +13,55 @@ "type": "logs" }, "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "elastic_agent": { - "id": "d17bdd23-2a9d-4013-abe7-0652f306d69d", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.1.0" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", "category": [ - "log" + "network" ], "dataset": "oracle_weblogic.access", - "ingested": "2022-04-25T06:53:32Z", + "ingested": "2024-06-18T06:58:44Z", "kind": "event", "module": "oracle_weblogic", - "original": "172.17.32.1 - - [26/Mar/2022:23:40:04 +0530] \"GET /medrec/start.xhtml HTTP/1.1\" 200 8876 ", - "type": "access" + "type": [ + "access" + ] }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", + "id": "8259e024976a406e8a54cdbffeb84fec", "ip": [ - "172.17.32.1" + "127.0.0.1" ], "mac": [ - "02:42:ac:12:00:07" + "02-42-C0-A8-F5-07" ], "name": "docker-fleet-agent", "os": { "codename": "focal", "family": "debian", - "kernel": "5.4.0-107-generic", + "kernel": "3.10.0-1160.102.1.el7.x86_64", "name": "Ubuntu", "platform": "ubuntu", "type": "linux", - "version": "20.04.3 LTS (Focal Fossa)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "http": { "request": { "method": "GET", - "referrer": "/medrec/start.xhtml" + "referrer": "/sample/index.jsp" }, "response": { - "bytes": 8876, + "bytes": 750, "status_code": 200 }, "version": "1.1" @@ -69,14 +71,14 @@ }, "log": { "file": { - "path": "/tmp/service_logs/oracle-weblogic-access.log" + "path": "/tmp/service_logs/adminserver/logs/access.log" }, "offset": 0 }, "oracle_weblogic": { "access": { "authuser": "-", - "host_address": "172.17.32.1" + "host_address": "127.0.0.1" } }, "tags": [ diff --git a/packages/oracle_weblogic/data_stream/admin_server/_dev/test/pipeline/test-admin-server.log-expected.json b/packages/oracle_weblogic/data_stream/admin_server/_dev/test/pipeline/test-admin-server.log-expected.json index 690ce1d5b8a7..3525144a23e5 100644 --- a/packages/oracle_weblogic/data_stream/admin_server/_dev/test/pipeline/test-admin-server.log-expected.json +++ b/packages/oracle_weblogic/data_stream/admin_server/_dev/test/pipeline/test-admin-server.log-expected.json @@ -3,17 +3,19 @@ { "@timestamp": "2022-03-24T10:29:51.636Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "iam" ], - "ingested": "2023-10-13T11:27:51.720178512Z", + "ingested": "2024-06-17T12:35:30.701408048Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1648117791636> <[severity-value: 64] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "admin" + "type": [ + "admin" + ] }, "log": { "level": "Info" @@ -35,17 +37,19 @@ }, { "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "iam" ], - "ingested": "2023-10-13T11:27:51.720186970Z", + "ingested": "2024-06-17T12:35:30.701419149Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <> <> <> <> <1648117791663> <[severity-value: 64] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "admin" + "type": [ + "admin" + ] }, "tags": [ "preserve_original_event" @@ -72,17 +78,19 @@ { "@timestamp": "2022-03-24T10:29:51.702Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "iam" ], - "ingested": "2023-10-13T11:27:51.720188929Z", + "ingested": "2024-06-17T12:35:30.701422329Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <> <> <> <> <1648117791702> <[severity-value: 64] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "admin" + "type": [ + "admin" + ] }, "log": { "level": "Info" @@ -105,17 +113,19 @@ { "@timestamp": "2022-03-24T10:29:51.703Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "iam" ], - "ingested": "2023-10-13T11:27:51.720189804Z", + "ingested": "2024-06-17T12:35:30.701423674Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <> <> <> <> <1648117791703> <[severity-value: 64] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "admin" + "type": [ + "admin" + ] }, "log": { "level": "Info" @@ -138,17 +148,19 @@ { "@timestamp": "2022-03-24T10:29:51.703Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "iam" ], - "ingested": "2023-10-13T11:27:51.720190637Z", + "ingested": "2024-06-17T12:35:30.701425006Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <> <> <> <> <1648117791703> <[severity-value: 64] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "admin" + "type": [ + "admin" + ] }, "log": { "level": "Info" @@ -171,17 +183,19 @@ { "@timestamp": "2022-03-24T10:29:51.704Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "iam" ], - "ingested": "2023-10-13T11:27:51.720191512Z", + "ingested": "2024-06-17T12:35:30.701426422Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <> <> <> <> <1648117791704> <[severity-value: 64] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "admin" + "type": [ + "admin" + ] }, "log": { "level": "Info" @@ -204,17 +218,19 @@ { "@timestamp": "2022-03-24T10:29:51.857Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "iam" ], - "ingested": "2023-10-13T11:27:51.720192262Z", + "ingested": "2024-06-17T12:35:30.701427891Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <> <> <> <> <1648117791857> <[severity-value: 64] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "admin" + "type": [ + "admin" + ] }, "log": { "level": "Info" @@ -237,17 +253,19 @@ { "@timestamp": "2022-03-24T10:29:51.857Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "iam" ], - "ingested": "2023-10-13T11:27:51.720193012Z", + "ingested": "2024-06-17T12:35:30.701429513Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <> <> <> <> <1648117791857> <[severity-value: 64] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "admin" + "type": [ + "admin" + ] }, "log": { "level": "Info" @@ -270,17 +288,19 @@ { "@timestamp": "2022-03-24T10:29:51.858Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "iam" ], - "ingested": "2023-10-13T11:27:51.720193804Z", + "ingested": "2024-06-17T12:35:30.701431072Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <> <> <> <> <1648117791858> <[severity-value: 64] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "admin" + "type": [ + "admin" + ] }, "log": { "level": "Info" @@ -303,17 +323,19 @@ { "@timestamp": "2022-03-24T10:29:51.858Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "iam" ], - "ingested": "2023-10-13T11:27:51.720194554Z", + "ingested": "2024-06-17T12:35:30.701432611Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <> <> <> <> <1648117791858> <[severity-value: 64] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "admin" + "type": [ + "admin" + ] }, "log": { "level": "Info" @@ -336,17 +358,19 @@ { "@timestamp": "2022-03-24T10:29:51.860Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "iam" ], - "ingested": "2023-10-13T11:27:51.720195429Z", + "ingested": "2024-06-17T12:35:30.701434291Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <> <> <> <> <1648117791860> <[severity-value: 64] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "admin" + "type": [ + "admin" + ] }, "log": { "level": "Info" @@ -369,17 +393,19 @@ { "@timestamp": "2022-03-24T10:29:51.861Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "iam" ], - "ingested": "2023-10-13T11:27:51.720196220Z", + "ingested": "2024-06-17T12:35:30.701435776Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <> <> <> <> <1648117791861> <[severity-value: 64] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "admin" + "type": [ + "admin" + ] }, "log": { "level": "Info" @@ -402,17 +428,19 @@ { "@timestamp": "2022-03-24T10:29:51.864Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "iam" ], - "ingested": "2023-10-13T11:27:51.720200387Z", + "ingested": "2024-06-17T12:35:30.701437732Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <> <> <> <> <1648117791864> <[severity-value: 64] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "admin" + "type": [ + "admin" + ] }, "log": { "level": "Info" @@ -435,17 +463,19 @@ { "@timestamp": "2022-03-24T10:29:51.865Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "iam" ], - "ingested": "2023-10-13T11:27:51.720201970Z", + "ingested": "2024-06-17T12:35:30.701439176Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <> <> <> <> <1648117791865> <[severity-value: 64] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "admin" + "type": [ + "admin" + ] }, "log": { "level": "Info" diff --git a/packages/oracle_weblogic/data_stream/admin_server/elasticsearch/ingest_pipeline/default.yml b/packages/oracle_weblogic/data_stream/admin_server/elasticsearch/ingest_pipeline/default.yml index 9b1453818c16..54806cc6a333 100644 --- a/packages/oracle_weblogic/data_stream/admin_server/elasticsearch/ingest_pipeline/default.yml +++ b/packages/oracle_weblogic/data_stream/admin_server/elasticsearch/ingest_pipeline/default.yml @@ -8,7 +8,7 @@ processors: ignore_failure: true - set: field: ecs.version - value: 8.5.1 + value: 8.11.0 ignore_empty_value: true ignore_failure: true - set: @@ -23,13 +23,12 @@ processors: ignore_failure: true - set: field: event.type - value: admin + value: ["admin"] ignore_empty_value: true ignore_failure: true - append: field: event.category - value: - - log + value: ["iam"] ignore_failure: true - rename: field: message diff --git a/packages/oracle_weblogic/data_stream/admin_server/fields/base-fields.yml b/packages/oracle_weblogic/data_stream/admin_server/fields/base-fields.yml index 1521a0239e8a..e36d466bdd13 100644 --- a/packages/oracle_weblogic/data_stream/admin_server/fields/base-fields.yml +++ b/packages/oracle_weblogic/data_stream/admin_server/fields/base-fields.yml @@ -7,8 +7,6 @@ - name: data_stream.type type: constant_keyword description: Data stream type. -- name: message - external: ecs - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/oracle_weblogic/data_stream/admin_server/fields/ecs.yml b/packages/oracle_weblogic/data_stream/admin_server/fields/ecs.yml deleted file mode 100644 index 40e7af826db4..000000000000 --- a/packages/oracle_weblogic/data_stream/admin_server/fields/ecs.yml +++ /dev/null @@ -1,14 +0,0 @@ -- external: ecs - name: ecs.version -- external: ecs - name: host.ip -- external: ecs - name: log.file.path -- external: ecs - name: log.level -- external: ecs - name: tags -- external: ecs - name: transaction.id -- external: ecs - name: user.id diff --git a/packages/oracle_weblogic/data_stream/admin_server/sample_event.json b/packages/oracle_weblogic/data_stream/admin_server/sample_event.json index 7614303f4da5..a974304a6375 100644 --- a/packages/oracle_weblogic/data_stream/admin_server/sample_event.json +++ b/packages/oracle_weblogic/data_stream/admin_server/sample_event.json @@ -1,11 +1,11 @@ { - "@timestamp": "2022-03-24T10:29:51.865Z", + "@timestamp": "2024-06-18T06:59:47.388Z", "agent": { - "ephemeral_id": "1e785926-cb16-442e-9599-91e10ef5228d", - "id": "2c65d5b2-0806-4fb1-96c2-b9852c73afd0", + "ephemeral_id": "eb27a024-3ff2-4d79-a4c1-86ffd80db450", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.1.0" + "version": "8.13.0" }, "data_stream": { "dataset": "oracle_weblogic.admin_server", @@ -13,44 +13,46 @@ "type": "logs" }, "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "elastic_agent": { - "id": "2c65d5b2-0806-4fb1-96c2-b9852c73afd0", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.1.0" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", "category": [ - "log" + "iam" ], "dataset": "oracle_weblogic.admin_server", - "ingested": "2022-05-09T11:20:10Z", + "ingested": "2024-06-18T07:01:48Z", "kind": "event", "module": "oracle_weblogic", - "original": "####\u003cMar 24, 2022 10:29:51,865 AM GMT\u003e \u003cInfo\u003e \u003cServer\u003e \u003cwlsadmin\u003e \u003c\u003e \u003cThread-11\u003e \u003c\u003e \u003c\u003e \u003c\u003e \u003c1648117791865\u003e \u003c[severity-value: 64] [partition-id: 0] [partition-name: DOMAIN] \u003e \u003cBEA-002622\u003e \u003cThe protocol \"admin\" is now configured.\u003e ", - "type": "admin" + "type": [ + "admin" + ] }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", + "id": "8259e024976a406e8a54cdbffeb84fec", "ip": [ - "172.19.0.6" + "192.168.245.7" ], "mac": [ - "02:42:ac:13:00:06" + "02-42-C0-A8-F5-07" ], "name": "docker-fleet-agent", "os": { "codename": "focal", "family": "debian", - "kernel": "3.10.0-1160.59.1.el7.x86_64", + "kernel": "3.10.0-1160.102.1.el7.x86_64", "name": "Ubuntu", "platform": "ubuntu", "type": "linux", - "version": "20.04.3 LTS (Focal Fossa)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "input": { @@ -58,20 +60,20 @@ }, "log": { "file": { - "path": "/tmp/service_logs/oracle-weblogic-adminserver.log" + "path": "/tmp/service_logs/adminserver/logs/admin-server.log" }, "level": "Info", "offset": 0 }, - "message": "The protocol \"admin\" is now configured.", + "message": "Disabling the CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true.", "oracle_weblogic": { "admin_server": { - "diagnostic_context_id": "1648117791865", + "diagnostic_context_id": "1718693987388", "machine_name": "wlsadmin", - "message_id": "BEA-002622", + "message_id": "BEA-090905", "meta": "[severity-value: 64] [partition-id: 0] [partition-name: DOMAIN] ", - "subsystem": "Server", - "thread_id": "Thread-11" + "subsystem": "Security", + "thread_id": "main" } }, "tags": [ diff --git a/packages/oracle_weblogic/data_stream/deployed_application/elasticsearch/ingest_pipeline/default.yml b/packages/oracle_weblogic/data_stream/deployed_application/elasticsearch/ingest_pipeline/default.yml index 7726aff20650..8b17d3eeb4f8 100644 --- a/packages/oracle_weblogic/data_stream/deployed_application/elasticsearch/ingest_pipeline/default.yml +++ b/packages/oracle_weblogic/data_stream/deployed_application/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Oracle WebLogic Deployed Application metrics. processors: - set: field: ecs.version - value: "8.5.1" + value: "8.11.0" ignore_failure: true - rename: field: message diff --git a/packages/oracle_weblogic/data_stream/deployed_application/fields/ecs.yml b/packages/oracle_weblogic/data_stream/deployed_application/fields/ecs.yml index ffe6c5710530..4c46290bbed8 100644 --- a/packages/oracle_weblogic/data_stream/deployed_application/fields/ecs.yml +++ b/packages/oracle_weblogic/data_stream/deployed_application/fields/ecs.yml @@ -19,33 +19,9 @@ - external: ecs name: container.id dimension: true -- external: ecs - name: ecs.version -- external: ecs - name: error.message -- external: ecs - name: event.category -- external: ecs - name: event.created -- external: ecs - name: event.dataset -- external: ecs - name: event.kind -- external: ecs - name: event.module -- external: ecs - name: event.outcome -- external: ecs - name: event.type -- external: ecs - name: host.ip - external: ecs name: host.name dimension: true - external: ecs name: service.address dimension: true -- external: ecs - name: service.type -- external: ecs - name: tags diff --git a/packages/oracle_weblogic/data_stream/deployed_application/sample_event.json b/packages/oracle_weblogic/data_stream/deployed_application/sample_event.json index 848b46d83874..99579b01fb08 100644 --- a/packages/oracle_weblogic/data_stream/deployed_application/sample_event.json +++ b/packages/oracle_weblogic/data_stream/deployed_application/sample_event.json @@ -1,11 +1,11 @@ { - "@timestamp": "2022-06-01T06:06:16.679Z", + "@timestamp": "2024-06-18T07:03:43.008Z", "agent": { - "ephemeral_id": "9b5302d4-4654-485a-8708-b8c971d7ebd6", - "id": "f5ae4eeb-820b-4f24-a94a-df327091d185", + "ephemeral_id": "dc9d4e03-d8bf-428d-b21a-630a38824bcc", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "8.1.0" + "version": "8.13.0" }, "data_stream": { "dataset": "oracle_weblogic.deployed_application", @@ -13,12 +13,12 @@ "type": "metrics" }, "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "elastic_agent": { - "id": "f5ae4eeb-820b-4f24-a94a-df327091d185", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.1.0" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", @@ -26,8 +26,8 @@ "web" ], "dataset": "oracle_weblogic.deployed_application", - "duration": 27026922, - "ingested": "2022-06-01T06:06:20Z", + "duration": 1954627464, + "ingested": "2024-06-18T07:03:54Z", "kind": "metric", "module": "oracle_weblogic", "type": [ @@ -38,21 +38,22 @@ "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", + "id": "8259e024976a406e8a54cdbffeb84fec", "ip": [ - "172.31.0.7" + "192.168.245.7" ], "mac": [ - "02:42:ac:1f:00:07" + "02-42-C0-A8-F5-07" ], "name": "docker-fleet-agent", "os": { "codename": "focal", "family": "debian", - "kernel": "3.10.0-1160.59.1.el7.x86_64", + "kernel": "3.10.0-1160.102.1.el7.x86_64", "name": "Ubuntu", "platform": "ubuntu", "type": "linux", - "version": "20.04.3 LTS (Focal Fossa)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "metricset": { @@ -76,12 +77,12 @@ } }, "single_threaded_servlet_pool_size": 5, - "source_info": "weblogic.war", + "source_info": "bea_wls_deployment_internal.war", "status": "DEPLOYED" } }, "service": { - "address": "http://elastic-package-service_wlsadmin_1:8005/jolokia", + "address": "http://elastic-package-service-wlsadmin-1:8005/jolokia", "type": "jolokia" }, "tags": [ diff --git a/packages/oracle_weblogic/data_stream/domain/_dev/test/pipeline/test-domain.log-expected.json b/packages/oracle_weblogic/data_stream/domain/_dev/test/pipeline/test-domain.log-expected.json index 5627583dbe43..fcfe897dc797 100644 --- a/packages/oracle_weblogic/data_stream/domain/_dev/test/pipeline/test-domain.log-expected.json +++ b/packages/oracle_weblogic/data_stream/domain/_dev/test/pipeline/test-domain.log-expected.json @@ -3,17 +3,19 @@ { "@timestamp": "2022-03-24T10:30:29.249Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "network" ], - "ingested": "2023-10-18T10:26:25.119684885Z", + "ingested": "2024-06-17T12:35:31.355855498Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <5565e043d1b0> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <1648117829249> <[severity-value: 32] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "Notice" @@ -40,17 +42,19 @@ { "@timestamp": "2022-03-24T10:30:29.296Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "network" ], - "ingested": "2023-10-18T10:26:25.119693760Z", + "ingested": "2024-06-17T12:35:31.355869864Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <5565e043d1b0> <> <> <1648117829296> <[severity-value: 32] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "Notice" @@ -77,17 +81,19 @@ { "@timestamp": "2022-03-24T10:30:29.297Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "network" ], - "ingested": "2023-10-18T10:26:25.119694760Z", + "ingested": "2024-06-17T12:35:31.355871711Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <5565e043d1b0> <> <> <1648117829297> <[severity-value: 32] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "Notice" @@ -114,17 +120,19 @@ { "@timestamp": "2022-03-24T10:30:29.301Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "network" ], - "ingested": "2023-10-18T10:26:25.119695718Z", + "ingested": "2024-06-17T12:35:31.355873207Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <5565e043d1b0> <> <> <1648117829301> <[severity-value: 32] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "Notice" @@ -151,17 +159,19 @@ { "@timestamp": "2022-03-24T10:30:29.301Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "network" ], - "ingested": "2023-10-18T10:26:25.119696468Z", + "ingested": "2024-06-17T12:35:31.355874644Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <5565e043d1b0> <> <> <1648117829301> <[severity-value: 32] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "Notice" @@ -188,17 +198,19 @@ { "@timestamp": "2022-03-24T10:30:29.302Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "network" ], - "ingested": "2023-10-18T10:26:25.119697218Z", + "ingested": "2024-06-17T12:35:31.355876536Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <5565e043d1b0> <[STANDBY] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <1648117829302> <[severity-value: 32] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "Notice" @@ -225,17 +237,19 @@ { "@timestamp": "2022-03-24T10:30:29.395Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "network" ], - "ingested": "2023-10-18T10:26:25.119697968Z", + "ingested": "2024-06-17T12:35:31.355877887Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <5565e043d1b0> <[STANDBY] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <1648117829395> <[severity-value: 32] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "Notice" @@ -262,17 +276,19 @@ { "@timestamp": "2022-03-24T10:30:29.465Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "network" ], - "ingested": "2023-10-18T10:26:25.119698718Z", + "ingested": "2024-06-17T12:35:31.355879385Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <5565e043d1b0> <[STANDBY] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <1648117829465> <[severity-value: 32] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "Notice" @@ -299,17 +315,19 @@ { "@timestamp": "2022-03-24T10:30:27.263Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "network" ], - "ingested": "2023-10-18T10:26:25.119699426Z", + "ingested": "2024-06-17T12:35:31.355880890Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <38f025ff-7924-471b-bac8-a419692aabf9-00000018> <1648117827263> <[severity-value: 16] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "Warning" @@ -336,17 +354,19 @@ { "@timestamp": "2022-03-24T10:30:29.193Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "network" ], - "ingested": "2023-10-18T10:26:25.119700176Z", + "ingested": "2024-06-17T12:35:31.355882333Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <38f025ff-7924-471b-bac8-a419692aabf9-0000001b> <1648117829193> <[severity-value: 32] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "Notice" @@ -373,17 +393,19 @@ { "@timestamp": "2022-03-24T10:30:29.194Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "network" ], - "ingested": "2023-10-18T10:26:25.119700885Z", + "ingested": "2024-06-17T12:35:31.355883828Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <38f025ff-7924-471b-bac8-a419692aabf9-0000001b> <1648117829194> <[severity-value: 32] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "Notice" @@ -410,17 +432,19 @@ { "@timestamp": "2022-03-24T10:30:29.707Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "network" ], - "ingested": "2023-10-18T10:26:25.119701926Z", + "ingested": "2024-06-17T12:35:31.355885513Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <38f025ff-7924-471b-bac8-a419692aabf9-0000001b> <1648117829707> <[severity-value: 32] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "Notice" @@ -447,17 +471,19 @@ { "@timestamp": "2022-03-24T10:30:29.707Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "network" ], - "ingested": "2023-10-18T10:26:25.119702676Z", + "ingested": "2024-06-17T12:35:31.355886878Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <38f025ff-7924-471b-bac8-a419692aabf9-0000001b> <1648117829707> <[severity-value: 32] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "Notice" @@ -484,17 +510,19 @@ { "@timestamp": "2022-03-24T10:30:29.709Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "network" ], - "ingested": "2023-10-18T10:26:25.119703385Z", + "ingested": "2024-06-17T12:35:31.355888214Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <> <> <38f025ff-7924-471b-bac8-a419692aabf9-0000001b> <1648117829709> <[severity-value: 32] [rid: 0:6] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "Notice" @@ -521,17 +549,19 @@ { "@timestamp": "2022-03-24T10:30:29.710Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "network" ], - "ingested": "2023-10-18T10:26:25.119704135Z", + "ingested": "2024-06-17T12:35:31.355889580Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <38f025ff-7924-471b-bac8-a419692aabf9-0000001b> <1648117829710> <[severity-value: 32] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "Notice" diff --git a/packages/oracle_weblogic/data_stream/domain/elasticsearch/ingest_pipeline/default.yml b/packages/oracle_weblogic/data_stream/domain/elasticsearch/ingest_pipeline/default.yml index 006fafafc44a..fb2418cedea0 100644 --- a/packages/oracle_weblogic/data_stream/domain/elasticsearch/ingest_pipeline/default.yml +++ b/packages/oracle_weblogic/data_stream/domain/elasticsearch/ingest_pipeline/default.yml @@ -8,7 +8,7 @@ processors: ignore_failure: true - set: field: ecs.version - value: 8.5.1 + value: 8.11.0 ignore_empty_value: true ignore_failure: true - set: @@ -23,13 +23,12 @@ processors: ignore_failure: true - set: field: event.type - value: info + value: ["info"] ignore_empty_value: true ignore_failure: true - append: field: event.category - value: - - log + value: ["network"] ignore_failure: true - rename: field: message diff --git a/packages/oracle_weblogic/data_stream/domain/fields/base-fields.yml b/packages/oracle_weblogic/data_stream/domain/fields/base-fields.yml index 1521a0239e8a..e36d466bdd13 100644 --- a/packages/oracle_weblogic/data_stream/domain/fields/base-fields.yml +++ b/packages/oracle_weblogic/data_stream/domain/fields/base-fields.yml @@ -7,8 +7,6 @@ - name: data_stream.type type: constant_keyword description: Data stream type. -- name: message - external: ecs - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/oracle_weblogic/data_stream/domain/fields/ecs.yml b/packages/oracle_weblogic/data_stream/domain/fields/ecs.yml deleted file mode 100644 index 40e7af826db4..000000000000 --- a/packages/oracle_weblogic/data_stream/domain/fields/ecs.yml +++ /dev/null @@ -1,14 +0,0 @@ -- external: ecs - name: ecs.version -- external: ecs - name: host.ip -- external: ecs - name: log.file.path -- external: ecs - name: log.level -- external: ecs - name: tags -- external: ecs - name: transaction.id -- external: ecs - name: user.id diff --git a/packages/oracle_weblogic/data_stream/domain/sample_event.json b/packages/oracle_weblogic/data_stream/domain/sample_event.json index fc090c7e4dd6..550df0591840 100644 --- a/packages/oracle_weblogic/data_stream/domain/sample_event.json +++ b/packages/oracle_weblogic/data_stream/domain/sample_event.json @@ -1,11 +1,11 @@ { - "@timestamp": "2022-03-24T10:30:27.263Z", + "@timestamp": "2024-06-18T07:04:50.877Z", "agent": { - "ephemeral_id": "98841608-fe35-4844-b829-880c24a1cef7", - "id": "2f35c5e6-c16d-4b67-a955-b81668aca1aa", + "ephemeral_id": "8593b7b5-07f0-4ec3-bdc4-06ff40098f2e", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.1.0" + "version": "8.13.0" }, "data_stream": { "dataset": "oracle_weblogic.domain", @@ -13,44 +13,46 @@ "type": "logs" }, "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "elastic_agent": { - "id": "2f35c5e6-c16d-4b67-a955-b81668aca1aa", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.1.0" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", "category": [ - "log" + "network" ], "dataset": "oracle_weblogic.domain", - "ingested": "2022-05-09T12:29:51Z", + "ingested": "2024-06-18T07:07:06Z", "kind": "event", "module": "oracle_weblogic", - "original": "####\u003cMar 24, 2022 10:30:27,263 AM GMT\u003e \u003cWarning\u003e \u003cSocket\u003e \u003cwlsadmin\u003e \u003cAdminServer\u003e \u003c[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'\u003e \u003c\u003cWLS Kernel\u003e\u003e \u003c\u003e \u003c38f025ff-7924-471b-bac8-a419692aabf9-00000018\u003e \u003c1648117827263\u003e \u003c[severity-value: 16] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] \u003e \u003cBEA-000449\u003e \u003cClosing the socket, as no data read from it on 172.18.0.1:41,972 during the configured idle timeout of 5 seconds.\u003e ", - "type": "info" + "type": [ + "info" + ] }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", + "id": "8259e024976a406e8a54cdbffeb84fec", "ip": [ - "172.25.0.7" + "192.168.245.7" ], "mac": [ - "02:42:ac:19:00:07" + "02-42-C0-A8-F5-07" ], "name": "docker-fleet-agent", "os": { "codename": "focal", "family": "debian", - "kernel": "3.10.0-1160.59.1.el7.x86_64", + "kernel": "3.10.0-1160.102.1.el7.x86_64", "name": "Ubuntu", "platform": "ubuntu", "type": "linux", - "version": "20.04.3 LTS (Focal Fossa)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "input": { @@ -58,27 +60,24 @@ }, "log": { "file": { - "path": "/tmp/service_logs/oracle-weblogic-domain.log" + "path": "/tmp/service_logs/adminserver/domain1.log" }, - "level": "Warning", - "offset": 2823 + "level": "Notice", + "offset": 0 }, - "message": "Closing the socket, as no data read from it on 172.18.0.1:41,972 during the configured idle timeout of 5 seconds.", + "message": "Security pre-initializing using security realm: myrealm", "oracle_weblogic": { "domain": { - "diagnostic_context_id": "1648117827263", + "diagnostic_context_id": "1718694290877", "machine_name": "wlsadmin", - "message_id": "BEA-000449", - "meta": "[severity-value: 16] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] ", - "server_name": "AdminServer", - "subsystem": "Socket", - "thread_id": "[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'" + "message_id": "BEA-090946", + "meta": "[severity-value: 32] [partition-id: 0] [partition-name: DOMAIN] ", + "server_name": "admin-server", + "subsystem": "Security", + "thread_id": "[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'" } }, "tags": [ "oracle_weblogic-domain" - ], - "transaction": { - "id": "38f025ff-7924-471b-bac8-a419692aabf9-00000018" - } + ] } \ No newline at end of file diff --git a/packages/oracle_weblogic/data_stream/managed_server/_dev/test/pipeline/test-managed-server.log-expected.json b/packages/oracle_weblogic/data_stream/managed_server/_dev/test/pipeline/test-managed-server.log-expected.json index fc52a8bfda72..46ed1586bd7a 100644 --- a/packages/oracle_weblogic/data_stream/managed_server/_dev/test/pipeline/test-managed-server.log-expected.json +++ b/packages/oracle_weblogic/data_stream/managed_server/_dev/test/pipeline/test-managed-server.log-expected.json @@ -3,17 +3,19 @@ { "@timestamp": "2022-03-24T10:29:56.637Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "iam" ], - "ingested": "2023-10-13T11:27:51.947553720Z", + "ingested": "2024-06-17T12:35:32.025101260Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <5565e043d1b0> <> <> <> <> <1648117796637> <[severity-value: 64] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "Info" @@ -36,17 +38,19 @@ { "@timestamp": "2022-03-24T10:30:01.642Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "iam" ], - "ingested": "2023-10-13T11:27:51.947561970Z", + "ingested": "2024-06-17T12:35:32.025111722Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <5565e043d1b0> <> <> <> <> <1648117801642> <[severity-value: 64] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "Info" @@ -69,17 +73,19 @@ { "@timestamp": "2022-03-24T10:30:06.843Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "iam" ], - "ingested": "2023-10-13T11:27:51.947563179Z", + "ingested": "2024-06-17T12:35:32.025119713Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <5565e043d1b0> <> <> <> <> <1648117806843> <[severity-value: 64] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "Info" @@ -102,17 +108,19 @@ { "@timestamp": "2022-03-24T10:30:07.114Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "iam" ], - "ingested": "2023-10-13T11:27:51.947564012Z", + "ingested": "2024-06-17T12:35:32.025120829Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <5565e043d1b0> <> <> <> <> <1648117807114> <[severity-value: 32] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "Notice" @@ -135,17 +143,19 @@ { "@timestamp": "2022-03-24T10:30:07.151Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "iam" ], - "ingested": "2023-10-13T11:27:51.947564929Z", + "ingested": "2024-06-17T12:35:32.025121822Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <5565e043d1b0> <> <> <> <> <1648117807151> <[severity-value: 64] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "Info" @@ -168,17 +178,19 @@ { "@timestamp": "2022-03-24T10:30:07.183Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "iam" ], - "ingested": "2023-10-13T11:27:51.947565720Z", + "ingested": "2024-06-17T12:35:32.025122813Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <5565e043d1b0> <> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1648117807183> <[severity-value: 64] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "Info" @@ -201,17 +213,19 @@ { "@timestamp": "2022-03-24T10:30:07.206Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "iam" ], - "ingested": "2023-10-13T11:27:51.947566554Z", + "ingested": "2024-06-17T12:35:32.025123795Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <5565e043d1b0> <> <> <> <> <1648117807206> <[severity-value: 64] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "Info" @@ -234,17 +248,19 @@ { "@timestamp": "2022-03-24T10:30:07.234Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "iam" ], - "ingested": "2023-10-13T11:27:51.947567304Z", + "ingested": "2024-06-17T12:35:32.025124789Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <5565e043d1b0> <> <> <> <> <1648117807234> <[severity-value: 64] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "Info" @@ -267,17 +283,19 @@ { "@timestamp": "2022-03-24T10:30:07.237Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ - "log" + "iam" ], - "ingested": "2023-10-13T11:27:51.947568137Z", + "ingested": "2024-06-17T12:35:32.025125858Z", "kind": "event", "module": "oracle_weblogic", "original": "#### <5565e043d1b0> <> <> <> <> <1648117807237> <[severity-value: 64] [partition-id: 0] [partition-name: DOMAIN] > ", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "Info" diff --git a/packages/oracle_weblogic/data_stream/managed_server/elasticsearch/ingest_pipeline/default.yml b/packages/oracle_weblogic/data_stream/managed_server/elasticsearch/ingest_pipeline/default.yml index 1dd9fe83ab6d..b887e866b884 100644 --- a/packages/oracle_weblogic/data_stream/managed_server/elasticsearch/ingest_pipeline/default.yml +++ b/packages/oracle_weblogic/data_stream/managed_server/elasticsearch/ingest_pipeline/default.yml @@ -8,7 +8,7 @@ processors: ignore_failure: true - set: field: ecs.version - value: 8.5.1 + value: 8.11.0 ignore_empty_value: true ignore_failure: true - set: @@ -23,13 +23,12 @@ processors: ignore_failure: true - set: field: event.type - value: info + value: ["info"] ignore_empty_value: true ignore_failure: true - append: field: event.category - value: - - log + value: ["iam"] ignore_failure: true - rename: field: message diff --git a/packages/oracle_weblogic/data_stream/managed_server/fields/base-fields.yml b/packages/oracle_weblogic/data_stream/managed_server/fields/base-fields.yml index 1521a0239e8a..e36d466bdd13 100644 --- a/packages/oracle_weblogic/data_stream/managed_server/fields/base-fields.yml +++ b/packages/oracle_weblogic/data_stream/managed_server/fields/base-fields.yml @@ -7,8 +7,6 @@ - name: data_stream.type type: constant_keyword description: Data stream type. -- name: message - external: ecs - name: '@timestamp' type: date description: Event timestamp. diff --git a/packages/oracle_weblogic/data_stream/managed_server/fields/ecs.yml b/packages/oracle_weblogic/data_stream/managed_server/fields/ecs.yml deleted file mode 100644 index 40e7af826db4..000000000000 --- a/packages/oracle_weblogic/data_stream/managed_server/fields/ecs.yml +++ /dev/null @@ -1,14 +0,0 @@ -- external: ecs - name: ecs.version -- external: ecs - name: host.ip -- external: ecs - name: log.file.path -- external: ecs - name: log.level -- external: ecs - name: tags -- external: ecs - name: transaction.id -- external: ecs - name: user.id diff --git a/packages/oracle_weblogic/data_stream/managed_server/sample_event.json b/packages/oracle_weblogic/data_stream/managed_server/sample_event.json index 58d404ef4b33..9402209aad27 100644 --- a/packages/oracle_weblogic/data_stream/managed_server/sample_event.json +++ b/packages/oracle_weblogic/data_stream/managed_server/sample_event.json @@ -1,11 +1,11 @@ { - "@timestamp": "2022-03-24T10:29:56.637Z", + "@timestamp": "2024-06-18T07:08:39.933Z", "agent": { - "ephemeral_id": "fc2f1df6-97a1-42bf-9f6b-904a765041e3", - "id": "e27eb192-b14d-4af1-8861-fd7cbadb3643", + "ephemeral_id": "8852cf23-5f53-4fcc-aed6-75d584b4e479", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.1.0" + "version": "8.13.0" }, "data_stream": { "dataset": "oracle_weblogic.managed_server", @@ -13,44 +13,46 @@ "type": "logs" }, "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "elastic_agent": { - "id": "e27eb192-b14d-4af1-8861-fd7cbadb3643", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.1.0" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", "category": [ - "log" + "iam" ], "dataset": "oracle_weblogic.managed_server", - "ingested": "2022-05-09T11:59:45Z", + "ingested": "2024-06-18T07:09:56Z", "kind": "event", "module": "oracle_weblogic", - "original": "####\u003cMar 24, 2022 10:29:56,637 AM GMT\u003e \u003cInfo\u003e \u003cManagement\u003e \u003c5565e043d1b0\u003e \u003c\u003e \u003cThread-12\u003e \u003c\u003e \u003c\u003e \u003c\u003e \u003c1648117796637\u003e \u003c[severity-value: 64] [partition-id: 0] [partition-name: DOMAIN] \u003e \u003cBEA-141307\u003e \u003cUnable to connect to the Administration Server. Waiting 5 second(s) to retry (attempt number 2 of 3).\u003e ", - "type": "info" + "type": [ + "info" + ] }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", + "id": "8259e024976a406e8a54cdbffeb84fec", "ip": [ - "172.21.0.7" + "192.168.245.7" ], "mac": [ - "02:42:ac:15:00:07" + "02-42-C0-A8-F5-07" ], "name": "docker-fleet-agent", "os": { "codename": "focal", "family": "debian", - "kernel": "3.10.0-1160.59.1.el7.x86_64", + "kernel": "3.10.0-1160.102.1.el7.x86_64", "name": "Ubuntu", "platform": "ubuntu", "type": "linux", - "version": "20.04.3 LTS (Focal Fossa)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "input": { @@ -58,20 +60,20 @@ }, "log": { "file": { - "path": "/tmp/service_logs/oracle-weblogic-managedserver.log" + "path": "/tmp/service_logs/managedserver/managed-server1.log" }, "level": "Info", "offset": 0 }, - "message": "Unable to connect to the Administration Server. Waiting 5 second(s) to retry (attempt number 2 of 3).", + "message": "Disabling the CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true.", "oracle_weblogic": { "managed_server": { - "diagnostic_context_id": "1648117796637", - "machine_name": "5565e043d1b0", - "message_id": "BEA-141307", + "diagnostic_context_id": "1718694519933", + "machine_name": "a22d5129529e", + "message_id": "BEA-090905", "meta": "[severity-value: 64] [partition-id: 0] [partition-name: DOMAIN] ", - "subsystem": "Management", - "thread_id": "Thread-12" + "subsystem": "Security", + "thread_id": "main" } }, "tags": [ diff --git a/packages/oracle_weblogic/data_stream/threadpool/elasticsearch/ingest_pipeline/default.yml b/packages/oracle_weblogic/data_stream/threadpool/elasticsearch/ingest_pipeline/default.yml index 25724e88665c..7653a2717f88 100644 --- a/packages/oracle_weblogic/data_stream/threadpool/elasticsearch/ingest_pipeline/default.yml +++ b/packages/oracle_weblogic/data_stream/threadpool/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Oracle WebLogic ThreadPool metrics. processors: - set: field: ecs.version - value: "8.5.1" + value: "8.11.0" ignore_failure: true - rename: field: message diff --git a/packages/oracle_weblogic/data_stream/threadpool/fields/ecs.yml b/packages/oracle_weblogic/data_stream/threadpool/fields/ecs.yml index ffe6c5710530..4c46290bbed8 100644 --- a/packages/oracle_weblogic/data_stream/threadpool/fields/ecs.yml +++ b/packages/oracle_weblogic/data_stream/threadpool/fields/ecs.yml @@ -19,33 +19,9 @@ - external: ecs name: container.id dimension: true -- external: ecs - name: ecs.version -- external: ecs - name: error.message -- external: ecs - name: event.category -- external: ecs - name: event.created -- external: ecs - name: event.dataset -- external: ecs - name: event.kind -- external: ecs - name: event.module -- external: ecs - name: event.outcome -- external: ecs - name: event.type -- external: ecs - name: host.ip - external: ecs name: host.name dimension: true - external: ecs name: service.address dimension: true -- external: ecs - name: service.type -- external: ecs - name: tags diff --git a/packages/oracle_weblogic/data_stream/threadpool/sample_event.json b/packages/oracle_weblogic/data_stream/threadpool/sample_event.json index 78da57aabb36..7d45c4c1b57d 100644 --- a/packages/oracle_weblogic/data_stream/threadpool/sample_event.json +++ b/packages/oracle_weblogic/data_stream/threadpool/sample_event.json @@ -1,11 +1,11 @@ { - "@timestamp": "2023-08-23T11:54:38.053Z", + "@timestamp": "2024-06-18T07:12:00.351Z", "agent": { - "ephemeral_id": "4a2754ea-5dba-4b59-8d77-c0f70bfccae3", - "id": "89fbf5a1-dedd-4f8f-a1ee-97a7e3ec1ed2", + "ephemeral_id": "837f7bab-f401-4069-a15b-31ad7f230beb", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "8.4.0" + "version": "8.13.0" }, "data_stream": { "dataset": "oracle_weblogic.threadpool", @@ -13,12 +13,12 @@ "type": "metrics" }, "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "elastic_agent": { - "id": "89fbf5a1-dedd-4f8f-a1ee-97a7e3ec1ed2", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.4.0" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", @@ -26,8 +26,8 @@ "web" ], "dataset": "oracle_weblogic.threadpool", - "duration": 55017871, - "ingested": "2023-08-23T11:54:39Z", + "duration": 448877395, + "ingested": "2024-06-18T07:12:12Z", "kind": "metric", "module": "oracle_weblogic", "type": [ @@ -38,18 +38,18 @@ "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", - "id": "e8978f2086c14e13b7a0af9ed0011d19", + "id": "8259e024976a406e8a54cdbffeb84fec", "ip": [ - "172.29.0.9" + "192.168.245.7" ], "mac": [ - "02-42-AC-1D-00-09" + "02-42-C0-A8-F5-07" ], "name": "docker-fleet-agent", "os": { "codename": "focal", "family": "debian", - "kernel": "3.10.0-1160.90.1.el7.x86_64", + "kernel": "3.10.0-1160.102.1.el7.x86_64", "name": "Ubuntu", "platform": "ubuntu", "type": "linux", @@ -62,36 +62,15 @@ }, "oracle_weblogic": { "threadpool": { - "mbean": "com.bea:ServerRuntime=admin-server,Name=ThreadPoolRuntime,Type=ThreadPoolRuntime", - "queue": { - "length": 0 - }, - "requests": { - "completed": 1466, - "overload": { - "rejected": 0 - }, - "pending": 0 - }, + "mbean": "java.lang:type=Threading", "threads": { - "execute": { - "idle": 1, - "total": 15 - }, - "hogging": 0, - "standby": 14, - "stuck": 0 - }, - "throughput": 91.5, - "work_manager": { - "capacity": { - "shared": 65536 - } + "daemon": 39, + "total": 42 } } }, "service": { - "address": "http://elastic-package-service_wlsadmin_1:8005/jolokia", + "address": "http://elastic-package-service-wlsadmin-1:8005/jolokia", "type": "jolokia" }, "tags": [ diff --git a/packages/oracle_weblogic/docs/README.md b/packages/oracle_weblogic/docs/README.md index 014612aa308e..b7667891b365 100644 --- a/packages/oracle_weblogic/docs/README.md +++ b/packages/oracle_weblogic/docs/README.md @@ -49,13 +49,13 @@ An example event for `access` looks as following: ```json { - "@timestamp": "2022-03-26T18:10:04.000Z", + "@timestamp": "2024-06-18T06:57:37.000Z", "agent": { - "ephemeral_id": "803b783e-44fb-41f8-ba17-08c31c34aae8", - "id": "d17bdd23-2a9d-4013-abe7-0652f306d69d", + "ephemeral_id": "98e5ffe5-df03-43bc-bb8e-bfb3de694ee6", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.1.0" + "version": "8.13.0" }, "data_stream": { "dataset": "oracle_weblogic.access", @@ -63,53 +63,55 @@ An example event for `access` looks as following: "type": "logs" }, "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "elastic_agent": { - "id": "d17bdd23-2a9d-4013-abe7-0652f306d69d", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.1.0" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", "category": [ - "log" + "network" ], "dataset": "oracle_weblogic.access", - "ingested": "2022-04-25T06:53:32Z", + "ingested": "2024-06-18T06:58:44Z", "kind": "event", "module": "oracle_weblogic", - "original": "172.17.32.1 - - [26/Mar/2022:23:40:04 +0530] \"GET /medrec/start.xhtml HTTP/1.1\" 200 8876 ", - "type": "access" + "type": [ + "access" + ] }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", + "id": "8259e024976a406e8a54cdbffeb84fec", "ip": [ - "172.17.32.1" + "127.0.0.1" ], "mac": [ - "02:42:ac:12:00:07" + "02-42-C0-A8-F5-07" ], "name": "docker-fleet-agent", "os": { "codename": "focal", "family": "debian", - "kernel": "5.4.0-107-generic", + "kernel": "3.10.0-1160.102.1.el7.x86_64", "name": "Ubuntu", "platform": "ubuntu", "type": "linux", - "version": "20.04.3 LTS (Focal Fossa)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "http": { "request": { "method": "GET", - "referrer": "/medrec/start.xhtml" + "referrer": "/sample/index.jsp" }, "response": { - "bytes": 8876, + "bytes": 750, "status_code": 200 }, "version": "1.1" @@ -119,14 +121,14 @@ An example event for `access` looks as following: }, "log": { "file": { - "path": "/tmp/service_logs/oracle-weblogic-access.log" + "path": "/tmp/service_logs/adminserver/logs/access.log" }, "offset": 0 }, "oracle_weblogic": { "access": { "authuser": "-", - "host_address": "172.17.32.1" + "host_address": "127.0.0.1" } }, "tags": [ @@ -135,6 +137,10 @@ An example event for `access` looks as following: } ``` +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | @@ -143,20 +149,11 @@ An example event for `access` looks as following: | data_stream.dataset | Data stream dataset. | constant_keyword | | data_stream.namespace | Data stream namespace. | constant_keyword | | data_stream.type | Data stream type. | constant_keyword | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | -| host.ip | Host ip addresses. | ip | -| http.request.method | HTTP request method. The value should retain its casing from the original event. For example, `GET`, `get`, and `GeT` are all considered valid values for this field. | keyword | -| http.request.referrer | Referrer for this HTTP request. | keyword | -| http.response.bytes | Total size in bytes of the response (body and headers). | long | -| http.response.status_code | HTTP response status code. | long | -| http.version | HTTP version. | keyword | | input.type | Input type. | keyword | -| log.file.path | Full path to the log file this event came from, including the file name. It should include the drive letter, when appropriate. If the event wasn't read from a log file, do not populate this field. | keyword | | log.flags | Flags for the log file. | keyword | | log.offset | Log offset. | long | | oracle_weblogic.access.authuser | The User identity allowing them access to an online service, connected device, or other resource. | keyword | | oracle_weblogic.access.host_address | The physical address of a computer in a network. | keyword | -| tags | List of keywords used to tag each event. | keyword | ### Admin Server logs @@ -167,13 +164,13 @@ An example event for `admin_server` looks as following: ```json { - "@timestamp": "2022-03-24T10:29:51.865Z", + "@timestamp": "2024-06-18T06:59:47.388Z", "agent": { - "ephemeral_id": "1e785926-cb16-442e-9599-91e10ef5228d", - "id": "2c65d5b2-0806-4fb1-96c2-b9852c73afd0", + "ephemeral_id": "eb27a024-3ff2-4d79-a4c1-86ffd80db450", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.1.0" + "version": "8.13.0" }, "data_stream": { "dataset": "oracle_weblogic.admin_server", @@ -181,44 +178,46 @@ An example event for `admin_server` looks as following: "type": "logs" }, "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "elastic_agent": { - "id": "2c65d5b2-0806-4fb1-96c2-b9852c73afd0", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.1.0" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", "category": [ - "log" + "iam" ], "dataset": "oracle_weblogic.admin_server", - "ingested": "2022-05-09T11:20:10Z", + "ingested": "2024-06-18T07:01:48Z", "kind": "event", "module": "oracle_weblogic", - "original": "####\u003cMar 24, 2022 10:29:51,865 AM GMT\u003e \u003cInfo\u003e \u003cServer\u003e \u003cwlsadmin\u003e \u003c\u003e \u003cThread-11\u003e \u003c\u003e \u003c\u003e \u003c\u003e \u003c1648117791865\u003e \u003c[severity-value: 64] [partition-id: 0] [partition-name: DOMAIN] \u003e \u003cBEA-002622\u003e \u003cThe protocol \"admin\" is now configured.\u003e ", - "type": "admin" + "type": [ + "admin" + ] }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", + "id": "8259e024976a406e8a54cdbffeb84fec", "ip": [ - "172.19.0.6" + "192.168.245.7" ], "mac": [ - "02:42:ac:13:00:06" + "02-42-C0-A8-F5-07" ], "name": "docker-fleet-agent", "os": { "codename": "focal", "family": "debian", - "kernel": "3.10.0-1160.59.1.el7.x86_64", + "kernel": "3.10.0-1160.102.1.el7.x86_64", "name": "Ubuntu", "platform": "ubuntu", "type": "linux", - "version": "20.04.3 LTS (Focal Fossa)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "input": { @@ -226,20 +225,20 @@ An example event for `admin_server` looks as following: }, "log": { "file": { - "path": "/tmp/service_logs/oracle-weblogic-adminserver.log" + "path": "/tmp/service_logs/adminserver/logs/admin-server.log" }, "level": "Info", "offset": 0 }, - "message": "The protocol \"admin\" is now configured.", + "message": "Disabling the CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true.", "oracle_weblogic": { "admin_server": { - "diagnostic_context_id": "1648117791865", + "diagnostic_context_id": "1718693987388", "machine_name": "wlsadmin", - "message_id": "BEA-002622", + "message_id": "BEA-090905", "meta": "[severity-value: 64] [partition-id: 0] [partition-name: DOMAIN] ", - "subsystem": "Server", - "thread_id": "Thread-11" + "subsystem": "Security", + "thread_id": "main" } }, "tags": [ @@ -248,6 +247,10 @@ An example event for `admin_server` looks as following: } ``` +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | @@ -256,14 +259,9 @@ An example event for `admin_server` looks as following: | data_stream.dataset | Data stream dataset. | constant_keyword | | data_stream.namespace | Data stream namespace. | constant_keyword | | data_stream.type | Data stream type. | constant_keyword | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | -| host.ip | Host ip addresses. | ip | | input.type | Input type. | keyword | -| log.file.path | Full path to the log file this event came from, including the file name. It should include the drive letter, when appropriate. If the event wasn't read from a log file, do not populate this field. | keyword | | log.flags | Flags for the log file. | keyword | -| log.level | Original log level of the log event. If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). Some examples are `warn`, `err`, `i`, `informational`. | keyword | | log.offset | Log offset. | long | -| message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | oracle_weblogic.admin_server.diagnostic_context_id | Context information to correlate messages coming from a specific request or application. | keyword | | oracle_weblogic.admin_server.machine_name | Machine Name is the DNS name of the computer that hosts the server instance. | keyword | | oracle_weblogic.admin_server.message_id | A unique identifier for the message. | keyword | @@ -271,9 +269,6 @@ An example event for `admin_server` looks as following: | oracle_weblogic.admin_server.server_name | Server Name is the name of the WebLogic Server instance on which the message was generated. | keyword | | oracle_weblogic.admin_server.subsystem | Indicates the subsystem of WebLogic Server that was the source of the message; for example, Enterprise Java Bean (EJB) container or Java Messaging Service (JMS). | keyword | | oracle_weblogic.admin_server.thread_id | Thread ID is the ID that the JVM assigns to the thread in which the message originated. | keyword | -| tags | List of keywords used to tag each event. | keyword | -| transaction.id | Unique identifier of the transaction within the scope of its trace. A transaction is the highest level of work measured within a service, such as a request to a server. | keyword | -| user.id | Unique identifier of the user. | keyword | ### Domain logs @@ -284,13 +279,13 @@ An example event for `domain` looks as following: ```json { - "@timestamp": "2022-03-24T10:30:27.263Z", + "@timestamp": "2024-06-18T07:04:50.877Z", "agent": { - "ephemeral_id": "98841608-fe35-4844-b829-880c24a1cef7", - "id": "2f35c5e6-c16d-4b67-a955-b81668aca1aa", + "ephemeral_id": "8593b7b5-07f0-4ec3-bdc4-06ff40098f2e", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.1.0" + "version": "8.13.0" }, "data_stream": { "dataset": "oracle_weblogic.domain", @@ -298,44 +293,46 @@ An example event for `domain` looks as following: "type": "logs" }, "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "elastic_agent": { - "id": "2f35c5e6-c16d-4b67-a955-b81668aca1aa", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.1.0" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", "category": [ - "log" + "network" ], "dataset": "oracle_weblogic.domain", - "ingested": "2022-05-09T12:29:51Z", + "ingested": "2024-06-18T07:07:06Z", "kind": "event", "module": "oracle_weblogic", - "original": "####\u003cMar 24, 2022 10:30:27,263 AM GMT\u003e \u003cWarning\u003e \u003cSocket\u003e \u003cwlsadmin\u003e \u003cAdminServer\u003e \u003c[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'\u003e \u003c\u003cWLS Kernel\u003e\u003e \u003c\u003e \u003c38f025ff-7924-471b-bac8-a419692aabf9-00000018\u003e \u003c1648117827263\u003e \u003c[severity-value: 16] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] \u003e \u003cBEA-000449\u003e \u003cClosing the socket, as no data read from it on 172.18.0.1:41,972 during the configured idle timeout of 5 seconds.\u003e ", - "type": "info" + "type": [ + "info" + ] }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", + "id": "8259e024976a406e8a54cdbffeb84fec", "ip": [ - "172.25.0.7" + "192.168.245.7" ], "mac": [ - "02:42:ac:19:00:07" + "02-42-C0-A8-F5-07" ], "name": "docker-fleet-agent", "os": { "codename": "focal", "family": "debian", - "kernel": "3.10.0-1160.59.1.el7.x86_64", + "kernel": "3.10.0-1160.102.1.el7.x86_64", "name": "Ubuntu", "platform": "ubuntu", "type": "linux", - "version": "20.04.3 LTS (Focal Fossa)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "input": { @@ -343,32 +340,33 @@ An example event for `domain` looks as following: }, "log": { "file": { - "path": "/tmp/service_logs/oracle-weblogic-domain.log" + "path": "/tmp/service_logs/adminserver/domain1.log" }, - "level": "Warning", - "offset": 2823 + "level": "Notice", + "offset": 0 }, - "message": "Closing the socket, as no data read from it on 172.18.0.1:41,972 during the configured idle timeout of 5 seconds.", + "message": "Security pre-initializing using security realm: myrealm", "oracle_weblogic": { "domain": { - "diagnostic_context_id": "1648117827263", + "diagnostic_context_id": "1718694290877", "machine_name": "wlsadmin", - "message_id": "BEA-000449", - "meta": "[severity-value: 16] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] ", - "server_name": "AdminServer", - "subsystem": "Socket", - "thread_id": "[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'" + "message_id": "BEA-090946", + "meta": "[severity-value: 32] [partition-id: 0] [partition-name: DOMAIN] ", + "server_name": "admin-server", + "subsystem": "Security", + "thread_id": "[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'" } }, "tags": [ "oracle_weblogic-domain" - ], - "transaction": { - "id": "38f025ff-7924-471b-bac8-a419692aabf9-00000018" - } + ] } ``` +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | @@ -377,14 +375,9 @@ An example event for `domain` looks as following: | data_stream.dataset | Data stream dataset. | constant_keyword | | data_stream.namespace | Data stream namespace. | constant_keyword | | data_stream.type | Data stream type. | constant_keyword | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | -| host.ip | Host ip addresses. | ip | | input.type | Input type. | keyword | -| log.file.path | Full path to the log file this event came from, including the file name. It should include the drive letter, when appropriate. If the event wasn't read from a log file, do not populate this field. | keyword | | log.flags | Flags for the log file. | keyword | -| log.level | Original log level of the log event. If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). Some examples are `warn`, `err`, `i`, `informational`. | keyword | | log.offset | Log offset. | long | -| message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | oracle_weblogic.domain.diagnostic_context_id | Context information to correlate messages coming from a specific request or application. | keyword | | oracle_weblogic.domain.machine_name | Machine Name is the DNS name of the computer that hosts the server instance. | keyword | | oracle_weblogic.domain.message_id | A unique identifier for the message. | keyword | @@ -392,9 +385,6 @@ An example event for `domain` looks as following: | oracle_weblogic.domain.server_name | Server Name is the name of the WebLogic Server instance on which the message was generated. | keyword | | oracle_weblogic.domain.subsystem | Indicates the subsystem of WebLogic Server that was the source of the message; for example, Enterprise Java Bean (EJB) container or Java Messaging Service (JMS). | keyword | | oracle_weblogic.domain.thread_id | Thread ID is the ID that the JVM assigns to the thread in which the message originated. | keyword | -| tags | List of keywords used to tag each event. | keyword | -| transaction.id | Unique identifier of the transaction within the scope of its trace. A transaction is the highest level of work measured within a service, such as a request to a server. | keyword | -| user.id | Unique identifier of the user. | keyword | ### Managed Server Logs @@ -405,13 +395,13 @@ An example event for `managed_server` looks as following: ```json { - "@timestamp": "2022-03-24T10:29:56.637Z", + "@timestamp": "2024-06-18T07:08:39.933Z", "agent": { - "ephemeral_id": "fc2f1df6-97a1-42bf-9f6b-904a765041e3", - "id": "e27eb192-b14d-4af1-8861-fd7cbadb3643", + "ephemeral_id": "8852cf23-5f53-4fcc-aed6-75d584b4e479", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.1.0" + "version": "8.13.0" }, "data_stream": { "dataset": "oracle_weblogic.managed_server", @@ -419,44 +409,46 @@ An example event for `managed_server` looks as following: "type": "logs" }, "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "elastic_agent": { - "id": "e27eb192-b14d-4af1-8861-fd7cbadb3643", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.1.0" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", "category": [ - "log" + "iam" ], "dataset": "oracle_weblogic.managed_server", - "ingested": "2022-05-09T11:59:45Z", + "ingested": "2024-06-18T07:09:56Z", "kind": "event", "module": "oracle_weblogic", - "original": "####\u003cMar 24, 2022 10:29:56,637 AM GMT\u003e \u003cInfo\u003e \u003cManagement\u003e \u003c5565e043d1b0\u003e \u003c\u003e \u003cThread-12\u003e \u003c\u003e \u003c\u003e \u003c\u003e \u003c1648117796637\u003e \u003c[severity-value: 64] [partition-id: 0] [partition-name: DOMAIN] \u003e \u003cBEA-141307\u003e \u003cUnable to connect to the Administration Server. Waiting 5 second(s) to retry (attempt number 2 of 3).\u003e ", - "type": "info" + "type": [ + "info" + ] }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", + "id": "8259e024976a406e8a54cdbffeb84fec", "ip": [ - "172.21.0.7" + "192.168.245.7" ], "mac": [ - "02:42:ac:15:00:07" + "02-42-C0-A8-F5-07" ], "name": "docker-fleet-agent", "os": { "codename": "focal", "family": "debian", - "kernel": "3.10.0-1160.59.1.el7.x86_64", + "kernel": "3.10.0-1160.102.1.el7.x86_64", "name": "Ubuntu", "platform": "ubuntu", "type": "linux", - "version": "20.04.3 LTS (Focal Fossa)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "input": { @@ -464,20 +456,20 @@ An example event for `managed_server` looks as following: }, "log": { "file": { - "path": "/tmp/service_logs/oracle-weblogic-managedserver.log" + "path": "/tmp/service_logs/managedserver/managed-server1.log" }, "level": "Info", "offset": 0 }, - "message": "Unable to connect to the Administration Server. Waiting 5 second(s) to retry (attempt number 2 of 3).", + "message": "Disabling the CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true.", "oracle_weblogic": { "managed_server": { - "diagnostic_context_id": "1648117796637", - "machine_name": "5565e043d1b0", - "message_id": "BEA-141307", + "diagnostic_context_id": "1718694519933", + "machine_name": "a22d5129529e", + "message_id": "BEA-090905", "meta": "[severity-value: 64] [partition-id: 0] [partition-name: DOMAIN] ", - "subsystem": "Management", - "thread_id": "Thread-12" + "subsystem": "Security", + "thread_id": "main" } }, "tags": [ @@ -486,6 +478,10 @@ An example event for `managed_server` looks as following: } ``` +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | @@ -494,14 +490,9 @@ An example event for `managed_server` looks as following: | data_stream.dataset | Data stream dataset. | constant_keyword | | data_stream.namespace | Data stream namespace. | constant_keyword | | data_stream.type | Data stream type. | constant_keyword | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | -| host.ip | Host ip addresses. | ip | | input.type | Input type. | keyword | -| log.file.path | Full path to the log file this event came from, including the file name. It should include the drive letter, when appropriate. If the event wasn't read from a log file, do not populate this field. | keyword | | log.flags | Flags for the log file. | keyword | -| log.level | Original log level of the log event. If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). Some examples are `warn`, `err`, `i`, `informational`. | keyword | | log.offset | Log offset. | long | -| message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | oracle_weblogic.managed_server.diagnostic_context_id | Context information to correlate messages coming from a specific request or application. | keyword | | oracle_weblogic.managed_server.machine_name | Machine Name is the DNS name of the computer that hosts the server instance. | keyword | | oracle_weblogic.managed_server.message_id | A unique identifier for the message. | keyword | @@ -509,9 +500,6 @@ An example event for `managed_server` looks as following: | oracle_weblogic.managed_server.server_name | Server Name is the name of the WebLogic Server instance on which the message was generated. | keyword | | oracle_weblogic.managed_server.subsystem | Indicates the subsystem of WebLogic Server that was the source of the message; for example, Enterprise Java Bean (EJB) container or Java Messaging Service (JMS). | keyword | | oracle_weblogic.managed_server.thread_id | Thread ID is the ID that the JVM assigns to the thread in which the message originated. | keyword | -| tags | List of keywords used to tag each event. | keyword | -| transaction.id | Unique identifier of the transaction within the scope of its trace. A transaction is the highest level of work measured within a service, such as a request to a server. | keyword | -| user.id | Unique identifier of the user. | keyword | ## Metrics @@ -524,13 +512,13 @@ An example event for `deployed_application` looks as following: ```json { - "@timestamp": "2022-06-01T06:06:16.679Z", + "@timestamp": "2024-06-18T07:03:43.008Z", "agent": { - "ephemeral_id": "9b5302d4-4654-485a-8708-b8c971d7ebd6", - "id": "f5ae4eeb-820b-4f24-a94a-df327091d185", + "ephemeral_id": "dc9d4e03-d8bf-428d-b21a-630a38824bcc", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "8.1.0" + "version": "8.13.0" }, "data_stream": { "dataset": "oracle_weblogic.deployed_application", @@ -538,12 +526,12 @@ An example event for `deployed_application` looks as following: "type": "metrics" }, "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "elastic_agent": { - "id": "f5ae4eeb-820b-4f24-a94a-df327091d185", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.1.0" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", @@ -551,8 +539,8 @@ An example event for `deployed_application` looks as following: "web" ], "dataset": "oracle_weblogic.deployed_application", - "duration": 27026922, - "ingested": "2022-06-01T06:06:20Z", + "duration": 1954627464, + "ingested": "2024-06-18T07:03:54Z", "kind": "metric", "module": "oracle_weblogic", "type": [ @@ -563,21 +551,22 @@ An example event for `deployed_application` looks as following: "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", + "id": "8259e024976a406e8a54cdbffeb84fec", "ip": [ - "172.31.0.7" + "192.168.245.7" ], "mac": [ - "02:42:ac:1f:00:07" + "02-42-C0-A8-F5-07" ], "name": "docker-fleet-agent", "os": { "codename": "focal", "family": "debian", - "kernel": "3.10.0-1160.59.1.el7.x86_64", + "kernel": "3.10.0-1160.102.1.el7.x86_64", "name": "Ubuntu", "platform": "ubuntu", "type": "linux", - "version": "20.04.3 LTS (Focal Fossa)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "metricset": { @@ -601,12 +590,12 @@ An example event for `deployed_application` looks as following: } }, "single_threaded_servlet_pool_size": 5, - "source_info": "weblogic.war", + "source_info": "bea_wls_deployment_internal.war", "status": "DEPLOYED" } }, "service": { - "address": "http://elastic-package-service_wlsadmin_1:8005/jolokia", + "address": "http://elastic-package-service-wlsadmin-1:8005/jolokia", "type": "jolokia" }, "tags": [ @@ -615,6 +604,10 @@ An example event for `deployed_application` looks as following: } ``` +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | Metric Type | @@ -630,17 +623,7 @@ An example event for `deployed_application` looks as following: | data_stream.dataset | Data stream dataset. | constant_keyword | | | data_stream.namespace | Data stream namespace. | constant_keyword | | | data_stream.type | Data stream type. | constant_keyword | | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | -| error.message | Error message. | match_only_text | | -| event.category | This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. `event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories. | keyword | | -| event.created | event.created contains the date/time when the event was first read by an agent, or by your pipeline. This field is distinct from @timestamp in that @timestamp typically contain the time extracted from the original event. In most situations, these two timestamps will be slightly different. The difference can be used to calculate the delay between your source generating an event, and the time when your agent first processed it. This can be used to monitor your agent's or pipeline's ability to keep up with your event source. In case the two timestamps are identical, @timestamp should be used. | date | | -| event.dataset | Name of the dataset. If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. | keyword | | -| event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword | | -| event.module | Name of the module this data is coming from. If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. | keyword | | -| event.outcome | This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. `event.outcome` simply denotes whether the event represents a success or a failure from the perspective of the entity that produced the event. Note that when a single transaction is described in multiple events, each event may populate different values of `event.outcome`, according to their perspective. Also note that in the case of a compound event (a single event that contains multiple logical events), this field should be populated with the value that best captures the overall success or failure from the perspective of the event producer. Further note that not all events will have an associated outcome. For example, this field is generally not populated for metric events, events with `event.type:info`, or any events for which an outcome does not make logical sense. | keyword | | -| event.type | This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. `event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. This field is an array. This will allow proper categorization of some events that fall in multiple event types. | keyword | | -| host.ip | Host ip addresses. | ip | | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | | oracle_weblogic.deployed_application.deployment.state.name | Current state of the deployment as an keyword. | keyword | | | oracle_weblogic.deployed_application.deployment.state.value | Current state of the deployment as an integer. | long | gauge | | oracle_weblogic.deployed_application.session_timeout | Session timeout in integer. | long | gauge | @@ -651,8 +634,6 @@ An example event for `deployed_application` looks as following: | oracle_weblogic.deployed_application.source_info | Source info of the deployment as a keyword. | keyword | | | oracle_weblogic.deployed_application.status | Status of the deployment. | keyword | | | service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | | -| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | -| tags | List of keywords used to tag each event. | keyword | | ### ThreadPool metrics @@ -663,13 +644,13 @@ An example event for `threadpool` looks as following: ```json { - "@timestamp": "2023-08-23T11:54:38.053Z", + "@timestamp": "2024-06-18T07:12:00.351Z", "agent": { - "ephemeral_id": "4a2754ea-5dba-4b59-8d77-c0f70bfccae3", - "id": "89fbf5a1-dedd-4f8f-a1ee-97a7e3ec1ed2", + "ephemeral_id": "837f7bab-f401-4069-a15b-31ad7f230beb", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "8.4.0" + "version": "8.13.0" }, "data_stream": { "dataset": "oracle_weblogic.threadpool", @@ -677,12 +658,12 @@ An example event for `threadpool` looks as following: "type": "metrics" }, "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "elastic_agent": { - "id": "89fbf5a1-dedd-4f8f-a1ee-97a7e3ec1ed2", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.4.0" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", @@ -690,8 +671,8 @@ An example event for `threadpool` looks as following: "web" ], "dataset": "oracle_weblogic.threadpool", - "duration": 55017871, - "ingested": "2023-08-23T11:54:39Z", + "duration": 448877395, + "ingested": "2024-06-18T07:12:12Z", "kind": "metric", "module": "oracle_weblogic", "type": [ @@ -702,18 +683,18 @@ An example event for `threadpool` looks as following: "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", - "id": "e8978f2086c14e13b7a0af9ed0011d19", + "id": "8259e024976a406e8a54cdbffeb84fec", "ip": [ - "172.29.0.9" + "192.168.245.7" ], "mac": [ - "02-42-AC-1D-00-09" + "02-42-C0-A8-F5-07" ], "name": "docker-fleet-agent", "os": { "codename": "focal", "family": "debian", - "kernel": "3.10.0-1160.90.1.el7.x86_64", + "kernel": "3.10.0-1160.102.1.el7.x86_64", "name": "Ubuntu", "platform": "ubuntu", "type": "linux", @@ -726,36 +707,15 @@ An example event for `threadpool` looks as following: }, "oracle_weblogic": { "threadpool": { - "mbean": "com.bea:ServerRuntime=admin-server,Name=ThreadPoolRuntime,Type=ThreadPoolRuntime", - "queue": { - "length": 0 - }, - "requests": { - "completed": 1466, - "overload": { - "rejected": 0 - }, - "pending": 0 - }, + "mbean": "java.lang:type=Threading", "threads": { - "execute": { - "idle": 1, - "total": 15 - }, - "hogging": 0, - "standby": 14, - "stuck": 0 - }, - "throughput": 91.5, - "work_manager": { - "capacity": { - "shared": 65536 - } + "daemon": 39, + "total": 42 } } }, "service": { - "address": "http://elastic-package-service_wlsadmin_1:8005/jolokia", + "address": "http://elastic-package-service-wlsadmin-1:8005/jolokia", "type": "jolokia" }, "tags": [ @@ -764,6 +724,10 @@ An example event for `threadpool` looks as following: } ``` +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | Metric Type | @@ -779,17 +743,7 @@ An example event for `threadpool` looks as following: | data_stream.dataset | Data stream dataset. | constant_keyword | | | data_stream.namespace | Data stream namespace. | constant_keyword | | | data_stream.type | Data stream type. | constant_keyword | | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | -| error.message | Error message. | match_only_text | | -| event.category | This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. `event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories. | keyword | | -| event.created | event.created contains the date/time when the event was first read by an agent, or by your pipeline. This field is distinct from @timestamp in that @timestamp typically contain the time extracted from the original event. In most situations, these two timestamps will be slightly different. The difference can be used to calculate the delay between your source generating an event, and the time when your agent first processed it. This can be used to monitor your agent's or pipeline's ability to keep up with your event source. In case the two timestamps are identical, @timestamp should be used. | date | | -| event.dataset | Name of the dataset. If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. | keyword | | -| event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword | | -| event.module | Name of the module this data is coming from. If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. | keyword | | -| event.outcome | This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. `event.outcome` simply denotes whether the event represents a success or a failure from the perspective of the entity that produced the event. Note that when a single transaction is described in multiple events, each event may populate different values of `event.outcome`, according to their perspective. Also note that in the case of a compound event (a single event that contains multiple logical events), this field should be populated with the value that best captures the overall success or failure from the perspective of the event producer. Further note that not all events will have an associated outcome. For example, this field is generally not populated for metric events, events with `event.type:info`, or any events for which an outcome does not make logical sense. | keyword | | -| event.type | This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. `event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. This field is an array. This will allow proper categorization of some events that fall in multiple event types. | keyword | | -| host.ip | Host ip addresses. | ip | | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | | oracle_weblogic.threadpool.mbean | The name of the jolokia mbean. | keyword | | | oracle_weblogic.threadpool.queue.length | The number of pending requests in the priority queue. This is the total of internal system requests and user requests. | long | gauge | | oracle_weblogic.threadpool.requests.completed | The number of completed requests in the priority queue. | long | counter | @@ -805,6 +759,4 @@ An example event for `threadpool` looks as following: | oracle_weblogic.threadpool.throughput | The mean number of requests completed per second. | double | gauge | | oracle_weblogic.threadpool.work_manager.capacity.shared | Maximum amount of requests that can be accepted in the priority queue. Note that a request with higher priority will be accepted in place of a lower priority request already in the queue even after the threshold is reached. The lower priority request is kept waiting in the queue till all high priority requests are executed. Also note that further enqueues of the low priority requests are rejected right away. | long | gauge | | service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | | -| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | -| tags | List of keywords used to tag each event. | keyword | | diff --git a/packages/oracle_weblogic/manifest.yml b/packages/oracle_weblogic/manifest.yml index 96e40fc46d6f..4fe5938a9729 100644 --- a/packages/oracle_weblogic/manifest.yml +++ b/packages/oracle_weblogic/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: oracle_weblogic title: Oracle WebLogic -version: "1.6.0" +version: "1.7.0" description: Collect logs and metrics from Oracle WebLogic with Elastic Agent. type: integration categories: @@ -9,7 +9,7 @@ categories: - observability conditions: kibana: - version: "^8.12.0" + version: "^8.13.0" elastic: subscription: basic screenshots: diff --git a/packages/prometheus/_dev/build/build.yml b/packages/prometheus/_dev/build/build.yml index 08d85edcf9a4..2bfcfc223b04 100755 --- a/packages/prometheus/_dev/build/build.yml +++ b/packages/prometheus/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@1.12 + reference: "git@v8.11.0" diff --git a/packages/prometheus/_dev/build/docs/README.md b/packages/prometheus/_dev/build/docs/README.md index 456d51e679e6..64cfe22fa97e 100644 --- a/packages/prometheus/_dev/build/docs/README.md +++ b/packages/prometheus/_dev/build/docs/README.md @@ -131,6 +131,10 @@ Metrics Filters Include: ["^node_network_net_dev_group$", "^node_network_up$"] The fields reported are: +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "collector"}} @@ -230,6 +234,10 @@ remote_write: The fields reported are: +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "remote_write"}} #### Histograms and types @@ -358,6 +366,10 @@ queries: The fields reported are: +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "query"}} ## Dashboard diff --git a/packages/prometheus/changelog.yml b/packages/prometheus/changelog.yml index 82fae8a7f983..99d2bb36271c 100644 --- a/packages/prometheus/changelog.yml +++ b/packages/prometheus/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.18.0" + changes: + - description: ECS version updated to 8.11.0. Update the kibana constraint to ^8.14.0. Modified the field definitions to remove ECS fields made redundant by the ecs@mappings component template. + type: enhancement + link: https://github.com/elastic/integrations/pull/10171 - version: "1.17.0" changes: - description: Remove labels fingerprint, leading to better TSDB performance and storage reduction. diff --git a/packages/prometheus/data_stream/collector/fields/agent.yml b/packages/prometheus/data_stream/collector/fields/agent.yml index 48add32f2ae7..e3021e2bae80 100644 --- a/packages/prometheus/data_stream/collector/fields/agent.yml +++ b/packages/prometheus/data_stream/collector/fields/agent.yml @@ -10,9 +10,7 @@ type: keyword dimension: true ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' + description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' example: 666777888999 - name: availability_zone level: extended @@ -28,17 +26,6 @@ ignore_above: 1024 description: Instance ID of the host machine. example: i-1234567890abcdef0 - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - name: provider level: extended type: keyword @@ -53,18 +40,13 @@ ignore_above: 1024 description: Region in which this host is running. example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - name: image.id type: keyword description: Image ID for the cloud instance. - name: container title: Container group: 2 - description: 'Container fields are used for meta information about the specific container that is the source of information. - - These fields help correlate data based containers from any runtime.' + description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id @@ -73,119 +55,18 @@ dimension: true ignore_above: 1024 description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 - description: 'A host is defined as a general computing instance. - - ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' + description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: 'Name of the domain of which the host is a member. - - For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - - name: id - level: core - type: keyword - ignore_above: 1024 - description: 'Unique host id. - - As hostname is not always unique, use values that are meaningful in your environment. - - Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - name: name level: core type: keyword dimension: true ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: 'Type of host. - - For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.' + description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: containerized type: boolean description: > diff --git a/packages/prometheus/data_stream/collector/fields/ecs.yml b/packages/prometheus/data_stream/collector/fields/ecs.yml index 00a5f46cd71f..17e169722544 100644 --- a/packages/prometheus/data_stream/collector/fields/ecs.yml +++ b/packages/prometheus/data_stream/collector/fields/ecs.yml @@ -1,12 +1,6 @@ -- external: ecs - name: ecs.version - external: ecs name: service.address dimension: true -- external: ecs - name: service.type - external: ecs name: agent.id dimension: true -- external: ecs - name: event.dataset diff --git a/packages/prometheus/data_stream/collector/sample_event.json b/packages/prometheus/data_stream/collector/sample_event.json index d462f01c0990..c0517b600eaf 100644 --- a/packages/prometheus/data_stream/collector/sample_event.json +++ b/packages/prometheus/data_stream/collector/sample_event.json @@ -1,43 +1,43 @@ { "@timestamp": "2022-09-21T13:53:53.737Z", - "ecs": { - "version": "8.0.0" - }, - "service": { - "address": "http://prometheus-server-server:80/metrics", - "type": "prometheus" - }, "data_stream": { + "dataset": "prometheus.collector", "namespace": "default", - "type": "metrics", - "dataset": "prometheus.collector" + "type": "metrics" + }, + "ecs": { + "version": "8.11.0" }, "elastic_agent": { "id": "68e3d23a-08cd-4477-924b-25f491194aba", - "version": "8.4.0", - "snapshot": true + "snapshot": true, + "version": "8.4.0" + }, + "event": { + "agent_id_status": "verified", + "dataset": "prometheus.collector", + "duration": 10509824, + "ingested": "2022-09-21T13:53:54Z", + "module": "prometheus" }, "host": {}, "metricset": { - "period": 10000, - "name": "collector" + "name": "collector", + "period": 10000 }, "prometheus": { - "prometheus_target_sync_length_seconds": { - "value": 0.000103602 - }, "labels": { - "scrape_job": "kubernetes-services", "instance": "prometheus-server-server:80", + "job": "prometheus", "quantile": "0.5", - "job": "prometheus" + "scrape_job": "kubernetes-services" + }, + "prometheus_target_sync_length_seconds": { + "value": 0.000103602 } }, - "event": { - "duration": 10509824, - "agent_id_status": "verified", - "ingested": "2022-09-21T13:53:54Z", - "module": "prometheus", - "dataset": "prometheus.collector" + "service": { + "address": "http://prometheus-server-server:80/metrics", + "type": "prometheus" } } \ No newline at end of file diff --git a/packages/prometheus/data_stream/query/fields/agent.yml b/packages/prometheus/data_stream/query/fields/agent.yml index 48add32f2ae7..e3021e2bae80 100644 --- a/packages/prometheus/data_stream/query/fields/agent.yml +++ b/packages/prometheus/data_stream/query/fields/agent.yml @@ -10,9 +10,7 @@ type: keyword dimension: true ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' + description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' example: 666777888999 - name: availability_zone level: extended @@ -28,17 +26,6 @@ ignore_above: 1024 description: Instance ID of the host machine. example: i-1234567890abcdef0 - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - name: provider level: extended type: keyword @@ -53,18 +40,13 @@ ignore_above: 1024 description: Region in which this host is running. example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - name: image.id type: keyword description: Image ID for the cloud instance. - name: container title: Container group: 2 - description: 'Container fields are used for meta information about the specific container that is the source of information. - - These fields help correlate data based containers from any runtime.' + description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id @@ -73,119 +55,18 @@ dimension: true ignore_above: 1024 description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 - description: 'A host is defined as a general computing instance. - - ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' + description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: 'Name of the domain of which the host is a member. - - For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - - name: id - level: core - type: keyword - ignore_above: 1024 - description: 'Unique host id. - - As hostname is not always unique, use values that are meaningful in your environment. - - Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - name: name level: core type: keyword dimension: true ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: 'Type of host. - - For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.' + description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: containerized type: boolean description: > diff --git a/packages/prometheus/data_stream/query/fields/ecs.yml b/packages/prometheus/data_stream/query/fields/ecs.yml index 00a5f46cd71f..17e169722544 100644 --- a/packages/prometheus/data_stream/query/fields/ecs.yml +++ b/packages/prometheus/data_stream/query/fields/ecs.yml @@ -1,12 +1,6 @@ -- external: ecs - name: ecs.version - external: ecs name: service.address dimension: true -- external: ecs - name: service.type - external: ecs name: agent.id dimension: true -- external: ecs - name: event.dataset diff --git a/packages/prometheus/data_stream/query/sample_event.json b/packages/prometheus/data_stream/query/sample_event.json index b45f682c5285..0c95e1dd1078 100644 --- a/packages/prometheus/data_stream/query/sample_event.json +++ b/packages/prometheus/data_stream/query/sample_event.json @@ -1,45 +1,45 @@ { + "@timestamp": "2022-09-21T14:06:49.000Z", "agent": { - "name": "kind-control-plane", + "ephemeral_id": "63ab98c3-c4ae-4a30-84f9-9a2d7f459728", "id": "68e3d23a-08cd-4477-924b-25f491194aba", + "name": "kind-control-plane", "type": "metricbeat", - "ephemeral_id": "63ab98c3-c4ae-4a30-84f9-9a2d7f459728", "version": "8.4.0" }, - "@timestamp": "2022-09-21T14:06:49.000Z", - "ecs": { - "version": "8.0.0" - }, - "service": { - "address": "http://prometheus-server-server:80", - "type": "prometheus" - }, "data_stream": { + "dataset": "prometheus.query", "namespace": "default", - "type": "metrics", - "dataset": "prometheus.query" + "type": "metrics" + }, + "ecs": { + "version": "8.11.0" }, "elastic_agent": { "id": "68e3d23a-08cd-4477-924b-25f491194aba", - "version": "8.4.0", - "snapshot": true + "snapshot": true, + "version": "8.4.0" + }, + "event": { + "agent_id_status": "verified", + "dataset": "prometheus.query", + "duration": 1153570, + "ingested": "2022-09-21T14:06:50Z", + "module": "prometheus" }, "host": {}, "metricset": { - "period": 10000, - "name": "query" + "name": "query", + "period": 10000 }, "prometheus": { + "labels": {}, "query": { "instant_vector": 0.7838951248394681 - }, - "labels": {} + } }, - "event": { - "duration": 1153570, - "agent_id_status": "verified", - "ingested": "2022-09-21T14:06:50Z", - "module": "prometheus", - "dataset": "prometheus.query" + "service": { + "address": "http://prometheus-server-server:80", + "type": "prometheus" } } \ No newline at end of file diff --git a/packages/prometheus/data_stream/remote_write/fields/agent.yml b/packages/prometheus/data_stream/remote_write/fields/agent.yml index 48add32f2ae7..e3021e2bae80 100644 --- a/packages/prometheus/data_stream/remote_write/fields/agent.yml +++ b/packages/prometheus/data_stream/remote_write/fields/agent.yml @@ -10,9 +10,7 @@ type: keyword dimension: true ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' + description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' example: 666777888999 - name: availability_zone level: extended @@ -28,17 +26,6 @@ ignore_above: 1024 description: Instance ID of the host machine. example: i-1234567890abcdef0 - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - name: provider level: extended type: keyword @@ -53,18 +40,13 @@ ignore_above: 1024 description: Region in which this host is running. example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - name: image.id type: keyword description: Image ID for the cloud instance. - name: container title: Container group: 2 - description: 'Container fields are used for meta information about the specific container that is the source of information. - - These fields help correlate data based containers from any runtime.' + description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id @@ -73,119 +55,18 @@ dimension: true ignore_above: 1024 description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 - description: 'A host is defined as a general computing instance. - - ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' + description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: 'Name of the domain of which the host is a member. - - For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - - name: id - level: core - type: keyword - ignore_above: 1024 - description: 'Unique host id. - - As hostname is not always unique, use values that are meaningful in your environment. - - Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - name: name level: core type: keyword dimension: true ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: 'Type of host. - - For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.' + description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: containerized type: boolean description: > diff --git a/packages/prometheus/data_stream/remote_write/fields/ecs.yml b/packages/prometheus/data_stream/remote_write/fields/ecs.yml index 869623a49da4..3014c8de4b6f 100644 --- a/packages/prometheus/data_stream/remote_write/fields/ecs.yml +++ b/packages/prometheus/data_stream/remote_write/fields/ecs.yml @@ -1,11 +1,3 @@ -- external: ecs - name: ecs.version -- external: ecs - name: service.address -- external: ecs - name: service.type - external: ecs name: agent.id dimension: true -- external: ecs - name: event.dataset diff --git a/packages/prometheus/data_stream/remote_write/sample_event.json b/packages/prometheus/data_stream/remote_write/sample_event.json index 83b4f9535adf..936c218ea5c1 100644 --- a/packages/prometheus/data_stream/remote_write/sample_event.json +++ b/packages/prometheus/data_stream/remote_write/sample_event.json @@ -1,61 +1,61 @@ { + "@timestamp": "2022-09-22T12:23:35.757Z", "agent": { - "name": "kind-control-plane", - "id": "af0df4c2-33b7-41fd-8eb5-573376996db2", "ephemeral_id": "5c3d912b-9bf3-4747-b784-1f7c275a5979", + "id": "af0df4c2-33b7-41fd-8eb5-573376996db2", + "name": "kind-control-plane", "type": "metricbeat", "version": "8.4.0" }, - "@timestamp": "2022-09-22T12:23:35.757Z", - "ecs": { - "version": "8.0.0" - }, - "service": { - "type": "prometheus" - }, "data_stream": { + "dataset": "prometheus.remote_write", "namespace": "default", - "type": "metrics", - "dataset": "prometheus.remote_write" + "type": "metrics" + }, + "ecs": { + "version": "8.11.0" }, "elastic_agent": { "id": "af0df4c2-33b7-41fd-8eb5-573376996db2", - "version": "8.4.0", - "snapshot": true + "snapshot": true, + "version": "8.4.0" + }, + "event": { + "agent_id_status": "verified", + "dataset": "prometheus.remote_write", + "ingested": "2022-09-22T12:24:16Z", + "module": "prometheus" }, "host": {}, "metricset": { "name": "remote_write" }, "prometheus": { - "node_cpu_guest_seconds_total": { - "rate": 0, - "counter": 0 - }, - "node_cpu_seconds_total": { - "rate": 0, - "counter": 2284.68 - }, "labels": { "app": "prometheus", "app_kubernetes_io_managed_by": "Helm", - "instance": "172.19.0.2:9100", - "release": "prometheus-server", + "chart": "prometheus-15.10.1", + "component": "node-exporter", "cpu": "5", "heritage": "Helm", + "instance": "172.19.0.2:9100", + "job": "kubernetes-service-endpoints", "mode": "user", - "node": "kind-control-plane", - "component": "node-exporter", - "service": "prometheus-server-node-exporter", "namespace": "kube-system", - "job": "kubernetes-service-endpoints", - "chart": "prometheus-15.10.1" + "node": "kind-control-plane", + "release": "prometheus-server", + "service": "prometheus-server-node-exporter" + }, + "node_cpu_guest_seconds_total": { + "counter": 0, + "rate": 0 + }, + "node_cpu_seconds_total": { + "counter": 2284.68, + "rate": 0 } }, - "event": { - "agent_id_status": "verified", - "ingested": "2022-09-22T12:24:16Z", - "module": "prometheus", - "dataset": "prometheus.remote_write" + "service": { + "type": "prometheus" } } \ No newline at end of file diff --git a/packages/prometheus/docs/README.md b/packages/prometheus/docs/README.md index d02d7568954d..111d50799caf 100644 --- a/packages/prometheus/docs/README.md +++ b/packages/prometheus/docs/README.md @@ -132,93 +132,76 @@ An example event for `collector` looks as following: ```json { "@timestamp": "2022-09-21T13:53:53.737Z", - "ecs": { - "version": "8.0.0" - }, - "service": { - "address": "http://prometheus-server-server:80/metrics", - "type": "prometheus" - }, "data_stream": { + "dataset": "prometheus.collector", "namespace": "default", - "type": "metrics", - "dataset": "prometheus.collector" + "type": "metrics" + }, + "ecs": { + "version": "8.11.0" }, "elastic_agent": { "id": "68e3d23a-08cd-4477-924b-25f491194aba", - "version": "8.4.0", - "snapshot": true + "snapshot": true, + "version": "8.4.0" + }, + "event": { + "agent_id_status": "verified", + "dataset": "prometheus.collector", + "duration": 10509824, + "ingested": "2022-09-21T13:53:54Z", + "module": "prometheus" }, "host": {}, "metricset": { - "period": 10000, - "name": "collector" + "name": "collector", + "period": 10000 }, "prometheus": { - "prometheus_target_sync_length_seconds": { - "value": 0.000103602 - }, "labels": { - "scrape_job": "kubernetes-services", "instance": "prometheus-server-server:80", + "job": "prometheus", "quantile": "0.5", - "job": "prometheus" + "scrape_job": "kubernetes-services" + }, + "prometheus_target_sync_length_seconds": { + "value": 0.000103602 } }, - "event": { - "duration": 10509824, - "agent_id_status": "verified", - "ingested": "2022-09-21T13:53:54Z", - "module": "prometheus", - "dataset": "prometheus.collector" + "service": { + "address": "http://prometheus-server-server:80/metrics", + "type": "prometheus" } } ``` The fields reported are: +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | Metric Type | |---|---|---|---| | @timestamp | Event timestamp. | date | | | agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | | -| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | +| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | | cloud.availability_zone | Availability zone in which this host is running. | keyword | | | cloud.image.id | Image ID for the cloud instance. | keyword | | | cloud.instance.id | Instance ID of the host machine. | keyword | | -| cloud.instance.name | Instance name of the host machine. | keyword | | -| cloud.machine.type | Machine type of the host machine. | keyword | | -| cloud.project.id | Name of the project in Google Cloud. | keyword | | | cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | | | cloud.region | Region in which this host is running. | keyword | | | container.id | Unique container id. | keyword | | -| container.image.name | Name of the image the container was built on. | keyword | | -| container.labels | Image labels. | object | | -| container.name | Container name. | keyword | | | data_stream.dataset | Data stream dataset. | constant_keyword | | | data_stream.namespace | Data stream namespace. | constant_keyword | | | data_stream.type | Data stream type. | constant_keyword | | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | -| event.dataset | Name of the dataset. If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. | keyword | | | event.module | Event module. | constant_keyword | | -| host.architecture | Operating system architecture. | keyword | | | host.containerized | If the host is a container. | boolean | | -| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | | -| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | -| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | -| host.ip | Host ip addresses. | ip | | -| host.mac | Host mac addresses. | keyword | | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | +| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | | host.os.build | OS build information. | keyword | | | host.os.codename | OS codename, if any. | keyword | | -| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | | -| host.os.kernel | Operating system kernel version as a raw string. | keyword | | -| host.os.name | Operating system name, without the version. | keyword | | -| host.os.name.text | Multi-field of `host.os.name`. | text | | -| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | -| host.os.version | Operating system version as a raw string. | keyword | | -| host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | | | prometheus.\*.counter | Prometheus counter metric | object | counter | | prometheus.\*.histogram | Prometheus histogram metric | object | | | prometheus.\*.rate | Prometheus rated counter metric | object | gauge | @@ -226,7 +209,6 @@ The fields reported are: | prometheus.labels.\* | Prometheus metric labels | keyword | | | prometheus.metrics.\* | Prometheus metric | object | gauge | | service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | | -| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | @@ -326,112 +308,95 @@ An example event for `remote_write` looks as following: ```json { + "@timestamp": "2022-09-22T12:23:35.757Z", "agent": { - "name": "kind-control-plane", - "id": "af0df4c2-33b7-41fd-8eb5-573376996db2", "ephemeral_id": "5c3d912b-9bf3-4747-b784-1f7c275a5979", + "id": "af0df4c2-33b7-41fd-8eb5-573376996db2", + "name": "kind-control-plane", "type": "metricbeat", "version": "8.4.0" }, - "@timestamp": "2022-09-22T12:23:35.757Z", - "ecs": { - "version": "8.0.0" - }, - "service": { - "type": "prometheus" - }, "data_stream": { + "dataset": "prometheus.remote_write", "namespace": "default", - "type": "metrics", - "dataset": "prometheus.remote_write" + "type": "metrics" + }, + "ecs": { + "version": "8.11.0" }, "elastic_agent": { "id": "af0df4c2-33b7-41fd-8eb5-573376996db2", - "version": "8.4.0", - "snapshot": true + "snapshot": true, + "version": "8.4.0" + }, + "event": { + "agent_id_status": "verified", + "dataset": "prometheus.remote_write", + "ingested": "2022-09-22T12:24:16Z", + "module": "prometheus" }, "host": {}, "metricset": { "name": "remote_write" }, "prometheus": { - "node_cpu_guest_seconds_total": { - "rate": 0, - "counter": 0 - }, - "node_cpu_seconds_total": { - "rate": 0, - "counter": 2284.68 - }, "labels": { "app": "prometheus", "app_kubernetes_io_managed_by": "Helm", - "instance": "172.19.0.2:9100", - "release": "prometheus-server", + "chart": "prometheus-15.10.1", + "component": "node-exporter", "cpu": "5", "heritage": "Helm", + "instance": "172.19.0.2:9100", + "job": "kubernetes-service-endpoints", "mode": "user", - "node": "kind-control-plane", - "component": "node-exporter", - "service": "prometheus-server-node-exporter", "namespace": "kube-system", - "job": "kubernetes-service-endpoints", - "chart": "prometheus-15.10.1" + "node": "kind-control-plane", + "release": "prometheus-server", + "service": "prometheus-server-node-exporter" + }, + "node_cpu_guest_seconds_total": { + "counter": 0, + "rate": 0 + }, + "node_cpu_seconds_total": { + "counter": 2284.68, + "rate": 0 } }, - "event": { - "agent_id_status": "verified", - "ingested": "2022-09-22T12:24:16Z", - "module": "prometheus", - "dataset": "prometheus.remote_write" + "service": { + "type": "prometheus" } } ``` The fields reported are: +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | Metric Type | |---|---|---|---| | @timestamp | Event timestamp. | date | | | agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | | -| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | +| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | | cloud.availability_zone | Availability zone in which this host is running. | keyword | | | cloud.image.id | Image ID for the cloud instance. | keyword | | | cloud.instance.id | Instance ID of the host machine. | keyword | | -| cloud.instance.name | Instance name of the host machine. | keyword | | -| cloud.machine.type | Machine type of the host machine. | keyword | | -| cloud.project.id | Name of the project in Google Cloud. | keyword | | | cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | | | cloud.region | Region in which this host is running. | keyword | | | container.id | Unique container id. | keyword | | -| container.image.name | Name of the image the container was built on. | keyword | | -| container.labels | Image labels. | object | | -| container.name | Container name. | keyword | | | data_stream.dataset | Data stream dataset. | constant_keyword | | | data_stream.namespace | Data stream namespace. | constant_keyword | | | data_stream.type | Data stream type. | constant_keyword | | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | -| event.dataset | Name of the dataset. If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. | keyword | | | event.module | Event module. | constant_keyword | | -| host.architecture | Operating system architecture. | keyword | | | host.containerized | If the host is a container. | boolean | | -| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | | -| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | -| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | -| host.ip | Host ip addresses. | ip | | -| host.mac | Host mac addresses. | keyword | | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | +| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | | host.os.build | OS build information. | keyword | | | host.os.codename | OS codename, if any. | keyword | | -| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | | -| host.os.kernel | Operating system kernel version as a raw string. | keyword | | -| host.os.name | Operating system name, without the version. | keyword | | -| host.os.name.text | Multi-field of `host.os.name`. | text | | -| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | -| host.os.version | Operating system version as a raw string. | keyword | | -| host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | | | prometheus.\*.counter | Prometheus counter metric | object | counter | | prometheus.\*.histogram | Prometheus histogram metric | object | | | prometheus.\*.rate | Prometheus rated counter metric | object | gauge | @@ -439,8 +404,6 @@ The fields reported are: | prometheus.labels.\* | Prometheus metric labels | keyword | | | prometheus.metrics.\* | Prometheus metric | object | gauge | | prometheus.metrics_names_fingerprint | Autogenerated ID representing the fingerprint of the list of metrics names | keyword | | -| service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | | -| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | #### Histograms and types @@ -569,100 +532,82 @@ An example event for `query` looks as following: ```json { + "@timestamp": "2022-09-21T14:06:49.000Z", "agent": { - "name": "kind-control-plane", + "ephemeral_id": "63ab98c3-c4ae-4a30-84f9-9a2d7f459728", "id": "68e3d23a-08cd-4477-924b-25f491194aba", + "name": "kind-control-plane", "type": "metricbeat", - "ephemeral_id": "63ab98c3-c4ae-4a30-84f9-9a2d7f459728", "version": "8.4.0" }, - "@timestamp": "2022-09-21T14:06:49.000Z", - "ecs": { - "version": "8.0.0" - }, - "service": { - "address": "http://prometheus-server-server:80", - "type": "prometheus" - }, "data_stream": { + "dataset": "prometheus.query", "namespace": "default", - "type": "metrics", - "dataset": "prometheus.query" + "type": "metrics" + }, + "ecs": { + "version": "8.11.0" }, "elastic_agent": { "id": "68e3d23a-08cd-4477-924b-25f491194aba", - "version": "8.4.0", - "snapshot": true + "snapshot": true, + "version": "8.4.0" + }, + "event": { + "agent_id_status": "verified", + "dataset": "prometheus.query", + "duration": 1153570, + "ingested": "2022-09-21T14:06:50Z", + "module": "prometheus" }, "host": {}, "metricset": { - "period": 10000, - "name": "query" + "name": "query", + "period": 10000 }, "prometheus": { + "labels": {}, "query": { "instant_vector": 0.7838951248394681 - }, - "labels": {} + } }, - "event": { - "duration": 1153570, - "agent_id_status": "verified", - "ingested": "2022-09-21T14:06:50Z", - "module": "prometheus", - "dataset": "prometheus.query" + "service": { + "address": "http://prometheus-server-server:80", + "type": "prometheus" } } ``` The fields reported are: +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | Metric Type | |---|---|---|---| | @timestamp | Event timestamp. | date | | | agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | | -| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | +| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | | cloud.availability_zone | Availability zone in which this host is running. | keyword | | | cloud.image.id | Image ID for the cloud instance. | keyword | | | cloud.instance.id | Instance ID of the host machine. | keyword | | -| cloud.instance.name | Instance name of the host machine. | keyword | | -| cloud.machine.type | Machine type of the host machine. | keyword | | -| cloud.project.id | Name of the project in Google Cloud. | keyword | | | cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | | | cloud.region | Region in which this host is running. | keyword | | | container.id | Unique container id. | keyword | | -| container.image.name | Name of the image the container was built on. | keyword | | -| container.labels | Image labels. | object | | -| container.name | Container name. | keyword | | | data_stream.dataset | Data stream dataset. | constant_keyword | | | data_stream.namespace | Data stream namespace. | constant_keyword | | | data_stream.type | Data stream type. | constant_keyword | | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | -| event.dataset | Name of the dataset. If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. | keyword | | | event.module | Event module. | constant_keyword | | -| host.architecture | Operating system architecture. | keyword | | | host.containerized | If the host is a container. | boolean | | -| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | | -| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | -| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | -| host.ip | Host ip addresses. | ip | | -| host.mac | Host mac addresses. | keyword | | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | +| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | | host.os.build | OS build information. | keyword | | | host.os.codename | OS codename, if any. | keyword | | -| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | | -| host.os.kernel | Operating system kernel version as a raw string. | keyword | | -| host.os.name | Operating system name, without the version. | keyword | | -| host.os.name.text | Multi-field of `host.os.name`. | text | | -| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | -| host.os.version | Operating system version as a raw string. | keyword | | -| host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | | | prometheus.labels.\* | Prometheus metric labels | keyword | | | prometheus.query.\* | Prometheus value resulted from PromQL | object | gauge | | service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | | -| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | ## Dashboard diff --git a/packages/prometheus/manifest.yml b/packages/prometheus/manifest.yml index 15f0a91448d4..81c9042108d5 100644 --- a/packages/prometheus/manifest.yml +++ b/packages/prometheus/manifest.yml @@ -1,7 +1,7 @@ format_version: 2.10.0 name: prometheus title: Prometheus -version: 1.17.0 +version: 1.18.0 description: Collect metrics from Prometheus servers with Elastic Agent. type: integration categories: diff --git a/packages/rabbitmq/_dev/build/build.yml b/packages/rabbitmq/_dev/build/build.yml index aaafc5d833b6..2bfcfc223b04 100644 --- a/packages/rabbitmq/_dev/build/build.yml +++ b/packages/rabbitmq/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.5.1 + reference: "git@v8.11.0" diff --git a/packages/rabbitmq/_dev/build/docs/README.md b/packages/rabbitmq/_dev/build/docs/README.md index 2aedd0916b81..372026eaa38d 100644 --- a/packages/rabbitmq/_dev/build/docs/README.md +++ b/packages/rabbitmq/_dev/build/docs/README.md @@ -21,6 +21,10 @@ The application logs dataset parses single file format introduced in 3.7.0. Application logs collects standard RabbitMQ logs. It will only support RabbitMQ default i.e RFC 3339 timestamp format. +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "log"}} ## Metrics @@ -29,12 +33,20 @@ It will only support RabbitMQ default i.e RFC 3339 timestamp format. {{event "connection"}} +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "connection"}} ### Exchange Metrics {{event "exchange"}} +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "exchange"}} ### Node Metrics @@ -48,10 +60,18 @@ It supports two modes to collect data which can be selected with the "Collection {{event "node"}} +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "node"}} ### Queue Metrics {{event "queue"}} +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "queue"}} \ No newline at end of file diff --git a/packages/rabbitmq/changelog.yml b/packages/rabbitmq/changelog.yml index 08f56fccb394..2d5f7cd9997c 100644 --- a/packages/rabbitmq/changelog.yml +++ b/packages/rabbitmq/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.15.0" + changes: + - description: ECS version updated to 8.11.0. Update the kibana constraint to ^8.13.0. Modified the field definitions to remove ECS fields made redundant by the ecs@mappings component template. + type: enhancement + link: https://github.com/elastic/integrations/pull/10171 - version: "1.14.0" changes: - description: Add global filter on data_stream.dataset to improve performance. diff --git a/packages/rabbitmq/data_stream/connection/fields/agent.yml b/packages/rabbitmq/data_stream/connection/fields/agent.yml index 334356372dbc..482fe3e31713 100644 --- a/packages/rabbitmq/data_stream/connection/fields/agent.yml +++ b/packages/rabbitmq/data_stream/connection/fields/agent.yml @@ -10,9 +10,7 @@ type: keyword dimension: true ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' + description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' example: 666777888999 - name: availability_zone level: extended @@ -28,17 +26,6 @@ description: Instance ID of the host machine. example: i-1234567890abcdef0 dimension: true - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - name: provider level: extended type: keyword @@ -53,18 +40,13 @@ ignore_above: 1024 description: Region in which this host is running. example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - name: image.id type: keyword description: Image ID for the cloud instance. - name: container title: Container group: 2 - description: 'Container fields are used for meta information about the specific container that is the source of information. - - These fields help correlate data based containers from any runtime.' + description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id @@ -73,119 +55,18 @@ ignore_above: 1024 description: Unique container id. dimension: true - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 - description: 'A host is defined as a general computing instance. - - ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' + description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: 'Name of the domain of which the host is a member. - - For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - - name: id - level: core - type: keyword - ignore_above: 1024 - description: 'Unique host id. - - As hostname is not always unique, use values that are meaningful in your environment. - - Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - name: name level: core type: keyword ignore_above: 1024 dimension: true - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: 'Type of host. - - For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.' + description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: containerized type: boolean description: > diff --git a/packages/rabbitmq/data_stream/connection/fields/ecs.yml b/packages/rabbitmq/data_stream/connection/fields/ecs.yml index 0b8b5f3f167e..4b73f809437d 100644 --- a/packages/rabbitmq/data_stream/connection/fields/ecs.yml +++ b/packages/rabbitmq/data_stream/connection/fields/ecs.yml @@ -1,11 +1,3 @@ -- external: ecs - name: user -- external: ecs - name: user.name -- external: ecs - name: ecs.version - external: ecs name: service.address dimension: true -- external: ecs - name: service.type diff --git a/packages/rabbitmq/data_stream/connection/sample_event.json b/packages/rabbitmq/data_stream/connection/sample_event.json index 3c2fbad89555..b496ec3a2fdb 100644 --- a/packages/rabbitmq/data_stream/connection/sample_event.json +++ b/packages/rabbitmq/data_stream/connection/sample_event.json @@ -1,7 +1,18 @@ { "@timestamp": "2020-06-25T10:16:10.138Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "dataset": "rabbitmq.connection", + "duration": 374411, + "module": "rabbitmq" + }, + "metricset": { + "name": "connection", + "period": 10000 + }, "rabbitmq": { - "vhost": "/", "connection": { "channel_max": 65535, "channels": 2, @@ -10,7 +21,7 @@ }, "frame_max": 131072, "host": "::1", - "name": "[::1]:31153 -\u003e [::1]:5672", + "name": "[::1]:31153 -> [::1]:5672", "octet_count": { "received": 5834, "sent": 5834 @@ -27,22 +38,11 @@ "port": 5672, "state": "running", "type": "network" - } - }, - "event": { - "duration": 374411, - "dataset": "rabbitmq.connection", - "module": "rabbitmq" - }, - "metricset": { - "name": "connection", - "period": 10000 + }, + "vhost": "/" }, "service": { "address": "localhost:15672", "type": "rabbitmq" - }, - "ecs": { - "version": "8.5.1" } -} \ No newline at end of file +} diff --git a/packages/rabbitmq/data_stream/exchange/fields/agent.yml b/packages/rabbitmq/data_stream/exchange/fields/agent.yml index 334356372dbc..482fe3e31713 100644 --- a/packages/rabbitmq/data_stream/exchange/fields/agent.yml +++ b/packages/rabbitmq/data_stream/exchange/fields/agent.yml @@ -10,9 +10,7 @@ type: keyword dimension: true ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' + description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' example: 666777888999 - name: availability_zone level: extended @@ -28,17 +26,6 @@ description: Instance ID of the host machine. example: i-1234567890abcdef0 dimension: true - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - name: provider level: extended type: keyword @@ -53,18 +40,13 @@ ignore_above: 1024 description: Region in which this host is running. example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - name: image.id type: keyword description: Image ID for the cloud instance. - name: container title: Container group: 2 - description: 'Container fields are used for meta information about the specific container that is the source of information. - - These fields help correlate data based containers from any runtime.' + description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id @@ -73,119 +55,18 @@ ignore_above: 1024 description: Unique container id. dimension: true - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 - description: 'A host is defined as a general computing instance. - - ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' + description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: 'Name of the domain of which the host is a member. - - For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - - name: id - level: core - type: keyword - ignore_above: 1024 - description: 'Unique host id. - - As hostname is not always unique, use values that are meaningful in your environment. - - Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - name: name level: core type: keyword ignore_above: 1024 dimension: true - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: 'Type of host. - - For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.' + description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: containerized type: boolean description: > diff --git a/packages/rabbitmq/data_stream/exchange/fields/ecs.yml b/packages/rabbitmq/data_stream/exchange/fields/ecs.yml index 0b8b5f3f167e..4b73f809437d 100644 --- a/packages/rabbitmq/data_stream/exchange/fields/ecs.yml +++ b/packages/rabbitmq/data_stream/exchange/fields/ecs.yml @@ -1,11 +1,3 @@ -- external: ecs - name: user -- external: ecs - name: user.name -- external: ecs - name: ecs.version - external: ecs name: service.address dimension: true -- external: ecs - name: service.type diff --git a/packages/rabbitmq/data_stream/exchange/sample_event.json b/packages/rabbitmq/data_stream/exchange/sample_event.json index 74fecc3a9a7e..286e39be6179 100644 --- a/packages/rabbitmq/data_stream/exchange/sample_event.json +++ b/packages/rabbitmq/data_stream/exchange/sample_event.json @@ -1,32 +1,32 @@ { "@timestamp": "2020-06-25T10:04:20.944Z", - "rabbitmq": { - "vhost": "/", - "exchange": { - "arguments": {}, - "durable": true, - "auto_delete": false, - "name": "", - "internal": false - } + "ecs": { + "version": "8.11.0" }, "event": { - "duration": 4078507, "dataset": "rabbitmq.exchange", + "duration": 4078507, "module": "rabbitmq" }, "metricset": { "name": "exchange", "period": 10000 }, - "user": { - "name": "rmq-internal" + "rabbitmq": { + "exchange": { + "arguments": {}, + "auto_delete": false, + "durable": true, + "internal": false, + "name": "" + }, + "vhost": "/" }, "service": { "address": "localhost:15672", "type": "rabbitmq" }, - "ecs": { - "version": "8.5.1" + "user": { + "name": "rmq-internal" } -} \ No newline at end of file +} diff --git a/packages/rabbitmq/data_stream/log/_dev/test/pipeline/test-rabbitmq.log-expected.json b/packages/rabbitmq/data_stream/log/_dev/test/pipeline/test-rabbitmq.log-expected.json index e6f5199dfc2c..1c80542300df 100644 --- a/packages/rabbitmq/data_stream/log/_dev/test/pipeline/test-rabbitmq.log-expected.json +++ b/packages/rabbitmq/data_stream/log/_dev/test/pipeline/test-rabbitmq.log-expected.json @@ -3,13 +3,15 @@ { "@timestamp": "2023-01-24T10:38:45.236Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195141801Z", + "ingested": "2024-06-17T12:52:40.927957387Z", "kind": "event", "original": "2023-01-24 10:38:45.236018+00:00 [info] <0.229.0> \nnode : rabbit@af6809c8510d\nhome dir : /var/lib/rabbitmq\nconfig file(s) : /etc/rabbitmq/conf.d/10-defaults.conf\ncookie hash : ibMcme1ZByOOJPIBTHvhzg==\nlog(s) : /var/log/rabbitmq/rabbit@af6809c8510d_upgrade.log\n : \ndatabase dir : /var/lib/rabbitmq/mnesia/rabbit@af6809c8510d", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -27,13 +29,15 @@ { "@timestamp": "2023-01-24T10:38:48.987Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195158343Z", + "ingested": "2024-06-17T12:52:40.927992028Z", "kind": "event", "original": "2023-01-24 10:38:48.987396+00:00 [info] <0.229.0> Running boot step pre_boot defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -51,13 +55,15 @@ { "@timestamp": "2023-01-24T10:38:48.987Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195160010Z", + "ingested": "2024-06-17T12:52:40.927996144Z", "kind": "event", "original": "2023-01-24 10:38:48.987465+00:00 [info] <0.229.0> Running boot step rabbit_global_counters defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -75,13 +81,15 @@ { "@timestamp": "2023-01-24T10:38:48.987Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195161176Z", + "ingested": "2024-06-17T12:52:40.927998836Z", "kind": "event", "original": "2023-01-24 10:38:48.987714+00:00 [info] <0.229.0> Running boot step rabbit_osiris_metrics defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -99,13 +107,15 @@ { "@timestamp": "2023-01-24T10:38:48.987Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195162301Z", + "ingested": "2024-06-17T12:52:40.928001653Z", "kind": "event", "original": "2023-01-24 10:38:48.987809+00:00 [info] <0.229.0> Running boot step rabbit_core_metrics defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -123,13 +133,15 @@ { "@timestamp": "2023-01-24T10:38:48.988Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195163510Z", + "ingested": "2024-06-17T12:52:40.928004330Z", "kind": "event", "original": "2023-01-24 10:38:48.988086+00:00 [info] <0.229.0> Running boot step rabbit_alarm defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -147,13 +159,15 @@ { "@timestamp": "2023-01-24T10:38:48.992Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195164593Z", + "ingested": "2024-06-17T12:52:40.928007050Z", "kind": "event", "original": "2023-01-24 10:38:48.992459+00:00 [info] <0.299.0> Memory high watermark set to 3140 MiB (3293097164 bytes) of 7851 MiB (8232742912 bytes) total", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -171,13 +185,15 @@ { "@timestamp": "2023-01-24T10:38:48.997Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195165676Z", + "ingested": "2024-06-17T12:52:40.928009694Z", "kind": "event", "original": "2023-01-24 10:38:48.997524+00:00 [info] <0.301.0> Enabling free disk space monitoring (disk free space: 45286498304, total memory: 8232742912)", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -195,13 +211,15 @@ { "@timestamp": "2023-01-24T10:38:48.997Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195166801Z", + "ingested": "2024-06-17T12:52:40.928012468Z", "kind": "event", "original": "2023-01-24 10:38:48.997742+00:00 [info] <0.301.0> Disk free limit set to 50MB", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -219,13 +237,15 @@ { "@timestamp": "2023-01-24T10:38:49.001Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195168593Z", + "ingested": "2024-06-17T12:52:40.928015136Z", "kind": "event", "original": "2023-01-24 10:38:49.001012+00:00 [info] <0.229.0> Running boot step code_server_cache defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -243,13 +263,15 @@ { "@timestamp": "2023-01-24T10:38:49.001Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195169760Z", + "ingested": "2024-06-17T12:52:40.928017876Z", "kind": "event", "original": "2023-01-24 10:38:49.001076+00:00 [info] <0.229.0> Running boot step file_handle_cache defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -267,13 +289,15 @@ { "@timestamp": "2023-01-24T10:38:49.001Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195171010Z", + "ingested": "2024-06-17T12:52:40.928020916Z", "kind": "event", "original": "2023-01-24 10:38:49.001201+00:00 [info] <0.304.0> Limiting to approx 1048479 file handles (943629 sockets)", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -291,13 +315,15 @@ { "@timestamp": "2023-01-24T10:38:49.001Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195172093Z", + "ingested": "2024-06-17T12:52:40.928023646Z", "kind": "event", "original": "2023-01-24 10:38:49.001251+00:00 [info] <0.305.0> FHC read buffering: OFF", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -315,13 +341,15 @@ { "@timestamp": "2023-01-24T10:38:49.001Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195173218Z", + "ingested": "2024-06-17T12:52:40.928026300Z", "kind": "event", "original": "2023-01-24 10:38:49.001270+00:00 [info] <0.305.0> FHC write buffering: ON", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -339,13 +367,15 @@ { "@timestamp": "2023-01-24T10:38:49.002Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195174301Z", + "ingested": "2024-06-17T12:52:40.928029028Z", "kind": "event", "original": "2023-01-24 10:38:49.002188+00:00 [info] <0.229.0> Running boot step worker_pool defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -363,13 +393,15 @@ { "@timestamp": "2023-01-24T10:38:49.002Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195175385Z", + "ingested": "2024-06-17T12:52:40.928031710Z", "kind": "event", "original": "2023-01-24 10:38:49.002241+00:00 [info] <0.286.0> Will use 5 processes for default worker pool", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -387,13 +419,15 @@ { "@timestamp": "2023-01-24T10:38:49.002Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195176510Z", + "ingested": "2024-06-17T12:52:40.928034795Z", "kind": "event", "original": "2023-01-24 10:38:49.002287+00:00 [info] <0.286.0> Starting worker pool 'worker_pool' with 5 processes in it", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -411,13 +445,15 @@ { "@timestamp": "2023-01-24T10:38:49.002Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195177676Z", + "ingested": "2024-06-17T12:52:40.928037447Z", "kind": "event", "original": "2023-01-24 10:38:49.002531+00:00 [info] <0.229.0> Running boot step database defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -435,13 +471,15 @@ { "@timestamp": "2023-01-24T10:38:49.003Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195178801Z", + "ingested": "2024-06-17T12:52:40.928040170Z", "kind": "event", "original": "2023-01-24 10:38:49.003858+00:00 [info] <0.229.0> Node database directory at /var/lib/rabbitmq/mnesia/rabbit@af6809c8510d is empty. Assuming we need to join an existing cluster or initialise from scratch...", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -459,13 +497,15 @@ { "@timestamp": "2023-01-24T10:38:49.003Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195179926Z", + "ingested": "2024-06-17T12:52:40.928045514Z", "kind": "event", "original": "2023-01-24 10:38:49.003915+00:00 [info] <0.229.0> Configured peer discovery backend: rabbit_peer_discovery_classic_config", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -483,13 +523,15 @@ { "@timestamp": "2023-01-24T10:38:49.003Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195181010Z", + "ingested": "2024-06-17T12:52:40.928048325Z", "kind": "event", "original": "2023-01-24 10:38:49.003932+00:00 [info] <0.229.0> Will try to lock with peer discovery backend rabbit_peer_discovery_classic_config", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -507,13 +549,15 @@ { "@timestamp": "2023-01-24T10:38:49.003Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195182135Z", + "ingested": "2024-06-17T12:52:40.928050970Z", "kind": "event", "original": "2023-01-24 10:38:49.003976+00:00 [info] <0.229.0> All discovered existing cluster peers:", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -531,13 +575,15 @@ { "@timestamp": "2023-01-24T10:38:49.003Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195183218Z", + "ingested": "2024-06-17T12:52:40.928053700Z", "kind": "event", "original": "2023-01-24 10:38:49.003989+00:00 [info] <0.229.0> Discovered no peer nodes to cluster with. Some discovery backends can filter nodes out based on a readiness criteria. Enabling debug logging might help troubleshoot.", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -555,13 +601,15 @@ { "@timestamp": "2023-01-24T10:38:49.005Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195184343Z", + "ingested": "2024-06-17T12:52:40.928056660Z", "kind": "event", "original": "2023-01-24 10:38:49.005308+00:00 [notice] <0.44.0> Application mnesia exited with reason: stopped", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "notice" @@ -579,13 +627,15 @@ { "@timestamp": "2023-01-24T10:38:49.119Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195185426Z", + "ingested": "2024-06-17T12:52:40.928059461Z", "kind": "event", "original": "2023-01-24 10:38:49.119439+00:00 [info] <0.229.0> Waiting for Mnesia tables for 30000 ms, 9 retries left", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -603,13 +653,15 @@ { "@timestamp": "2023-01-24T10:38:49.119Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195186510Z", + "ingested": "2024-06-17T12:52:40.928062125Z", "kind": "event", "original": "2023-01-24 10:38:49.119725+00:00 [info] <0.229.0> Successfully synced tables from a peer", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -627,13 +679,15 @@ { "@timestamp": "2023-01-24T10:38:49.126Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195187593Z", + "ingested": "2024-06-17T12:52:40.928064884Z", "kind": "event", "original": "2023-01-24 10:38:49.126213+00:00 [info] <0.229.0> Feature flags: `feature_flags_v2`: supported, attempt to enable...", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -651,13 +705,15 @@ { "@timestamp": "2023-01-24T10:38:49.147Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195188718Z", + "ingested": "2024-06-17T12:52:40.928067515Z", "kind": "event", "original": "2023-01-24 10:38:49.147034+00:00 [notice] <0.287.0> Feature flags: attempt to enable `classic_mirrored_queue_version`...", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "notice" @@ -675,13 +731,15 @@ { "@timestamp": "2023-01-24T10:38:49.165Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195189801Z", + "ingested": "2024-06-17T12:52:40.928070281Z", "kind": "event", "original": "2023-01-24 10:38:49.165936+00:00 [notice] <0.287.0> Feature flags: `classic_mirrored_queue_version` enabled", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "notice" @@ -699,13 +757,15 @@ { "@timestamp": "2023-01-24T10:38:49.166Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195190885Z", + "ingested": "2024-06-17T12:52:40.928072934Z", "kind": "event", "original": "2023-01-24 10:38:49.166232+00:00 [notice] <0.287.0> Feature flags: attempt to enable `classic_queue_type_delivery_support`...", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "notice" @@ -723,13 +783,15 @@ { "@timestamp": "2023-01-24T10:38:49.177Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195191968Z", + "ingested": "2024-06-17T12:52:40.928075757Z", "kind": "event", "original": "2023-01-24 10:38:49.177853+00:00 [notice] <0.287.0> Feature flags: attempt to enable `stream_queue`...", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "notice" @@ -747,13 +809,15 @@ { "@timestamp": "2023-01-24T10:38:49.198Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195196093Z", + "ingested": "2024-06-17T12:52:40.928078461Z", "kind": "event", "original": "2023-01-24 10:38:49.198546+00:00 [notice] <0.287.0> Feature flags: `stream_queue` enabled", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "notice" @@ -771,13 +835,15 @@ { "@timestamp": "2023-01-24T10:38:49.209Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195197176Z", + "ingested": "2024-06-17T12:52:40.928081225Z", "kind": "event", "original": "2023-01-24 10:38:49.209504+00:00 [notice] <0.287.0> Feature flags: `classic_queue_type_delivery_support` enabled", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "notice" @@ -795,13 +861,15 @@ { "@timestamp": "2023-01-24T10:38:49.209Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195198260Z", + "ingested": "2024-06-17T12:52:40.928083881Z", "kind": "event", "original": "2023-01-24 10:38:49.209837+00:00 [notice] <0.287.0> Feature flags: attempt to enable `direct_exchange_routing_v2`...", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "notice" @@ -819,13 +887,15 @@ { "@timestamp": "2023-01-24T10:38:49.220Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195199426Z", + "ingested": "2024-06-17T12:52:40.928087045Z", "kind": "event", "original": "2023-01-24 10:38:49.220869+00:00 [info] <0.499.0> Waiting for Mnesia tables for 30000 ms, 9 retries left", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -843,13 +913,15 @@ { "@timestamp": "2023-01-24T10:38:49.220Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195200510Z", + "ingested": "2024-06-17T12:52:40.928089709Z", "kind": "event", "original": "2023-01-24 10:38:49.220981+00:00 [info] <0.499.0> Successfully synced tables from a peer", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -867,13 +939,15 @@ { "@timestamp": "2023-01-24T10:38:49.236Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195201635Z", + "ingested": "2024-06-17T12:52:40.928092465Z", "kind": "event", "original": "2023-01-24 10:38:49.236521+00:00 [notice] <0.287.0> Feature flags: `direct_exchange_routing_v2` enabled", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "notice" @@ -891,13 +965,15 @@ { "@timestamp": "2023-01-24T10:38:49.236Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195202760Z", + "ingested": "2024-06-17T12:52:40.928095131Z", "kind": "event", "original": "2023-01-24 10:38:49.236958+00:00 [notice] <0.287.0> Feature flags: attempt to enable `drop_unroutable_metric`...", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "notice" @@ -915,13 +991,15 @@ { "@timestamp": "2023-01-24T10:38:49.257Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195203843Z", + "ingested": "2024-06-17T12:52:40.928097881Z", "kind": "event", "original": "2023-01-24 10:38:49.257024+00:00 [notice] <0.287.0> Feature flags: `drop_unroutable_metric` enabled", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "notice" @@ -939,13 +1017,15 @@ { "@timestamp": "2023-01-24T10:38:49.257Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195204968Z", + "ingested": "2024-06-17T12:52:40.928100509Z", "kind": "event", "original": "2023-01-24 10:38:49.257352+00:00 [notice] <0.287.0> Feature flags: attempt to enable `empty_basic_get_metric`...", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "notice" @@ -963,13 +1043,15 @@ { "@timestamp": "2023-01-24T10:38:49.278Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195206010Z", + "ingested": "2024-06-17T12:52:40.928103251Z", "kind": "event", "original": "2023-01-24 10:38:49.278835+00:00 [notice] <0.287.0> Feature flags: `empty_basic_get_metric` enabled", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "notice" @@ -987,13 +1069,15 @@ { "@timestamp": "2023-01-24T10:38:49.279Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195207093Z", + "ingested": "2024-06-17T12:52:40.928105909Z", "kind": "event", "original": "2023-01-24 10:38:49.279849+00:00 [notice] <0.287.0> Feature flags: attempt to enable `listener_records_in_ets`...", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "notice" @@ -1011,13 +1095,15 @@ { "@timestamp": "2023-01-24T10:38:49.394Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195208176Z", + "ingested": "2024-06-17T12:52:40.928108651Z", "kind": "event", "original": "2023-01-24 10:38:49.394930+00:00 [notice] <0.287.0> Feature flags: `listener_records_in_ets` enabled", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "notice" @@ -1035,13 +1121,15 @@ { "@timestamp": "2023-01-24T10:38:49.395Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195209260Z", + "ingested": "2024-06-17T12:52:40.928111288Z", "kind": "event", "original": "2023-01-24 10:38:49.395827+00:00 [notice] <0.287.0> Feature flags: attempt to enable `stream_single_active_consumer`...", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "notice" @@ -1059,13 +1147,15 @@ { "@timestamp": "2023-01-24T10:38:49.412Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195210343Z", + "ingested": "2024-06-17T12:52:40.928114081Z", "kind": "event", "original": "2023-01-24 10:38:49.412055+00:00 [notice] <0.287.0> Feature flags: `stream_single_active_consumer` enabled", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "notice" @@ -1083,13 +1173,15 @@ { "@timestamp": "2023-01-24T10:38:49.412Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195211426Z", + "ingested": "2024-06-17T12:52:40.928116726Z", "kind": "event", "original": "2023-01-24 10:38:49.412372+00:00 [notice] <0.287.0> Feature flags: attempt to enable `tracking_records_in_ets`...", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "notice" @@ -1107,13 +1199,15 @@ { "@timestamp": "2023-01-24T10:38:49.429Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195212593Z", + "ingested": "2024-06-17T12:52:40.928119446Z", "kind": "event", "original": "2023-01-24 10:38:49.429212+00:00 [notice] <0.287.0> Feature flags: `tracking_records_in_ets` enabled", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "notice" @@ -1131,13 +1225,15 @@ { "@timestamp": "2023-01-24T10:38:49.429Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195213676Z", + "ingested": "2024-06-17T12:52:40.928122096Z", "kind": "event", "original": "2023-01-24 10:38:49.429984+00:00 [info] <0.229.0> Waiting for Mnesia tables for 30000 ms, 9 retries left", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1155,13 +1251,15 @@ { "@timestamp": "2023-01-24T10:38:49.430Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195215801Z", + "ingested": "2024-06-17T12:52:40.928124845Z", "kind": "event", "original": "2023-01-24 10:38:49.430060+00:00 [info] <0.229.0> Successfully synced tables from a peer", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1179,13 +1277,15 @@ { "@timestamp": "2023-01-24T10:38:49.437Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195216968Z", + "ingested": "2024-06-17T12:52:40.928127510Z", "kind": "event", "original": "2023-01-24 10:38:49.437978+00:00 [info] <0.229.0> Waiting for Mnesia tables for 30000 ms, 9 retries left", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1203,13 +1303,15 @@ { "@timestamp": "2023-01-24T10:38:49.438Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195218135Z", + "ingested": "2024-06-17T12:52:40.928130510Z", "kind": "event", "original": "2023-01-24 10:38:49.438072+00:00 [info] <0.229.0> Successfully synced tables from a peer", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1227,13 +1329,15 @@ { "@timestamp": "2023-01-24T10:38:49.438Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195219260Z", + "ingested": "2024-06-17T12:52:40.928133165Z", "kind": "event", "original": "2023-01-24 10:38:49.438095+00:00 [info] <0.229.0> Peer discovery backend rabbit_peer_discovery_classic_config does not support registration, skipping registration.", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1251,13 +1355,15 @@ { "@timestamp": "2023-01-24T10:38:49.438Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195220343Z", + "ingested": "2024-06-17T12:52:40.928135922Z", "kind": "event", "original": "2023-01-24 10:38:49.438118+00:00 [info] <0.229.0> Will try to unlock with peer discovery backend rabbit_peer_discovery_classic_config", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1275,13 +1381,15 @@ { "@timestamp": "2023-01-24T10:38:49.438Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195221468Z", + "ingested": "2024-06-17T12:52:40.928138602Z", "kind": "event", "original": "2023-01-24 10:38:49.438156+00:00 [info] <0.229.0> Running boot step tracking_metadata_store defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1299,13 +1407,15 @@ { "@timestamp": "2023-01-24T10:38:49.438Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195222551Z", + "ingested": "2024-06-17T12:52:40.928141356Z", "kind": "event", "original": "2023-01-24 10:38:49.438205+00:00 [info] <0.621.0> Setting up a table for connection tracking on this node: tracked_connection", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1323,13 +1433,15 @@ { "@timestamp": "2023-01-24T10:38:49.438Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195223593Z", + "ingested": "2024-06-17T12:52:40.928144006Z", "kind": "event", "original": "2023-01-24 10:38:49.438234+00:00 [info] <0.621.0> Setting up a table for per-vhost connection counting on this node: tracked_connection_per_vhost", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1347,13 +1459,15 @@ { "@timestamp": "2023-01-24T10:38:49.438Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195224676Z", + "ingested": "2024-06-17T12:52:40.928146776Z", "kind": "event", "original": "2023-01-24 10:38:49.438258+00:00 [info] <0.621.0> Setting up a table for per-user connection counting on this node: tracked_connection_per_user", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1371,13 +1485,15 @@ { "@timestamp": "2023-01-24T10:38:49.438Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195225760Z", + "ingested": "2024-06-17T12:52:40.928149452Z", "kind": "event", "original": "2023-01-24 10:38:49.438277+00:00 [info] <0.621.0> Setting up a table for channel tracking on this node: tracked_channel", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1395,13 +1511,15 @@ { "@timestamp": "2023-01-24T10:38:49.438Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195226843Z", + "ingested": "2024-06-17T12:52:40.928152192Z", "kind": "event", "original": "2023-01-24 10:38:49.438295+00:00 [info] <0.621.0> Setting up a table for channel tracking on this node: tracked_channel_per_user", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1419,13 +1537,15 @@ { "@timestamp": "2023-01-24T10:38:49.438Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195227926Z", + "ingested": "2024-06-17T12:52:40.928154872Z", "kind": "event", "original": "2023-01-24 10:38:49.438329+00:00 [info] <0.229.0> Running boot step networking_metadata_store defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1443,13 +1563,15 @@ { "@timestamp": "2023-01-24T10:38:49.438Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195228968Z", + "ingested": "2024-06-17T12:52:40.928157607Z", "kind": "event", "original": "2023-01-24 10:38:49.438388+00:00 [info] <0.229.0> Running boot step database_sync defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1467,13 +1589,15 @@ { "@timestamp": "2023-01-24T10:38:49.438Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195230051Z", + "ingested": "2024-06-17T12:52:40.928160302Z", "kind": "event", "original": "2023-01-24 10:38:49.438478+00:00 [info] <0.229.0> Running boot step feature_flags defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1491,13 +1615,15 @@ { "@timestamp": "2023-01-24T10:38:49.438Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195231176Z", + "ingested": "2024-06-17T12:52:40.928163067Z", "kind": "event", "original": "2023-01-24 10:38:49.438605+00:00 [info] <0.229.0> Running boot step codec_correctness_check defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1515,13 +1641,15 @@ { "@timestamp": "2023-01-24T10:38:49.438Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195232468Z", + "ingested": "2024-06-17T12:52:40.928174586Z", "kind": "event", "original": "2023-01-24 10:38:49.438629+00:00 [info] <0.229.0> Running boot step external_infrastructure defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1539,13 +1667,15 @@ { "@timestamp": "2023-01-24T10:38:49.438Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195233593Z", + "ingested": "2024-06-17T12:52:40.928177392Z", "kind": "event", "original": "2023-01-24 10:38:49.438647+00:00 [info] <0.229.0> Running boot step rabbit_event defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1563,13 +1693,15 @@ { "@timestamp": "2023-01-24T10:38:49.438Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195234676Z", + "ingested": "2024-06-17T12:52:40.928180156Z", "kind": "event", "original": "2023-01-24 10:38:49.438692+00:00 [info] <0.229.0> Running boot step rabbit_registry defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1587,13 +1719,15 @@ { "@timestamp": "2023-01-24T10:38:49.438Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195235760Z", + "ingested": "2024-06-17T12:52:40.928182933Z", "kind": "event", "original": "2023-01-24 10:38:49.438720+00:00 [info] <0.229.0> Running boot step rabbit_auth_mechanism_amqplain defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1611,13 +1745,15 @@ { "@timestamp": "2023-01-24T10:38:49.438Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195236843Z", + "ingested": "2024-06-17T12:52:40.928185711Z", "kind": "event", "original": "2023-01-24 10:38:49.438745+00:00 [info] <0.229.0> Running boot step rabbit_auth_mechanism_cr_demo defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1635,13 +1771,15 @@ { "@timestamp": "2023-01-24T10:38:49.438Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195237926Z", + "ingested": "2024-06-17T12:52:40.928192103Z", "kind": "event", "original": "2023-01-24 10:38:49.438772+00:00 [info] <0.229.0> Running boot step rabbit_auth_mechanism_plain defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1659,13 +1797,15 @@ { "@timestamp": "2023-01-24T10:38:49.438Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195238968Z", + "ingested": "2024-06-17T12:52:40.928195111Z", "kind": "event", "original": "2023-01-24 10:38:49.438862+00:00 [info] <0.229.0> Running boot step rabbit_exchange_type_direct defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1683,13 +1823,15 @@ { "@timestamp": "2023-01-24T10:38:49.438Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195240051Z", + "ingested": "2024-06-17T12:52:40.928197876Z", "kind": "event", "original": "2023-01-24 10:38:49.438903+00:00 [info] <0.229.0> Running boot step rabbit_exchange_type_fanout defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1707,13 +1849,15 @@ { "@timestamp": "2023-01-24T10:38:49.438Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195241135Z", + "ingested": "2024-06-17T12:52:40.928200649Z", "kind": "event", "original": "2023-01-24 10:38:49.438931+00:00 [info] <0.229.0> Running boot step rabbit_exchange_type_headers defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1731,13 +1875,15 @@ { "@timestamp": "2023-01-24T10:38:49.438Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195242218Z", + "ingested": "2024-06-17T12:52:40.928203457Z", "kind": "event", "original": "2023-01-24 10:38:49.438951+00:00 [info] <0.229.0> Running boot step rabbit_exchange_type_topic defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1755,13 +1901,15 @@ { "@timestamp": "2023-01-24T10:38:49.438Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195243301Z", + "ingested": "2024-06-17T12:52:40.928206239Z", "kind": "event", "original": "2023-01-24 10:38:49.438968+00:00 [info] <0.229.0> Running boot step rabbit_mirror_queue_mode_all defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1779,13 +1927,15 @@ { "@timestamp": "2023-01-24T10:38:49.438Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195244426Z", + "ingested": "2024-06-17T12:52:40.928209399Z", "kind": "event", "original": "2023-01-24 10:38:49.438988+00:00 [info] <0.229.0> Running boot step rabbit_mirror_queue_mode_exactly defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1803,13 +1953,15 @@ { "@timestamp": "2023-01-24T10:38:49.439Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195245510Z", + "ingested": "2024-06-17T12:52:40.928212167Z", "kind": "event", "original": "2023-01-24 10:38:49.439063+00:00 [info] <0.229.0> Running boot step rabbit_mirror_queue_mode_nodes defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1827,13 +1979,15 @@ { "@timestamp": "2023-01-24T10:38:49.439Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195246635Z", + "ingested": "2024-06-17T12:52:40.928214951Z", "kind": "event", "original": "2023-01-24 10:38:49.439206+00:00 [info] <0.229.0> Running boot step rabbit_priority_queue defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1851,13 +2005,15 @@ { "@timestamp": "2023-01-24T10:38:49.439Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195247718Z", + "ingested": "2024-06-17T12:52:40.928217727Z", "kind": "event", "original": "2023-01-24 10:38:49.439229+00:00 [info] <0.229.0> Priority queues enabled, real BQ is rabbit_variable_queue", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1875,13 +2031,15 @@ { "@timestamp": "2023-01-24T10:38:49.439Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195248801Z", + "ingested": "2024-06-17T12:52:40.928220523Z", "kind": "event", "original": "2023-01-24 10:38:49.439270+00:00 [info] <0.229.0> Running boot step rabbit_queue_location_client_local defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1899,13 +2057,15 @@ { "@timestamp": "2023-01-24T10:38:49.439Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195249926Z", + "ingested": "2024-06-17T12:52:40.928223477Z", "kind": "event", "original": "2023-01-24 10:38:49.439317+00:00 [info] <0.229.0> Running boot step rabbit_queue_location_min_masters defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1923,13 +2083,15 @@ { "@timestamp": "2023-01-24T10:38:49.439Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195251010Z", + "ingested": "2024-06-17T12:52:40.928226260Z", "kind": "event", "original": "2023-01-24 10:38:49.439371+00:00 [info] <0.229.0> Running boot step rabbit_queue_location_random defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1947,13 +2109,15 @@ { "@timestamp": "2023-01-24T10:38:49.439Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195252093Z", + "ingested": "2024-06-17T12:52:40.928229031Z", "kind": "event", "original": "2023-01-24 10:38:49.439396+00:00 [info] <0.229.0> Running boot step kernel_ready defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1971,13 +2135,15 @@ { "@timestamp": "2023-01-24T10:38:49.439Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195254176Z", + "ingested": "2024-06-17T12:52:40.928231800Z", "kind": "event", "original": "2023-01-24 10:38:49.439409+00:00 [info] <0.229.0> Running boot step rabbit_sysmon_minder defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -1995,13 +2161,15 @@ { "@timestamp": "2023-01-24T10:38:49.439Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195255301Z", + "ingested": "2024-06-17T12:52:40.928234598Z", "kind": "event", "original": "2023-01-24 10:38:49.439472+00:00 [info] <0.229.0> Running boot step rabbit_epmd_monitor defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2019,13 +2187,15 @@ { "@timestamp": "2023-01-24T10:38:49.440Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195256385Z", + "ingested": "2024-06-17T12:52:40.928237408Z", "kind": "event", "original": "2023-01-24 10:38:49.440338+00:00 [info] <0.630.0> epmd monitor knows us, inter-node communication (distribution) port: 25672", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2043,13 +2213,15 @@ { "@timestamp": "2023-01-24T10:38:49.440Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195257468Z", + "ingested": "2024-06-17T12:52:40.928240177Z", "kind": "event", "original": "2023-01-24 10:38:49.440435+00:00 [info] <0.229.0> Running boot step guid_generator defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2067,13 +2239,15 @@ { "@timestamp": "2023-01-24T10:38:49.442Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195258551Z", + "ingested": "2024-06-17T12:52:40.928242940Z", "kind": "event", "original": "2023-01-24 10:38:49.442470+00:00 [info] <0.229.0> Running boot step rabbit_node_monitor defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2091,13 +2265,15 @@ { "@timestamp": "2023-01-24T10:38:49.442Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195259635Z", + "ingested": "2024-06-17T12:52:40.928245712Z", "kind": "event", "original": "2023-01-24 10:38:49.442662+00:00 [info] <0.634.0> Starting rabbit_node_monitor", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2115,13 +2291,15 @@ { "@timestamp": "2023-01-24T10:38:49.442Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195260676Z", + "ingested": "2024-06-17T12:52:40.928248497Z", "kind": "event", "original": "2023-01-24 10:38:49.442771+00:00 [info] <0.229.0> Running boot step delegate_sup defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2139,13 +2317,15 @@ { "@timestamp": "2023-01-24T10:38:49.443Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195261760Z", + "ingested": "2024-06-17T12:52:40.928251264Z", "kind": "event", "original": "2023-01-24 10:38:49.443132+00:00 [info] <0.229.0> Running boot step rabbit_memory_monitor defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2163,13 +2343,15 @@ { "@timestamp": "2023-01-24T10:38:49.443Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195262843Z", + "ingested": "2024-06-17T12:52:40.928254087Z", "kind": "event", "original": "2023-01-24 10:38:49.443294+00:00 [info] <0.229.0> Running boot step rabbit_fifo_dlx_sup defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2187,13 +2369,15 @@ { "@timestamp": "2023-01-24T10:38:49.443Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195263926Z", + "ingested": "2024-06-17T12:52:40.928256874Z", "kind": "event", "original": "2023-01-24 10:38:49.443391+00:00 [info] <0.229.0> Running boot step core_initialized defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2211,13 +2395,15 @@ { "@timestamp": "2023-01-24T10:38:49.443Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195265010Z", + "ingested": "2024-06-17T12:52:40.928259654Z", "kind": "event", "original": "2023-01-24 10:38:49.443408+00:00 [info] <0.229.0> Running boot step upgrade_queues defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2235,13 +2421,15 @@ { "@timestamp": "2023-01-24T10:38:49.449Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195266093Z", + "ingested": "2024-06-17T12:52:40.928262424Z", "kind": "event", "original": "2023-01-24 10:38:49.449150+00:00 [info] <0.229.0> message_store upgrades: 1 to apply", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2259,13 +2447,15 @@ { "@timestamp": "2023-01-24T10:38:49.449Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195267176Z", + "ingested": "2024-06-17T12:52:40.928265192Z", "kind": "event", "original": "2023-01-24 10:38:49.449264+00:00 [info] <0.229.0> message_store upgrades: Applying rabbit_variable_queue:move_messages_to_vhost_store", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2283,13 +2473,15 @@ { "@timestamp": "2023-01-24T10:38:49.449Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195268218Z", + "ingested": "2024-06-17T12:52:40.928267958Z", "kind": "event", "original": "2023-01-24 10:38:49.449357+00:00 [info] <0.229.0> message_store upgrades: No durable queues found. Skipping message store migration", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2307,13 +2499,15 @@ { "@timestamp": "2023-01-24T10:38:49.449Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195269301Z", + "ingested": "2024-06-17T12:52:40.928270720Z", "kind": "event", "original": "2023-01-24 10:38:49.449397+00:00 [info] <0.229.0> message_store upgrades: Removing the old message store data", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2331,13 +2525,15 @@ { "@timestamp": "2023-01-24T10:38:49.450Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195270385Z", + "ingested": "2024-06-17T12:52:40.928273512Z", "kind": "event", "original": "2023-01-24 10:38:49.450369+00:00 [info] <0.229.0> message_store upgrades: All upgrades applied successfully", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2355,13 +2551,15 @@ { "@timestamp": "2023-01-24T10:38:49.455Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195271468Z", + "ingested": "2024-06-17T12:52:40.928276290Z", "kind": "event", "original": "2023-01-24 10:38:49.455431+00:00 [info] <0.229.0> Running boot step channel_tracking defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2379,13 +2577,15 @@ { "@timestamp": "2023-01-24T10:38:49.455Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195272551Z", + "ingested": "2024-06-17T12:52:40.928279080Z", "kind": "event", "original": "2023-01-24 10:38:49.455483+00:00 [info] <0.229.0> Running boot step rabbit_channel_tracking_handler defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2403,13 +2603,15 @@ { "@timestamp": "2023-01-24T10:38:49.455Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195273635Z", + "ingested": "2024-06-17T12:52:40.928281864Z", "kind": "event", "original": "2023-01-24 10:38:49.455582+00:00 [info] <0.229.0> Running boot step connection_tracking defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2427,13 +2629,15 @@ { "@timestamp": "2023-01-24T10:38:49.455Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195274676Z", + "ingested": "2024-06-17T12:52:40.928284634Z", "kind": "event", "original": "2023-01-24 10:38:49.455613+00:00 [info] <0.229.0> Running boot step rabbit_connection_tracking_handler defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2451,13 +2655,15 @@ { "@timestamp": "2023-01-24T10:38:49.455Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195275760Z", + "ingested": "2024-06-17T12:52:40.928287398Z", "kind": "event", "original": "2023-01-24 10:38:49.455630+00:00 [info] <0.229.0> Running boot step rabbit_definitions_hashing defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2475,13 +2681,15 @@ { "@timestamp": "2023-01-24T10:38:49.455Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195276843Z", + "ingested": "2024-06-17T12:52:40.928290178Z", "kind": "event", "original": "2023-01-24 10:38:49.455879+00:00 [info] <0.229.0> Running boot step rabbit_exchange_parameters defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2499,13 +2707,15 @@ { "@timestamp": "2023-01-24T10:38:49.456Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195277926Z", + "ingested": "2024-06-17T12:52:40.928293019Z", "kind": "event", "original": "2023-01-24 10:38:49.456053+00:00 [info] <0.229.0> Running boot step rabbit_mirror_queue_misc defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2523,13 +2733,15 @@ { "@timestamp": "2023-01-24T10:38:49.456Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195279010Z", + "ingested": "2024-06-17T12:52:40.928295809Z", "kind": "event", "original": "2023-01-24 10:38:49.456174+00:00 [info] <0.229.0> Running boot step rabbit_policies defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2547,13 +2759,15 @@ { "@timestamp": "2023-01-24T10:38:49.456Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195280093Z", + "ingested": "2024-06-17T12:52:40.928298581Z", "kind": "event", "original": "2023-01-24 10:38:49.456355+00:00 [info] <0.229.0> Running boot step rabbit_policy defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2571,13 +2785,15 @@ { "@timestamp": "2023-01-24T10:38:49.456Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195281176Z", + "ingested": "2024-06-17T12:52:40.928301359Z", "kind": "event", "original": "2023-01-24 10:38:49.456400+00:00 [info] <0.229.0> Running boot step rabbit_queue_location_validator defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2595,13 +2811,15 @@ { "@timestamp": "2023-01-24T10:38:49.456Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195282260Z", + "ingested": "2024-06-17T12:52:40.928304148Z", "kind": "event", "original": "2023-01-24 10:38:49.456427+00:00 [info] <0.229.0> Running boot step rabbit_quorum_memory_manager defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2619,13 +2837,15 @@ { "@timestamp": "2023-01-24T10:38:49.456Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195283343Z", + "ingested": "2024-06-17T12:52:40.928306941Z", "kind": "event", "original": "2023-01-24 10:38:49.456451+00:00 [info] <0.229.0> Running boot step rabbit_stream_coordinator defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2643,13 +2863,15 @@ { "@timestamp": "2023-01-24T10:38:49.456Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195284510Z", + "ingested": "2024-06-17T12:52:40.928310085Z", "kind": "event", "original": "2023-01-24 10:38:49.456914+00:00 [info] <0.229.0> Running boot step rabbit_vhost_limit defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2667,13 +2889,15 @@ { "@timestamp": "2023-01-24T10:38:49.457Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195285593Z", + "ingested": "2024-06-17T12:52:40.928312841Z", "kind": "event", "original": "2023-01-24 10:38:49.457013+00:00 [info] <0.229.0> Running boot step rabbit_mgmt_reset_handler defined by app rabbitmq_management", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2691,13 +2915,15 @@ { "@timestamp": "2023-01-24T10:38:49.457Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195286635Z", + "ingested": "2024-06-17T12:52:40.928315619Z", "kind": "event", "original": "2023-01-24 10:38:49.457042+00:00 [info] <0.229.0> Running boot step rabbit_mgmt_db_handler defined by app rabbitmq_management_agent", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2715,13 +2941,15 @@ { "@timestamp": "2023-01-24T10:38:49.457Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195287718Z", + "ingested": "2024-06-17T12:52:40.928318393Z", "kind": "event", "original": "2023-01-24 10:38:49.457064+00:00 [info] <0.229.0> Management plugin: using rates mode 'basic'", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2739,13 +2967,15 @@ { "@timestamp": "2023-01-24T10:38:49.457Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195288801Z", + "ingested": "2024-06-17T12:52:40.928321165Z", "kind": "event", "original": "2023-01-24 10:38:49.457315+00:00 [info] <0.229.0> Running boot step recovery defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2763,13 +2993,15 @@ { "@timestamp": "2023-01-24T10:38:49.459Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195290260Z", + "ingested": "2024-06-17T12:52:40.928323953Z", "kind": "event", "original": "2023-01-24 10:38:49.459760+00:00 [info] <0.229.0> Running boot step empty_db_check defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2787,13 +3019,15 @@ { "@timestamp": "2023-01-24T10:38:49.459Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195291343Z", + "ingested": "2024-06-17T12:52:40.928326709Z", "kind": "event", "original": "2023-01-24 10:38:49.459815+00:00 [info] <0.229.0> Will seed default virtual host and user...", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2811,13 +3045,15 @@ { "@timestamp": "2023-01-24T10:38:49.459Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195292426Z", + "ingested": "2024-06-17T12:52:40.928329489Z", "kind": "event", "original": "2023-01-24 10:38:49.459877+00:00 [info] <0.229.0> Adding vhost '/' (description: 'Default virtual host', tags: [])", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2835,13 +3071,15 @@ { "@timestamp": "2023-01-24T10:38:49.462Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195293510Z", + "ingested": "2024-06-17T12:52:40.928333371Z", "kind": "event", "original": "2023-01-24 10:38:49.462284+00:00 [info] <0.229.0> Applying default limits to vhost '<<\"/\">>': []", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2859,13 +3097,15 @@ { "@timestamp": "2023-01-24T10:38:49.475Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195294593Z", + "ingested": "2024-06-17T12:52:40.928336219Z", "kind": "event", "original": "2023-01-24 10:38:49.475207+00:00 [info] <0.676.0> Making sure data directory '/var/lib/rabbitmq/mnesia/rabbit@af6809c8510d/msg_stores/vhosts/628WB79CIFDYO9LJI6DKMI09L' for vhost '/' exists", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2883,13 +3123,15 @@ { "@timestamp": "2023-01-24T10:38:49.477Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195295676Z", + "ingested": "2024-06-17T12:52:40.928338985Z", "kind": "event", "original": "2023-01-24 10:38:49.477540+00:00 [info] <0.676.0> Setting segment_entry_count for vhost '/' with 0 queues to '2048'", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2907,13 +3149,15 @@ { "@timestamp": "2023-01-24T10:38:49.480Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195296760Z", + "ingested": "2024-06-17T12:52:40.928341760Z", "kind": "event", "original": "2023-01-24 10:38:49.480811+00:00 [info] <0.676.0> Starting message stores for vhost '/'", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2931,13 +3175,15 @@ { "@timestamp": "2023-01-24T10:38:49.481Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195297843Z", + "ingested": "2024-06-17T12:52:40.928344513Z", "kind": "event", "original": "2023-01-24 10:38:49.481068+00:00 [info] <0.681.0> Message store \"628WB79CIFDYO9LJI6DKMI09L/msg_store_transient\": using rabbit_msg_store_ets_index to provide index", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2955,13 +3201,15 @@ { "@timestamp": "2023-01-24T10:38:49.482Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195299135Z", + "ingested": "2024-06-17T12:52:40.928347269Z", "kind": "event", "original": "2023-01-24 10:38:49.482916+00:00 [info] <0.676.0> Started message store of type transient for vhost '/'", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -2979,13 +3227,15 @@ { "@timestamp": "2023-01-24T10:38:49.483Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195300260Z", + "ingested": "2024-06-17T12:52:40.928350050Z", "kind": "event", "original": "2023-01-24 10:38:49.483023+00:00 [info] <0.685.0> Message store \"628WB79CIFDYO9LJI6DKMI09L/msg_store_persistent\": using rabbit_msg_store_ets_index to provide index", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3003,13 +3253,15 @@ { "@timestamp": "2023-01-24T10:38:49.484Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195301343Z", + "ingested": "2024-06-17T12:52:40.928352840Z", "kind": "event", "original": "2023-01-24 10:38:49.484168+00:00 [warning] <0.685.0> Message store \"628WB79CIFDYO9LJI6DKMI09L/msg_store_persistent\": rebuilding indices from scratch", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "warning" @@ -3027,13 +3279,15 @@ { "@timestamp": "2023-01-24T10:38:49.485Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195302426Z", + "ingested": "2024-06-17T12:52:40.928355619Z", "kind": "event", "original": "2023-01-24 10:38:49.485324+00:00 [info] <0.676.0> Started message store of type persistent for vhost '/'", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3051,13 +3305,15 @@ { "@timestamp": "2023-01-24T10:38:49.485Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195324218Z", + "ingested": "2024-06-17T12:52:40.928358382Z", "kind": "event", "original": "2023-01-24 10:38:49.485389+00:00 [info] <0.676.0> Recovering 0 queues of type rabbit_classic_queue took 7ms", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3075,13 +3331,15 @@ { "@timestamp": "2023-01-24T10:38:49.485Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195325926Z", + "ingested": "2024-06-17T12:52:40.928361150Z", "kind": "event", "original": "2023-01-24 10:38:49.485419+00:00 [info] <0.676.0> Recovering 0 queues of type rabbit_quorum_queue took 0ms", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3099,13 +3357,15 @@ { "@timestamp": "2023-01-24T10:38:49.485Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195327051Z", + "ingested": "2024-06-17T12:52:40.928363914Z", "kind": "event", "original": "2023-01-24 10:38:49.485436+00:00 [info] <0.676.0> Recovering 0 queues of type rabbit_stream_queue took 0ms", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3123,13 +3383,15 @@ { "@timestamp": "2023-01-24T10:38:49.487Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195328135Z", + "ingested": "2024-06-17T12:52:40.928366706Z", "kind": "event", "original": "2023-01-24 10:38:49.487133+00:00 [info] <0.229.0> Created user 'guest'", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3147,13 +3409,15 @@ { "@timestamp": "2023-01-24T10:38:49.488Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195329218Z", + "ingested": "2024-06-17T12:52:40.928369526Z", "kind": "event", "original": "2023-01-24 10:38:49.488641+00:00 [info] <0.229.0> Successfully set user tags for user 'guest' to [administrator]", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3171,13 +3435,15 @@ { "@timestamp": "2023-01-24T10:38:49.490Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195330301Z", + "ingested": "2024-06-17T12:52:40.928372289Z", "kind": "event", "original": "2023-01-24 10:38:49.490051+00:00 [info] <0.229.0> Successfully set permissions for 'guest' in virtual host '/' to '.*', '.*', '.*'", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3195,13 +3461,15 @@ { "@timestamp": "2023-01-24T10:38:49.490Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195331468Z", + "ingested": "2024-06-17T12:52:40.928375076Z", "kind": "event", "original": "2023-01-24 10:38:49.490128+00:00 [info] <0.229.0> Running boot step rabbit_observer_cli defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3219,13 +3487,15 @@ { "@timestamp": "2023-01-24T10:38:49.490Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195332551Z", + "ingested": "2024-06-17T12:52:40.928377879Z", "kind": "event", "original": "2023-01-24 10:38:49.490236+00:00 [info] <0.229.0> Running boot step rabbit_looking_glass defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3243,13 +3513,15 @@ { "@timestamp": "2023-01-24T10:38:49.490Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195333635Z", + "ingested": "2024-06-17T12:52:40.928380646Z", "kind": "event", "original": "2023-01-24 10:38:49.490291+00:00 [info] <0.229.0> Running boot step rabbit_core_metrics_gc defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3267,13 +3539,15 @@ { "@timestamp": "2023-01-24T10:38:49.490Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195334718Z", + "ingested": "2024-06-17T12:52:40.928383456Z", "kind": "event", "original": "2023-01-24 10:38:49.490360+00:00 [info] <0.229.0> Running boot step background_gc defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3291,13 +3565,15 @@ { "@timestamp": "2023-01-24T10:38:49.490Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195369260Z", + "ingested": "2024-06-17T12:52:40.928386249Z", "kind": "event", "original": "2023-01-24 10:38:49.490413+00:00 [info] <0.229.0> Running boot step routing_ready defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3315,13 +3591,15 @@ { "@timestamp": "2023-01-24T10:38:49.490Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195374343Z", + "ingested": "2024-06-17T12:52:40.928388994Z", "kind": "event", "original": "2023-01-24 10:38:49.490435+00:00 [info] <0.229.0> Running boot step pre_flight defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3339,13 +3617,15 @@ { "@timestamp": "2023-01-24T10:38:49.490Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195375635Z", + "ingested": "2024-06-17T12:52:40.928391750Z", "kind": "event", "original": "2023-01-24 10:38:49.490446+00:00 [info] <0.229.0> Running boot step notify_cluster defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3363,13 +3643,15 @@ { "@timestamp": "2023-01-24T10:38:49.490Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195377010Z", + "ingested": "2024-06-17T12:52:40.928394542Z", "kind": "event", "original": "2023-01-24 10:38:49.490460+00:00 [info] <0.229.0> Running boot step networking defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3387,13 +3669,15 @@ { "@timestamp": "2023-01-24T10:38:49.490Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195378135Z", + "ingested": "2024-06-17T12:52:40.928397302Z", "kind": "event", "original": "2023-01-24 10:38:49.490477+00:00 [info] <0.229.0> Running boot step definition_import_worker_pool defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3411,13 +3695,15 @@ { "@timestamp": "2023-01-24T10:38:49.490Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195379218Z", + "ingested": "2024-06-17T12:52:40.928400066Z", "kind": "event", "original": "2023-01-24 10:38:49.490500+00:00 [info] <0.286.0> Starting worker pool 'definition_import_pool' with 5 processes in it", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3435,13 +3721,15 @@ { "@timestamp": "2023-01-24T10:38:49.490Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195380301Z", + "ingested": "2024-06-17T12:52:40.928402812Z", "kind": "event", "original": "2023-01-24 10:38:49.490717+00:00 [info] <0.229.0> Running boot step cluster_name defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3459,13 +3747,15 @@ { "@timestamp": "2023-01-24T10:38:49.490Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195381385Z", + "ingested": "2024-06-17T12:52:40.928405586Z", "kind": "event", "original": "2023-01-24 10:38:49.490758+00:00 [info] <0.229.0> Initialising internal cluster ID to 'rabbitmq-cluster-id-nZJPoEIR_-4jZYWewYYOZQ'", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3483,13 +3773,15 @@ { "@timestamp": "2023-01-24T10:38:49.492Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195382468Z", + "ingested": "2024-06-17T12:52:40.928408350Z", "kind": "event", "original": "2023-01-24 10:38:49.492308+00:00 [info] <0.229.0> Running boot step direct_client defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3507,13 +3799,15 @@ { "@timestamp": "2023-01-24T10:38:49.492Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195383551Z", + "ingested": "2024-06-17T12:52:40.928411234Z", "kind": "event", "original": "2023-01-24 10:38:49.492420+00:00 [info] <0.229.0> Running boot step rabbit_maintenance_mode_state defined by app rabbit", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3531,13 +3825,15 @@ { "@timestamp": "2023-01-24T10:38:49.492Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195384635Z", + "ingested": "2024-06-17T12:52:40.928414050Z", "kind": "event", "original": "2023-01-24 10:38:49.492454+00:00 [info] <0.229.0> Creating table rabbit_node_maintenance_states for maintenance mode status", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3555,13 +3851,15 @@ { "@timestamp": "2023-01-24T10:38:49.499Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195385760Z", + "ingested": "2024-06-17T12:52:40.928416836Z", "kind": "event", "original": "2023-01-24 10:38:49.499616+00:00 [info] <0.229.0> Running boot step rabbit_management_load_definitions defined by app rabbitmq_management", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3579,13 +3877,15 @@ { "@timestamp": "2023-01-24T10:38:49.499Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195386843Z", + "ingested": "2024-06-17T12:52:40.928419616Z", "kind": "event", "original": "2023-01-24 10:38:49.499816+00:00 [info] <0.723.0> Resetting node maintenance status", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3603,13 +3903,15 @@ { "@timestamp": "2023-01-24T10:38:49.519Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195388010Z", + "ingested": "2024-06-17T12:52:40.928422403Z", "kind": "event", "original": "2023-01-24 10:38:49.519074+00:00 [info] <0.782.0> Management plugin: HTTP (non-TLS) listener started on port 15672", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3627,13 +3929,15 @@ { "@timestamp": "2023-01-24T10:38:49.519Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195389093Z", + "ingested": "2024-06-17T12:52:40.928425195Z", "kind": "event", "original": "2023-01-24 10:38:49.519174+00:00 [info] <0.810.0> Statistics database started.", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3651,13 +3955,15 @@ { "@timestamp": "2023-01-24T10:38:49.519Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195390218Z", + "ingested": "2024-06-17T12:52:40.928427967Z", "kind": "event", "original": "2023-01-24 10:38:49.519212+00:00 [info] <0.809.0> Starting worker pool 'management_worker_pool' with 3 processes in it", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3675,13 +3981,15 @@ { "@timestamp": "2023-01-24T10:38:49.524Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195391301Z", + "ingested": "2024-06-17T12:52:40.928430737Z", "kind": "event", "original": "2023-01-24 10:38:49.524893+00:00 [info] <0.824.0> Prometheus metrics: HTTP (non-TLS) listener started on port 15692", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3699,13 +4007,15 @@ { "@timestamp": "2023-01-24T10:38:49.525Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195392760Z", + "ingested": "2024-06-17T12:52:40.928433503Z", "kind": "event", "original": "2023-01-24 10:38:49.525012+00:00 [info] <0.723.0> Ready to start client connection listeners", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3723,13 +4033,15 @@ { "@timestamp": "2023-01-24T10:38:49.525Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195393926Z", + "ingested": "2024-06-17T12:52:40.928436267Z", "kind": "event", "original": "2023-01-24 10:38:49.525875+00:00 [info] <0.868.0> started TCP listener on [::]:5672\n completed with 4 plugins.", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" @@ -3747,13 +4059,15 @@ { "@timestamp": "2023-01-24T10:38:49.664Z", "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "ingested": "2023-10-15T19:55:31.195395135Z", + "ingested": "2024-06-17T12:52:40.928439087Z", "kind": "event", "original": "2023-01-24 10:38:49.664998+00:00 [info] <0.723.0> Server startup complete; 4 plugins started.\n* rabbitmq_prometheus\n* rabbitmq_management\n* rabbitmq_web_dispatch\n* rabbitmq_management_agent", - "type": "info" + "type": [ + "info" + ] }, "log": { "level": "info" diff --git a/packages/rabbitmq/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/rabbitmq/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 0921a5423943..c66db51b7176 100644 --- a/packages/rabbitmq/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/rabbitmq/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -6,13 +6,13 @@ processors: value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '8.5.1' + value: '8.11.0' - set: field: event.kind value: event - set: field: event.type - value: info + value: ["info"] - rename: field: message target_field: event.original diff --git a/packages/rabbitmq/data_stream/log/fields/agent.yml b/packages/rabbitmq/data_stream/log/fields/agent.yml index da4e652c53b8..2bc58530bac7 100644 --- a/packages/rabbitmq/data_stream/log/fields/agent.yml +++ b/packages/rabbitmq/data_stream/log/fields/agent.yml @@ -5,180 +5,15 @@ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - name: image.id type: keyword description: Image ID for the cloud instance. -- name: container - title: Container - group: 2 - description: 'Container fields are used for meta information about the specific container that is the source of information. - - These fields help correlate data based containers from any runtime.' - type: group - fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 - description: 'A host is defined as a general computing instance. - - ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' + description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: 'Name of the domain of which the host is a member. - - For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - - name: id - level: core - type: keyword - ignore_above: 1024 - description: 'Unique host id. - - As hostname is not always unique, use values that are meaningful in your environment. - - Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: 'Type of host. - - For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.' - name: containerized type: boolean description: > diff --git a/packages/rabbitmq/data_stream/log/fields/ecs.yml b/packages/rabbitmq/data_stream/log/fields/ecs.yml deleted file mode 100644 index a7e8a561a6f5..000000000000 --- a/packages/rabbitmq/data_stream/log/fields/ecs.yml +++ /dev/null @@ -1,10 +0,0 @@ -- external: ecs - name: ecs.version -- external: ecs - name: error.message -- external: ecs - name: log.level -- external: ecs - name: message -- external: ecs - name: tags diff --git a/packages/rabbitmq/data_stream/node/fields/agent.yml b/packages/rabbitmq/data_stream/node/fields/agent.yml index 334356372dbc..482fe3e31713 100644 --- a/packages/rabbitmq/data_stream/node/fields/agent.yml +++ b/packages/rabbitmq/data_stream/node/fields/agent.yml @@ -10,9 +10,7 @@ type: keyword dimension: true ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' + description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' example: 666777888999 - name: availability_zone level: extended @@ -28,17 +26,6 @@ description: Instance ID of the host machine. example: i-1234567890abcdef0 dimension: true - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - name: provider level: extended type: keyword @@ -53,18 +40,13 @@ ignore_above: 1024 description: Region in which this host is running. example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - name: image.id type: keyword description: Image ID for the cloud instance. - name: container title: Container group: 2 - description: 'Container fields are used for meta information about the specific container that is the source of information. - - These fields help correlate data based containers from any runtime.' + description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id @@ -73,119 +55,18 @@ ignore_above: 1024 description: Unique container id. dimension: true - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 - description: 'A host is defined as a general computing instance. - - ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' + description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: 'Name of the domain of which the host is a member. - - For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - - name: id - level: core - type: keyword - ignore_above: 1024 - description: 'Unique host id. - - As hostname is not always unique, use values that are meaningful in your environment. - - Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - name: name level: core type: keyword ignore_above: 1024 dimension: true - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: 'Type of host. - - For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.' + description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: containerized type: boolean description: > diff --git a/packages/rabbitmq/data_stream/node/fields/ecs.yml b/packages/rabbitmq/data_stream/node/fields/ecs.yml index 87da1aa62d82..4b73f809437d 100644 --- a/packages/rabbitmq/data_stream/node/fields/ecs.yml +++ b/packages/rabbitmq/data_stream/node/fields/ecs.yml @@ -1,7 +1,3 @@ -- external: ecs - name: ecs.version - external: ecs name: service.address dimension: true -- external: ecs - name: service.type diff --git a/packages/rabbitmq/data_stream/queue/fields/agent.yml b/packages/rabbitmq/data_stream/queue/fields/agent.yml index 334356372dbc..482fe3e31713 100644 --- a/packages/rabbitmq/data_stream/queue/fields/agent.yml +++ b/packages/rabbitmq/data_stream/queue/fields/agent.yml @@ -10,9 +10,7 @@ type: keyword dimension: true ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' + description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' example: 666777888999 - name: availability_zone level: extended @@ -28,17 +26,6 @@ description: Instance ID of the host machine. example: i-1234567890abcdef0 dimension: true - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - name: provider level: extended type: keyword @@ -53,18 +40,13 @@ ignore_above: 1024 description: Region in which this host is running. example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - name: image.id type: keyword description: Image ID for the cloud instance. - name: container title: Container group: 2 - description: 'Container fields are used for meta information about the specific container that is the source of information. - - These fields help correlate data based containers from any runtime.' + description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id @@ -73,119 +55,18 @@ ignore_above: 1024 description: Unique container id. dimension: true - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 - description: 'A host is defined as a general computing instance. - - ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' + description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: 'Name of the domain of which the host is a member. - - For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - - name: id - level: core - type: keyword - ignore_above: 1024 - description: 'Unique host id. - - As hostname is not always unique, use values that are meaningful in your environment. - - Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - name: name level: core type: keyword ignore_above: 1024 dimension: true - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: 'Type of host. - - For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.' + description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: containerized type: boolean description: > diff --git a/packages/rabbitmq/data_stream/queue/fields/ecs.yml b/packages/rabbitmq/data_stream/queue/fields/ecs.yml index 87da1aa62d82..4b73f809437d 100644 --- a/packages/rabbitmq/data_stream/queue/fields/ecs.yml +++ b/packages/rabbitmq/data_stream/queue/fields/ecs.yml @@ -1,7 +1,3 @@ -- external: ecs - name: ecs.version - external: ecs name: service.address dimension: true -- external: ecs - name: service.type diff --git a/packages/rabbitmq/data_stream/queue/sample_event.json b/packages/rabbitmq/data_stream/queue/sample_event.json index 2afe7824f75e..460b80e8c7c0 100644 --- a/packages/rabbitmq/data_stream/queue/sample_event.json +++ b/packages/rabbitmq/data_stream/queue/sample_event.json @@ -1,13 +1,31 @@ { "@timestamp": "2020-06-25T10:15:10.955Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "dataset": "rabbitmq.queue", + "duration": 5860529, + "module": "rabbitmq" + }, + "metricset": { + "name": "queue", + "period": 10000 + }, "rabbitmq": { "queue": { + "arguments": {}, "auto_delete": false, - "state": "running", + "consumers": { + "count": 0, + "utilisation": {} + }, "disk": { "reads": {}, "writes": {} }, + "durable": true, + "exclusive": false, "memory": { "bytes": 14000 }, @@ -15,17 +33,17 @@ "persistent": { "count": 0 }, - "total": { + "ready": { + "count": 0, "details": { "rate": 0 - }, - "count": 0 + } }, - "ready": { + "total": { + "count": 0, "details": { "rate": 0 - }, - "count": 0 + } }, "unacknowledged": { "count": 0, @@ -34,31 +52,13 @@ } } }, - "durable": true, - "arguments": {}, - "consumers": { - "utilisation": {}, - "count": 0 - }, "name": "NameofQueue1", - "exclusive": false + "state": "running" }, "vhost": "/" }, - "event": { - "dataset": "rabbitmq.queue", - "module": "rabbitmq", - "duration": 5860529 - }, - "metricset": { - "name": "queue", - "period": 10000 - }, "service": { - "type": "rabbitmq", - "address": "localhost:15672" - }, - "ecs": { - "version": "8.5.1" + "address": "localhost:15672", + "type": "rabbitmq" } -} \ No newline at end of file +} diff --git a/packages/rabbitmq/docs/README.md b/packages/rabbitmq/docs/README.md index 58a17d3999ac..91b19d27ed21 100644 --- a/packages/rabbitmq/docs/README.md +++ b/packages/rabbitmq/docs/README.md @@ -21,52 +21,25 @@ The application logs dataset parses single file format introduced in 3.7.0. Application logs collects standard RabbitMQ logs. It will only support RabbitMQ default i.e RFC 3339 timestamp format. +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | |---|---|---| | @timestamp | Event timestamp. | date | -| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | -| cloud.availability_zone | Availability zone in which this host is running. | keyword | | cloud.image.id | Image ID for the cloud instance. | keyword | -| cloud.instance.id | Instance ID of the host machine. | keyword | -| cloud.instance.name | Instance name of the host machine. | keyword | -| cloud.machine.type | Machine type of the host machine. | keyword | -| cloud.project.id | Name of the project in Google Cloud. | keyword | -| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | -| cloud.region | Region in which this host is running. | keyword | -| container.id | Unique container id. | keyword | -| container.image.name | Name of the image the container was built on. | keyword | -| container.labels | Image labels. | object | -| container.name | Container name. | keyword | | data_stream.dataset | Data stream dataset. | constant_keyword | | data_stream.namespace | Data stream namespace. | constant_keyword | | data_stream.type | Data stream type. | constant_keyword | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | -| error.message | Error message. | match_only_text | | event.dataset | Event dataset | constant_keyword | | event.module | Event module | constant_keyword | -| host.architecture | Operating system architecture. | keyword | | host.containerized | If the host is a container. | boolean | -| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | -| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | -| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | -| host.ip | Host ip addresses. | ip | -| host.mac | Host mac addresses. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | host.os.build | OS build information. | keyword | | host.os.codename | OS codename, if any. | keyword | -| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | -| host.os.kernel | Operating system kernel version as a raw string. | keyword | -| host.os.name | Operating system name, without the version. | keyword | -| host.os.name.text | Multi-field of `host.os.name`. | text | -| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | -| host.os.version | Operating system version as a raw string. | keyword | -| host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | -| log.level | Original log level of the log event. If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). Some examples are `warn`, `err`, `i`, `informational`. | keyword | -| message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | rabbitmq.log.pid | The Erlang process id | keyword | -| tags | List of keywords used to tag each event. | keyword | ## Metrics @@ -78,8 +51,19 @@ An example event for `connection` looks as following: ```json { "@timestamp": "2020-06-25T10:16:10.138Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "dataset": "rabbitmq.connection", + "duration": 374411, + "module": "rabbitmq" + }, + "metricset": { + "name": "connection", + "period": 10000 + }, "rabbitmq": { - "vhost": "/", "connection": { "channel_max": 65535, "channels": 2, @@ -88,7 +72,7 @@ An example event for `connection` looks as following: }, "frame_max": 131072, "host": "::1", - "name": "[::1]:31153 -\u003e [::1]:5672", + "name": "[::1]:31153 -> [::1]:5672", "octet_count": { "received": 5834, "sent": 5834 @@ -105,69 +89,43 @@ An example event for `connection` looks as following: "port": 5672, "state": "running", "type": "network" - } - }, - "event": { - "duration": 374411, - "dataset": "rabbitmq.connection", - "module": "rabbitmq" - }, - "metricset": { - "name": "connection", - "period": 10000 + }, + "vhost": "/" }, "service": { "address": "localhost:15672", "type": "rabbitmq" - }, - "ecs": { - "version": "8.5.1" } } + ``` +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | Metric Type | |---|---|---|---| | @timestamp | Event timestamp. | date | | | agent.id | | keyword | | -| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | +| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | | cloud.availability_zone | Availability zone in which this host is running. | keyword | | | cloud.image.id | Image ID for the cloud instance. | keyword | | | cloud.instance.id | Instance ID of the host machine. | keyword | | -| cloud.instance.name | Instance name of the host machine. | keyword | | -| cloud.machine.type | Machine type of the host machine. | keyword | | -| cloud.project.id | Name of the project in Google Cloud. | keyword | | | cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | | | cloud.region | Region in which this host is running. | keyword | | | container.id | Unique container id. | keyword | | -| container.image.name | Name of the image the container was built on. | keyword | | -| container.labels | Image labels. | object | | -| container.name | Container name. | keyword | | | data_stream.dataset | Data stream dataset. | constant_keyword | | | data_stream.namespace | Data stream namespace. | constant_keyword | | | data_stream.type | Data stream type. | constant_keyword | | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | | event.dataset | Event dataset | constant_keyword | | | event.module | Event module | constant_keyword | | -| host.architecture | Operating system architecture. | keyword | | | host.containerized | If the host is a container. | boolean | | -| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | | -| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | -| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | -| host.ip | Host ip addresses. | ip | | -| host.mac | Host mac addresses. | keyword | | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | +| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | | host.os.build | OS build information. | keyword | | | host.os.codename | OS codename, if any. | keyword | | -| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | | -| host.os.kernel | Operating system kernel version as a raw string. | keyword | | -| host.os.name | Operating system name, without the version. | keyword | | -| host.os.name.text | Multi-field of `host.os.name`. | text | | -| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | -| host.os.version | Operating system version as a raw string. | keyword | | -| host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | | | rabbitmq.connection.channel_max | The maximum number of channels allowed on the connection. | long | counter | | rabbitmq.connection.channels | The number of channels on the connection. | long | gauge | | rabbitmq.connection.client_provided.name | User specified connection name. | keyword | | @@ -186,10 +144,6 @@ An example event for `connection` looks as following: | rabbitmq.connection.type | Type of the connection. | keyword | | | rabbitmq.vhost | Virtual host name with non-ASCII characters escaped as in C. | keyword | | | service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | | -| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | -| user | The user fields describe information about the user that is relevant to the event. Fields can have one entry or multiple entries. If a user has more than one id, provide an array that includes all of them. | group | | -| user.name | Short name or login of the user. | keyword | | -| user.name.text | Multi-field of `user.name`. | match_only_text | | ### Exchange Metrics @@ -199,80 +153,65 @@ An example event for `exchange` looks as following: ```json { "@timestamp": "2020-06-25T10:04:20.944Z", - "rabbitmq": { - "vhost": "/", - "exchange": { - "arguments": {}, - "durable": true, - "auto_delete": false, - "name": "", - "internal": false - } + "ecs": { + "version": "8.11.0" }, "event": { - "duration": 4078507, "dataset": "rabbitmq.exchange", + "duration": 4078507, "module": "rabbitmq" }, "metricset": { "name": "exchange", "period": 10000 }, - "user": { - "name": "rmq-internal" + "rabbitmq": { + "exchange": { + "arguments": {}, + "auto_delete": false, + "durable": true, + "internal": false, + "name": "" + }, + "vhost": "/" }, "service": { "address": "localhost:15672", "type": "rabbitmq" }, - "ecs": { - "version": "8.5.1" + "user": { + "name": "rmq-internal" } } + ``` +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | Metric Type | |---|---|---|---| | @timestamp | Event timestamp. | date | | | agent.id | | keyword | | -| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | +| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | | cloud.availability_zone | Availability zone in which this host is running. | keyword | | | cloud.image.id | Image ID for the cloud instance. | keyword | | | cloud.instance.id | Instance ID of the host machine. | keyword | | -| cloud.instance.name | Instance name of the host machine. | keyword | | -| cloud.machine.type | Machine type of the host machine. | keyword | | -| cloud.project.id | Name of the project in Google Cloud. | keyword | | | cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | | | cloud.region | Region in which this host is running. | keyword | | | container.id | Unique container id. | keyword | | -| container.image.name | Name of the image the container was built on. | keyword | | -| container.labels | Image labels. | object | | -| container.name | Container name. | keyword | | | data_stream.dataset | Data stream dataset. | constant_keyword | | | data_stream.namespace | Data stream namespace. | constant_keyword | | | data_stream.type | Data stream type. | constant_keyword | | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | | event.dataset | Event dataset | constant_keyword | | | event.module | Event module | constant_keyword | | -| host.architecture | Operating system architecture. | keyword | | | host.containerized | If the host is a container. | boolean | | -| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | | -| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | -| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | -| host.ip | Host ip addresses. | ip | | -| host.mac | Host mac addresses. | keyword | | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | +| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | | host.os.build | OS build information. | keyword | | | host.os.codename | OS codename, if any. | keyword | | -| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | | -| host.os.kernel | Operating system kernel version as a raw string. | keyword | | -| host.os.name | Operating system name, without the version. | keyword | | -| host.os.name.text | Multi-field of `host.os.name`. | text | | -| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | -| host.os.version | Operating system version as a raw string. | keyword | | -| host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | | | rabbitmq.exchange.auto_delete | Whether the queue will be deleted automatically when no longer used. | boolean | | | rabbitmq.exchange.durable | Whether or not the queue survives server restarts. | boolean | | | rabbitmq.exchange.internal | Whether the exchange is internal, i.e. cannot be directly published to by a client. | boolean | | @@ -283,10 +222,6 @@ An example event for `exchange` looks as following: | rabbitmq.exchange.name | The name of the queue with non-ASCII characters escaped as in C. | keyword | | | rabbitmq.vhost | Virtual host name with non-ASCII characters escaped as in C. | keyword | | | service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | | -| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | -| user | The user fields describe information about the user that is relevant to the event. Fields can have one entry or multiple entries. If a user has more than one id, provide an array that includes all of them. | group | | -| user.name | Short name or login of the user. | keyword | | -| user.name.text | Multi-field of `user.name`. | match_only_text | | ### Node Metrics @@ -434,48 +369,32 @@ An example event for `node` looks as following: } ``` +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | Metric Type | |---|---|---|---| | @timestamp | Event timestamp. | date | | | agent.id | | keyword | | -| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | +| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | | cloud.availability_zone | Availability zone in which this host is running. | keyword | | | cloud.image.id | Image ID for the cloud instance. | keyword | | | cloud.instance.id | Instance ID of the host machine. | keyword | | -| cloud.instance.name | Instance name of the host machine. | keyword | | -| cloud.machine.type | Machine type of the host machine. | keyword | | -| cloud.project.id | Name of the project in Google Cloud. | keyword | | | cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | | | cloud.region | Region in which this host is running. | keyword | | | container.id | Unique container id. | keyword | | -| container.image.name | Name of the image the container was built on. | keyword | | -| container.labels | Image labels. | object | | -| container.name | Container name. | keyword | | | data_stream.dataset | Data stream dataset. | constant_keyword | | | data_stream.namespace | Data stream namespace. | constant_keyword | | | data_stream.type | Data stream type. | constant_keyword | | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | | event.dataset | Event dataset | constant_keyword | | | event.module | Event module | constant_keyword | | -| host.architecture | Operating system architecture. | keyword | | | host.containerized | If the host is a container. | boolean | | -| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | | -| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | -| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | -| host.ip | Host ip addresses. | ip | | -| host.mac | Host mac addresses. | keyword | | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | +| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | | host.os.build | OS build information. | keyword | | | host.os.codename | OS codename, if any. | keyword | | -| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | | -| host.os.kernel | Operating system kernel version as a raw string. | keyword | | -| host.os.name | Operating system name, without the version. | keyword | | -| host.os.name.text | Multi-field of `host.os.name`. | text | | -| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | -| host.os.version | Operating system version as a raw string. | keyword | | -| host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | | | rabbitmq.node.disk.free.bytes | Disk free space in bytes. | long | gauge | | rabbitmq.node.disk.free.limit.bytes | Point at which the disk alarm will go off. | long | gauge | | rabbitmq.node.fd.total | File descriptors available. | long | gauge | @@ -515,7 +434,6 @@ An example event for `node` looks as following: | rabbitmq.node.uptime | Node uptime. | long | gauge | | rabbitmq.vhost | Virtual host name with non-ASCII characters escaped as in C. | keyword | | | service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | | -| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | ### Queue Metrics @@ -525,14 +443,32 @@ An example event for `queue` looks as following: ```json { "@timestamp": "2020-06-25T10:15:10.955Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "dataset": "rabbitmq.queue", + "duration": 5860529, + "module": "rabbitmq" + }, + "metricset": { + "name": "queue", + "period": 10000 + }, "rabbitmq": { "queue": { + "arguments": {}, "auto_delete": false, - "state": "running", + "consumers": { + "count": 0, + "utilisation": {} + }, "disk": { "reads": {}, "writes": {} }, + "durable": true, + "exclusive": false, "memory": { "bytes": 14000 }, @@ -540,17 +476,17 @@ An example event for `queue` looks as following: "persistent": { "count": 0 }, - "total": { + "ready": { + "count": 0, "details": { "rate": 0 - }, - "count": 0 + } }, - "ready": { + "total": { + "count": 0, "details": { "rate": 0 - }, - "count": 0 + } }, "unacknowledged": { "count": 0, @@ -559,78 +495,45 @@ An example event for `queue` looks as following: } } }, - "durable": true, - "arguments": {}, - "consumers": { - "utilisation": {}, - "count": 0 - }, "name": "NameofQueue1", - "exclusive": false + "state": "running" }, "vhost": "/" }, - "event": { - "dataset": "rabbitmq.queue", - "module": "rabbitmq", - "duration": 5860529 - }, - "metricset": { - "name": "queue", - "period": 10000 - }, "service": { - "type": "rabbitmq", - "address": "localhost:15672" - }, - "ecs": { - "version": "8.5.1" + "address": "localhost:15672", + "type": "rabbitmq" } } + ``` +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | Metric Type | |---|---|---|---| | @timestamp | Event timestamp. | date | | | agent.id | | keyword | | -| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | +| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | | cloud.availability_zone | Availability zone in which this host is running. | keyword | | | cloud.image.id | Image ID for the cloud instance. | keyword | | | cloud.instance.id | Instance ID of the host machine. | keyword | | -| cloud.instance.name | Instance name of the host machine. | keyword | | -| cloud.machine.type | Machine type of the host machine. | keyword | | -| cloud.project.id | Name of the project in Google Cloud. | keyword | | | cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | | | cloud.region | Region in which this host is running. | keyword | | | container.id | Unique container id. | keyword | | -| container.image.name | Name of the image the container was built on. | keyword | | -| container.labels | Image labels. | object | | -| container.name | Container name. | keyword | | | data_stream.dataset | Data stream dataset. | constant_keyword | | | data_stream.namespace | Data stream namespace. | constant_keyword | | | data_stream.type | Data stream type. | constant_keyword | | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | | event.dataset | Event dataset | constant_keyword | | | event.module | Event module | constant_keyword | | -| host.architecture | Operating system architecture. | keyword | | | host.containerized | If the host is a container. | boolean | | -| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | | -| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | -| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | -| host.ip | Host ip addresses. | ip | | -| host.mac | Host mac addresses. | keyword | | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | +| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | | host.os.build | OS build information. | keyword | | | host.os.codename | OS codename, if any. | keyword | | -| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | | -| host.os.kernel | Operating system kernel version as a raw string. | keyword | | -| host.os.name | Operating system name, without the version. | keyword | | -| host.os.name.text | Multi-field of `host.os.name`. | text | | -| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | -| host.os.version | Operating system version as a raw string. | keyword | | -| host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | | | rabbitmq.queue.arguments.max_priority | Maximum number of priority levels for the queue to support. | long | gauge | | rabbitmq.queue.auto_delete | Whether the queue will be deleted automatically when no longer used. | boolean | | | rabbitmq.queue.consumers.count | Number of consumers. | long | gauge | @@ -651,4 +554,3 @@ An example event for `queue` looks as following: | rabbitmq.queue.state | The state of the queue. Normally 'running', but may be `"\{syncing, MsgCount\}"` if the queue is synchronising. Queues which are located on cluster nodes that are currently down will be shown with a status of 'down'. | keyword | | | rabbitmq.vhost | Virtual host name with non-ASCII characters escaped as in C. | keyword | | | service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | | -| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | diff --git a/packages/rabbitmq/manifest.yml b/packages/rabbitmq/manifest.yml index 31b63eca77ec..f0a4754b0963 100644 --- a/packages/rabbitmq/manifest.yml +++ b/packages/rabbitmq/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: rabbitmq title: RabbitMQ Logs and Metrics -version: "1.14.0" +version: "1.15.0" description: Collect and parse logs from RabbitMQ servers with Elastic Agent. type: integration categories: @@ -9,7 +9,7 @@ categories: - observability conditions: kibana: - version: "^8.12.0" + version: "^8.13.0" elastic: subscription: basic screenshots: diff --git a/packages/spring_boot/_dev/build/build.yml b/packages/spring_boot/_dev/build/build.yml index aaafc5d833b6..2bfcfc223b04 100644 --- a/packages/spring_boot/_dev/build/build.yml +++ b/packages/spring_boot/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.5.1 + reference: "git@v8.11.0" diff --git a/packages/spring_boot/_dev/build/docs/README.md b/packages/spring_boot/_dev/build/docs/README.md index 5e4e26df65ce..499636a2d1ef 100644 --- a/packages/spring_boot/_dev/build/docs/README.md +++ b/packages/spring_boot/_dev/build/docs/README.md @@ -80,6 +80,10 @@ This is the `audit_events` data stream. {{event "audit_events"}} +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "audit_events"}} ### HTTP Trace logs @@ -90,6 +94,10 @@ This is the `http_trace` data stream. {{event "http_trace"}} +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "http_trace"}} ## Metrics @@ -102,6 +110,10 @@ This is the `memory` data stream. {{event "memory"}} +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "memory"}} ### Threading Metrics @@ -112,6 +124,10 @@ This is the `threading` data stream. {{event "threading"}} +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "threading"}} ### GC Metrics @@ -122,4 +138,8 @@ This is the `gc` data stream. {{event "gc"}} +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "gc"}} diff --git a/packages/spring_boot/changelog.yml b/packages/spring_boot/changelog.yml index 8bad1240deec..4b5861cb14b3 100644 --- a/packages/spring_boot/changelog.yml +++ b/packages/spring_boot/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.0" + changes: + - description: ECS version updated to 8.11.0. Update the kibana constraint to ^8.13.0. Modified the field definitions to remove ECS fields made redundant by the ecs@mappings component template. + type: enhancement + link: https://github.com/elastic/integrations/pull/10171 - version: "1.5.0" changes: - description: Add global filter on data_stream.dataset to improve performance. diff --git a/packages/spring_boot/data_stream/audit_events/_dev/test/pipeline/test-auditevent-metrics.log-expected.json b/packages/spring_boot/data_stream/audit_events/_dev/test/pipeline/test-auditevent-metrics.log-expected.json index bc293d4df6ae..85957a13d285 100644 --- a/packages/spring_boot/data_stream/audit_events/_dev/test/pipeline/test-auditevent-metrics.log-expected.json +++ b/packages/spring_boot/data_stream/audit_events/_dev/test/pipeline/test-auditevent-metrics.log-expected.json @@ -2,10 +2,12 @@ "expected": [ { "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "category": "web", + "category": [ + "web" + ], "dataset": "spring_boot.audit_events", "kind": "event", "module": "spring_boot", diff --git a/packages/spring_boot/data_stream/audit_events/elasticsearch/ingest_pipeline/default.yml b/packages/spring_boot/data_stream/audit_events/elasticsearch/ingest_pipeline/default.yml index 31169afd173c..98a1ebda5f51 100644 --- a/packages/spring_boot/data_stream/audit_events/elasticsearch/ingest_pipeline/default.yml +++ b/packages/spring_boot/data_stream/audit_events/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Audit Events logs processors: - set: field: ecs.version - value: "8.5.1" + value: "8.11.0" - rename: field: message target_field: event.original @@ -33,7 +33,7 @@ processors: value: event - set: field: event.category - value: web + value: [web] - rename: field: json.principal target_field: spring_boot.audit_events.principal diff --git a/packages/spring_boot/data_stream/audit_events/fields/ecs.yml b/packages/spring_boot/data_stream/audit_events/fields/ecs.yml deleted file mode 100644 index 79f5820df09c..000000000000 --- a/packages/spring_boot/data_stream/audit_events/fields/ecs.yml +++ /dev/null @@ -1,14 +0,0 @@ -- external: ecs - name: event.dataset -- external: ecs - name: event.kind -- external: ecs - name: event.module -- external: ecs - name: event.type -- external: ecs - name: host.ip -- external: ecs - name: tags -- external: ecs - name: ecs.version diff --git a/packages/spring_boot/data_stream/audit_events/sample_event.json b/packages/spring_boot/data_stream/audit_events/sample_event.json index 7b11b2fbc021..4afcece9ad2b 100644 --- a/packages/spring_boot/data_stream/audit_events/sample_event.json +++ b/packages/spring_boot/data_stream/audit_events/sample_event.json @@ -1,11 +1,11 @@ { - "@timestamp": "2022-08-05T09:30:10.644Z", + "@timestamp": "2024-06-18T07:15:52.565Z", "agent": { - "ephemeral_id": "575ffec5-bd74-4689-8baa-8486735193f3", - "id": "3ab22ca1-4caf-465f-8789-2a45a81ed9b1", + "ephemeral_id": "5026de47-56bf-4ed7-996b-c574a7c0d140", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.1.0" + "version": "8.13.0" }, "data_stream": { "dataset": "spring_boot.audit_events", @@ -13,19 +13,21 @@ "type": "logs" }, "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "elastic_agent": { - "id": "3ab22ca1-4caf-465f-8789-2a45a81ed9b1", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.1.0" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", - "category": "web", - "created": "2022-08-05T09:30:10.644Z", + "category": [ + "web" + ], + "created": "2024-06-18T07:15:52.565Z", "dataset": "spring_boot.audit_events", - "ingested": "2022-08-05T09:30:14Z", + "ingested": "2024-06-18T07:16:04Z", "kind": "event", "module": "spring_boot", "type": [ @@ -36,17 +38,18 @@ "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", + "id": "8259e024976a406e8a54cdbffeb84fec", "ip": [ - "192.168.112.5" + "192.168.245.7" ], "mac": [ - "02:42:c0:a8:70:05" + "02-42-C0-A8-F5-07" ], "name": "docker-fleet-agent", "os": { "codename": "focal", "family": "debian", - "kernel": "3.10.0-1160.71.1.el7.x86_64", + "kernel": "3.10.0-1160.102.1.el7.x86_64", "name": "Ubuntu", "platform": "ubuntu", "type": "linux", diff --git a/packages/spring_boot/data_stream/gc/_dev/test/pipeline/test-gc-g1-concurrency-generation-metrics.json-expected.json b/packages/spring_boot/data_stream/gc/_dev/test/pipeline/test-gc-g1-concurrency-generation-metrics.json-expected.json index 4a6ce439f239..5ac5ee916427 100644 --- a/packages/spring_boot/data_stream/gc/_dev/test/pipeline/test-gc-g1-concurrency-generation-metrics.json-expected.json +++ b/packages/spring_boot/data_stream/gc/_dev/test/pipeline/test-gc-g1-concurrency-generation-metrics.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ diff --git a/packages/spring_boot/data_stream/gc/_dev/test/pipeline/test-gc-g1-young-generation-metrics.json-expected.json b/packages/spring_boot/data_stream/gc/_dev/test/pipeline/test-gc-g1-young-generation-metrics.json-expected.json index b1e54205114a..d48751ab17fe 100644 --- a/packages/spring_boot/data_stream/gc/_dev/test/pipeline/test-gc-g1-young-generation-metrics.json-expected.json +++ b/packages/spring_boot/data_stream/gc/_dev/test/pipeline/test-gc-g1-young-generation-metrics.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ diff --git a/packages/spring_boot/data_stream/gc/_dev/test/pipeline/test-gc-ps-marksweep-metrics.json-expected.json b/packages/spring_boot/data_stream/gc/_dev/test/pipeline/test-gc-ps-marksweep-metrics.json-expected.json index bfe0a6871707..ef8dd4e74072 100644 --- a/packages/spring_boot/data_stream/gc/_dev/test/pipeline/test-gc-ps-marksweep-metrics.json-expected.json +++ b/packages/spring_boot/data_stream/gc/_dev/test/pipeline/test-gc-ps-marksweep-metrics.json-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { "category": [ diff --git a/packages/spring_boot/data_stream/gc/elasticsearch/ingest_pipeline/default.yml b/packages/spring_boot/data_stream/gc/elasticsearch/ingest_pipeline/default.yml index 3100ff8637f0..2ce2ebd827d0 100644 --- a/packages/spring_boot/data_stream/gc/elasticsearch/ingest_pipeline/default.yml +++ b/packages/spring_boot/data_stream/gc/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Spring Boot Garbage Collector (GC) metrics. processors: - set: field: ecs.version - value: "8.5.1" + value: "8.11.0" - set: field: event.type value: [info] diff --git a/packages/spring_boot/data_stream/gc/fields/ecs.yml b/packages/spring_boot/data_stream/gc/fields/ecs.yml deleted file mode 100644 index 6e6770100a46..000000000000 --- a/packages/spring_boot/data_stream/gc/fields/ecs.yml +++ /dev/null @@ -1,26 +0,0 @@ -- external: ecs - name: ecs.version -- external: ecs - name: error.message -- external: ecs - name: event.category -- external: ecs - name: event.dataset -- external: ecs - name: event.duration -- external: ecs - name: event.ingested -- external: ecs - name: event.kind -- external: ecs - name: event.module -- external: ecs - name: event.type -- external: ecs - name: host.ip -- external: ecs - name: service.address -- external: ecs - name: service.type -- external: ecs - name: tags diff --git a/packages/spring_boot/data_stream/gc/sample_event.json b/packages/spring_boot/data_stream/gc/sample_event.json index 53b3975fb961..71c957ba6d5c 100644 --- a/packages/spring_boot/data_stream/gc/sample_event.json +++ b/packages/spring_boot/data_stream/gc/sample_event.json @@ -1,11 +1,11 @@ { - "@timestamp": "2023-09-28T13:07:07.602Z", + "@timestamp": "2024-06-18T07:16:52.674Z", "agent": { - "ephemeral_id": "dcb46246-ff32-4d0e-89ce-d72ce374bb33", - "id": "9a3f2233-d554-4847-9b74-1465e769563d", + "ephemeral_id": "bfe8ee26-f9e4-4990-8790-7fbc2a8c075e", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "8.5.1" + "version": "8.13.0" }, "data_stream": { "dataset": "spring_boot.gc", @@ -13,12 +13,12 @@ "type": "metrics" }, "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "elastic_agent": { - "id": "9a3f2233-d554-4847-9b74-1465e769563d", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.5.1" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", @@ -26,8 +26,8 @@ "web" ], "dataset": "spring_boot.gc", - "duration": 221408484, - "ingested": "2023-09-28T13:07:08Z", + "duration": 347472291, + "ingested": "2024-06-18T07:17:04Z", "kind": "metric", "module": "spring_boot", "type": [ @@ -38,22 +38,22 @@ "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", - "id": "75e38940166b4dbc90b6f5610e8e9c39", + "id": "8259e024976a406e8a54cdbffeb84fec", "ip": [ - "192.168.246.7" + "192.168.245.7" ], "mac": [ - "02-42-C0-A8-F6-07" + "02-42-C0-A8-F5-07" ], "name": "docker-fleet-agent", "os": { "codename": "focal", "family": "debian", - "kernel": "3.10.0-1160.90.1.el7.x86_64", + "kernel": "3.10.0-1160.102.1.el7.x86_64", "name": "Ubuntu", "platform": "ubuntu", "type": "linux", - "version": "20.04.5 LTS (Focal Fossa)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "metricset": { @@ -67,44 +67,44 @@ "spring_boot": { "gc": { "last_info": { - "id": 2, + "id": 6, "memory_usage": { "after": { "code_cache": { "committed": 14286848, "init": 2555904, "max": 251658240, - "used": 14209088 + "used": 14213056 }, "compressed_class_space": { "committed": 4980736, "init": 0, "max": 1073741824, - "used": 4436328 + "used": 4443120 }, "metaspace": { "committed": 36265984, "init": 0, "max": -1, - "used": 33758840 + "used": 33775552 }, "ps_eden_space": { - "committed": 435683328, + "committed": 457703424, "init": 65536000, - "max": 1354760192, + "max": 1354235904, "used": 0 }, "ps_old_gen": { - "committed": 118489088, + "committed": 90177536, "init": 173539328, "max": 2774007808, - "used": 14683728 + "used": 10597560 }, "ps_survivor_space": { "committed": 16777216, "init": 10485760, "max": 16777216, - "used": 0 + "used": 8605776 } }, "before": { @@ -112,48 +112,48 @@ "committed": 14286848, "init": 2555904, "max": 251658240, - "used": 14209088 + "used": 14213056 }, "compressed_class_space": { "committed": 4980736, "init": 0, "max": 1073741824, - "used": 4436328 + "used": 4443120 }, "metaspace": { "committed": 36265984, "init": 0, "max": -1, - "used": 33758840 + "used": 33775552 }, "ps_eden_space": { - "committed": 435683328, + "committed": 262144000, "init": 65536000, - "max": 1354760192, - "used": 0 + "max": 1359478784, + "used": 10469928 }, "ps_old_gen": { - "committed": 94896128, + "committed": 90177536, "init": 173539328, "max": 2774007808, - "used": 10795056 + "used": 10589368 }, "ps_survivor_space": { - "committed": 16777216, + "committed": 10485760, "init": 10485760, - "max": 16777216, - "used": 8519744 + "max": 10485760, + "used": 10453056 } } }, "thread_count": 10, "time": { - "duration": 40, - "end": 3588, - "start": 3548 + "duration": 8, + "end": 3406, + "start": 3398 } }, - "name": "PS MarkSweep" + "name": "PS Scavenge" } }, "tags": [ diff --git a/packages/spring_boot/data_stream/http_trace/_dev/test/pipeline/test-httptrace-metrics.log-expected.json b/packages/spring_boot/data_stream/http_trace/_dev/test/pipeline/test-httptrace-metrics.log-expected.json index 4bcf31174f3e..e57796af3617 100644 --- a/packages/spring_boot/data_stream/http_trace/_dev/test/pipeline/test-httptrace-metrics.log-expected.json +++ b/packages/spring_boot/data_stream/http_trace/_dev/test/pipeline/test-httptrace-metrics.log-expected.json @@ -2,10 +2,12 @@ "expected": [ { "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "event": { - "category": "web", + "category": [ + "web" + ], "dataset": "spring_boot.http_trace", "duration": 1, "kind": "event", diff --git a/packages/spring_boot/data_stream/http_trace/elasticsearch/ingest_pipeline/default.yml b/packages/spring_boot/data_stream/http_trace/elasticsearch/ingest_pipeline/default.yml index 492101e8a4ff..45acd444640a 100644 --- a/packages/spring_boot/data_stream/http_trace/elasticsearch/ingest_pipeline/default.yml +++ b/packages/spring_boot/data_stream/http_trace/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing http_trace logs processors: - set: field: ecs.version - value: "8.5.1" + value: "8.11.0" - rename: field: message target_field: event.original @@ -27,7 +27,7 @@ processors: value: event - set: field: event.category - value: web + value: [web] - set: field: event.dataset value: spring_boot.http_trace diff --git a/packages/spring_boot/data_stream/http_trace/fields/ecs.yml b/packages/spring_boot/data_stream/http_trace/fields/ecs.yml deleted file mode 100644 index f54a59e79aa1..000000000000 --- a/packages/spring_boot/data_stream/http_trace/fields/ecs.yml +++ /dev/null @@ -1,22 +0,0 @@ -- external: ecs - name: event.dataset -- external: ecs - name: event.duration -- external: ecs - name: event.kind -- external: ecs - name: event.module -- external: ecs - name: event.type -- external: ecs - name: ecs.version -- external: ecs - name: host.ip -- external: ecs - name: http.request.method -- external: ecs - name: http.request.referrer -- external: ecs - name: http.response.status_code -- external: ecs - name: tags diff --git a/packages/spring_boot/data_stream/http_trace/sample_event.json b/packages/spring_boot/data_stream/http_trace/sample_event.json index 7161e8ef7008..b65eedc90bad 100644 --- a/packages/spring_boot/data_stream/http_trace/sample_event.json +++ b/packages/spring_boot/data_stream/http_trace/sample_event.json @@ -1,11 +1,11 @@ { - "@timestamp": "2022-08-05T09:31:44.895Z", + "@timestamp": "2024-06-18T07:17:49.933Z", "agent": { - "ephemeral_id": "d55155ad-e1c4-4c29-a809-1d8b7b539e39", - "id": "3ab22ca1-4caf-465f-8789-2a45a81ed9b1", + "ephemeral_id": "f957703f-c55c-49bb-81d4-ec742b088158", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.1.0" + "version": "8.13.0" }, "data_stream": { "dataset": "spring_boot.http_trace", @@ -13,20 +13,22 @@ "type": "logs" }, "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "elastic_agent": { - "id": "3ab22ca1-4caf-465f-8789-2a45a81ed9b1", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.1.0" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", - "category": "web", - "created": "2022-08-05T09:31:44.895Z", + "category": [ + "web" + ], + "created": "2024-06-18T07:17:49.933Z", "dataset": "spring_boot.http_trace", - "duration": 2, - "ingested": "2022-08-05T09:31:48Z", + "duration": 3, + "ingested": "2024-06-18T07:18:01Z", "kind": "event", "module": "spring_boot", "type": [ @@ -37,27 +39,28 @@ "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", + "id": "8259e024976a406e8a54cdbffeb84fec", "ip": [ - "192.168.112.5" + "{0=192.168.245.7}" ], "mac": [ - "02:42:c0:a8:70:05" + "02-42-C0-A8-F5-07" ], "name": "docker-fleet-agent", "os": { "codename": "focal", "family": "debian", - "kernel": "3.10.0-1160.71.1.el7.x86_64", + "kernel": "3.10.0-1160.102.1.el7.x86_64", "name": "Ubuntu", "platform": "ubuntu", "type": "linux", - "version": "20.04.4 LTS (Focal Fossa)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "http": { "request": { "method": "GET", - "referrer": "http://springboot:8090/actuator/info" + "referrer": "http://springboot:8090/actuator/health" }, "response": { "status_code": 200 diff --git a/packages/spring_boot/data_stream/memory/elasticsearch/ingest_pipeline/default.yml b/packages/spring_boot/data_stream/memory/elasticsearch/ingest_pipeline/default.yml index ca5e833f1a7b..e5d44286000f 100644 --- a/packages/spring_boot/data_stream/memory/elasticsearch/ingest_pipeline/default.yml +++ b/packages/spring_boot/data_stream/memory/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Spring Boot Memory metrics. processors: - set: field: ecs.version - value: "8.5.1" + value: "8.11.0" - rename: field: jolokia.metrics target_field: spring_boot.memory @@ -11,7 +11,7 @@ processors: ignore_failure: true - set: field: event.type - value: info + value: [info] - set: field: event.kind value: metric diff --git a/packages/spring_boot/data_stream/memory/fields/ecs.yml b/packages/spring_boot/data_stream/memory/fields/ecs.yml deleted file mode 100644 index 49d913a6a3cd..000000000000 --- a/packages/spring_boot/data_stream/memory/fields/ecs.yml +++ /dev/null @@ -1,20 +0,0 @@ -- external: ecs - name: ecs.version -- external: ecs - name: error.message -- external: ecs - name: event.category -- external: ecs - name: event.dataset -- external: ecs - name: event.kind -- external: ecs - name: event.module -- external: ecs - name: host.ip -- external: ecs - name: service.address -- external: ecs - name: service.type -- external: ecs - name: tags diff --git a/packages/spring_boot/data_stream/memory/sample_event.json b/packages/spring_boot/data_stream/memory/sample_event.json index e84579d2bc1a..f908d4216c4d 100644 --- a/packages/spring_boot/data_stream/memory/sample_event.json +++ b/packages/spring_boot/data_stream/memory/sample_event.json @@ -1,11 +1,11 @@ { - "@timestamp": "2023-09-28T13:08:46.636Z", + "@timestamp": "2024-06-18T07:18:47.122Z", "agent": { - "ephemeral_id": "f6ab2af3-153b-4970-99c9-a9c564407b18", - "id": "9a3f2233-d554-4847-9b74-1465e769563d", + "ephemeral_id": "2972904f-375b-4b83-9de9-e0c36d85d5de", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "8.5.1" + "version": "8.13.0" }, "data_stream": { "dataset": "spring_boot.memory", @@ -13,12 +13,12 @@ "type": "metrics" }, "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "elastic_agent": { - "id": "9a3f2233-d554-4847-9b74-1465e769563d", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.5.1" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", @@ -26,32 +26,34 @@ "web" ], "dataset": "spring_boot.memory", - "duration": 566740708, - "ingested": "2023-09-28T13:08:48Z", + "duration": 672110556, + "ingested": "2024-06-18T07:18:59Z", "kind": "metric", "module": "spring_boot", - "type": "info" + "type": [ + "info" + ] }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", - "id": "75e38940166b4dbc90b6f5610e8e9c39", + "id": "8259e024976a406e8a54cdbffeb84fec", "ip": [ - "192.168.246.7" + "192.168.245.7" ], "mac": [ - "02-42-C0-A8-F6-07" + "02-42-C0-A8-F5-07" ], "name": "docker-fleet-agent", "os": { "codename": "focal", "family": "debian", - "kernel": "3.10.0-1160.90.1.el7.x86_64", + "kernel": "3.10.0-1160.102.1.el7.x86_64", "name": "Ubuntu", "platform": "ubuntu", "type": "linux", - "version": "20.04.5 LTS (Focal Fossa)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "metricset": { @@ -65,16 +67,16 @@ "spring_boot": { "memory": { "heap": { - "committed": 579338240, + "committed": 587202560, "init": 260046848, "max": 3698851840, - "used": 172880800 + "used": 158654888 }, "non_heap": { - "committed": 62873600, + "committed": 63504384, "init": 2555904, "max": -1, - "used": 56856368 + "used": 58973664 } } }, diff --git a/packages/spring_boot/data_stream/threading/elasticsearch/ingest_pipeline/default.yml b/packages/spring_boot/data_stream/threading/elasticsearch/ingest_pipeline/default.yml index e7ba984be88e..408b10580dc9 100644 --- a/packages/spring_boot/data_stream/threading/elasticsearch/ingest_pipeline/default.yml +++ b/packages/spring_boot/data_stream/threading/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Spring Boot Threading metrics. processors: - set: field: ecs.version - value: "8.5.1" + value: "8.11.0" - rename: field: jolokia.metrics target_field: spring_boot.threading @@ -11,7 +11,7 @@ processors: ignore_failure: true - set: field: event.type - value: info + value: [info] - set: field: event.kind value: metric diff --git a/packages/spring_boot/data_stream/threading/fields/ecs.yml b/packages/spring_boot/data_stream/threading/fields/ecs.yml deleted file mode 100644 index 49d913a6a3cd..000000000000 --- a/packages/spring_boot/data_stream/threading/fields/ecs.yml +++ /dev/null @@ -1,20 +0,0 @@ -- external: ecs - name: ecs.version -- external: ecs - name: error.message -- external: ecs - name: event.category -- external: ecs - name: event.dataset -- external: ecs - name: event.kind -- external: ecs - name: event.module -- external: ecs - name: host.ip -- external: ecs - name: service.address -- external: ecs - name: service.type -- external: ecs - name: tags diff --git a/packages/spring_boot/data_stream/threading/sample_event.json b/packages/spring_boot/data_stream/threading/sample_event.json index a13b36a5b369..961b64520fea 100644 --- a/packages/spring_boot/data_stream/threading/sample_event.json +++ b/packages/spring_boot/data_stream/threading/sample_event.json @@ -1,11 +1,11 @@ { - "@timestamp": "2023-09-28T13:09:36.850Z", + "@timestamp": "2024-06-18T07:19:44.017Z", "agent": { - "ephemeral_id": "f6ab2af3-153b-4970-99c9-a9c564407b18", - "id": "9a3f2233-d554-4847-9b74-1465e769563d", + "ephemeral_id": "9e0f783a-f02b-4fc0-90c9-2d264b73e4bc", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "8.5.1" + "version": "8.13.0" }, "data_stream": { "dataset": "spring_boot.threading", @@ -13,12 +13,12 @@ "type": "metrics" }, "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "elastic_agent": { - "id": "9a3f2233-d554-4847-9b74-1465e769563d", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.5.1" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", @@ -26,32 +26,34 @@ "web" ], "dataset": "spring_boot.threading", - "duration": 197157690, - "ingested": "2023-09-28T13:09:38Z", + "duration": 301437518, + "ingested": "2024-06-18T07:19:55Z", "kind": "metric", "module": "spring_boot", - "type": "info" + "type": [ + "info" + ] }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", - "id": "75e38940166b4dbc90b6f5610e8e9c39", + "id": "8259e024976a406e8a54cdbffeb84fec", "ip": [ - "192.168.246.7" + "192.168.245.7" ], "mac": [ - "02-42-C0-A8-F6-07" + "02-42-C0-A8-F5-07" ], "name": "docker-fleet-agent", "os": { "codename": "focal", "family": "debian", - "kernel": "3.10.0-1160.90.1.el7.x86_64", + "kernel": "3.10.0-1160.102.1.el7.x86_64", "name": "Ubuntu", "platform": "ubuntu", "type": "linux", - "version": "20.04.5 LTS (Focal Fossa)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "metricset": { @@ -67,10 +69,10 @@ "threads": { "count": 20, "current": { - "allocated_bytes": 28523936, + "allocated_bytes": 29755720, "time": { - "cpu": 380757629, - "user": 370000000 + "cpu": 293039690, + "user": 280000000 } }, "daemon": 16, diff --git a/packages/spring_boot/docs/README.md b/packages/spring_boot/docs/README.md index 0bd32cf577f7..482aead6df40 100644 --- a/packages/spring_boot/docs/README.md +++ b/packages/spring_boot/docs/README.md @@ -82,13 +82,13 @@ An example event for `audit_events` looks as following: ```json { - "@timestamp": "2022-08-05T09:30:10.644Z", + "@timestamp": "2024-06-18T07:15:52.565Z", "agent": { - "ephemeral_id": "575ffec5-bd74-4689-8baa-8486735193f3", - "id": "3ab22ca1-4caf-465f-8789-2a45a81ed9b1", + "ephemeral_id": "5026de47-56bf-4ed7-996b-c574a7c0d140", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.1.0" + "version": "8.13.0" }, "data_stream": { "dataset": "spring_boot.audit_events", @@ -96,19 +96,21 @@ An example event for `audit_events` looks as following: "type": "logs" }, "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "elastic_agent": { - "id": "3ab22ca1-4caf-465f-8789-2a45a81ed9b1", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.1.0" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", - "category": "web", - "created": "2022-08-05T09:30:10.644Z", + "category": [ + "web" + ], + "created": "2024-06-18T07:15:52.565Z", "dataset": "spring_boot.audit_events", - "ingested": "2022-08-05T09:30:14Z", + "ingested": "2024-06-18T07:16:04Z", "kind": "event", "module": "spring_boot", "type": [ @@ -119,17 +121,18 @@ An example event for `audit_events` looks as following: "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", + "id": "8259e024976a406e8a54cdbffeb84fec", "ip": [ - "192.168.112.5" + "192.168.245.7" ], "mac": [ - "02:42:c0:a8:70:05" + "02-42-C0-A8-F5-07" ], "name": "docker-fleet-agent", "os": { "codename": "focal", "family": "debian", - "kernel": "3.10.0-1160.71.1.el7.x86_64", + "kernel": "3.10.0-1160.102.1.el7.x86_64", "name": "Ubuntu", "platform": "ubuntu", "type": "linux", @@ -152,6 +155,10 @@ An example event for `audit_events` looks as following: } ``` +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | @@ -160,18 +167,11 @@ An example event for `audit_events` looks as following: | data_stream.dataset | Data stream dataset. | constant_keyword | | data_stream.namespace | Data stream namespace. | constant_keyword | | data_stream.type | Data stream type. | constant_keyword | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | -| event.dataset | Name of the dataset. If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. | keyword | -| event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword | -| event.module | Name of the module this data is coming from. If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. | keyword | -| event.type | This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. `event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. This field is an array. This will allow proper categorization of some events that fall in multiple event types. | keyword | -| host.ip | Host ip addresses. | ip | | spring_boot.audit_events.data.remote_address | Remote Address of the Spring Boot application user. | keyword | | spring_boot.audit_events.data.session_id | Session ID of the Spring Boot application user. | keyword | | spring_boot.audit_events.document_id | Unique document id generated by Elasticsearch. | keyword | | spring_boot.audit_events.principal | Restricts the events to those with the given principal. | keyword | | spring_boot.audit_events.type | Authentication type. | keyword | -| tags | List of keywords used to tag each event. | keyword | ### HTTP Trace logs @@ -184,13 +184,13 @@ An example event for `http_trace` looks as following: ```json { - "@timestamp": "2022-08-05T09:31:44.895Z", + "@timestamp": "2024-06-18T07:17:49.933Z", "agent": { - "ephemeral_id": "d55155ad-e1c4-4c29-a809-1d8b7b539e39", - "id": "3ab22ca1-4caf-465f-8789-2a45a81ed9b1", + "ephemeral_id": "f957703f-c55c-49bb-81d4-ec742b088158", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.1.0" + "version": "8.13.0" }, "data_stream": { "dataset": "spring_boot.http_trace", @@ -198,20 +198,22 @@ An example event for `http_trace` looks as following: "type": "logs" }, "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "elastic_agent": { - "id": "3ab22ca1-4caf-465f-8789-2a45a81ed9b1", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.1.0" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", - "category": "web", - "created": "2022-08-05T09:31:44.895Z", + "category": [ + "web" + ], + "created": "2024-06-18T07:17:49.933Z", "dataset": "spring_boot.http_trace", - "duration": 2, - "ingested": "2022-08-05T09:31:48Z", + "duration": 3, + "ingested": "2024-06-18T07:18:01Z", "kind": "event", "module": "spring_boot", "type": [ @@ -222,27 +224,28 @@ An example event for `http_trace` looks as following: "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", + "id": "8259e024976a406e8a54cdbffeb84fec", "ip": [ - "192.168.112.5" + "{0=192.168.245.7}" ], "mac": [ - "02:42:c0:a8:70:05" + "02-42-C0-A8-F5-07" ], "name": "docker-fleet-agent", "os": { "codename": "focal", "family": "debian", - "kernel": "3.10.0-1160.71.1.el7.x86_64", + "kernel": "3.10.0-1160.102.1.el7.x86_64", "name": "Ubuntu", "platform": "ubuntu", "type": "linux", - "version": "20.04.4 LTS (Focal Fossa)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "http": { "request": { "method": "GET", - "referrer": "http://springboot:8090/actuator/info" + "referrer": "http://springboot:8090/actuator/health" }, "response": { "status_code": 200 @@ -254,6 +257,10 @@ An example event for `http_trace` looks as following: } ``` +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | @@ -262,19 +269,8 @@ An example event for `http_trace` looks as following: | data_stream.dataset | Data stream dataset. | constant_keyword | | data_stream.namespace | Data stream namespace. | constant_keyword | | data_stream.type | Data stream type. | constant_keyword | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | -| event.dataset | Name of the dataset. If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. | keyword | -| event.duration | Duration of the event in nanoseconds. If event.start and event.end are known this value should be the difference between the end and start time. | long | -| event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword | -| event.module | Name of the module this data is coming from. If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. | keyword | -| event.type | This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. `event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. This field is an array. This will allow proper categorization of some events that fall in multiple event types. | keyword | -| host.ip | Host ip addresses. | ip | -| http.request.method | HTTP request method. The value should retain its casing from the original event. For example, `GET`, `get`, and `GeT` are all considered valid values for this field. | keyword | -| http.request.referrer | Referrer for this HTTP request. | keyword | -| http.response.status_code | HTTP response status code. | long | | spring_boot.http_trace.principal | Principal of the exchange. | keyword | | spring_boot.http_trace.session | Session associated with the exchange. | keyword | -| tags | List of keywords used to tag each event. | keyword | ## Metrics @@ -289,13 +285,13 @@ An example event for `memory` looks as following: ```json { - "@timestamp": "2023-09-28T13:08:46.636Z", + "@timestamp": "2024-06-18T07:18:47.122Z", "agent": { - "ephemeral_id": "f6ab2af3-153b-4970-99c9-a9c564407b18", - "id": "9a3f2233-d554-4847-9b74-1465e769563d", + "ephemeral_id": "2972904f-375b-4b83-9de9-e0c36d85d5de", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "8.5.1" + "version": "8.13.0" }, "data_stream": { "dataset": "spring_boot.memory", @@ -303,12 +299,12 @@ An example event for `memory` looks as following: "type": "metrics" }, "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "elastic_agent": { - "id": "9a3f2233-d554-4847-9b74-1465e769563d", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.5.1" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", @@ -316,32 +312,34 @@ An example event for `memory` looks as following: "web" ], "dataset": "spring_boot.memory", - "duration": 566740708, - "ingested": "2023-09-28T13:08:48Z", + "duration": 672110556, + "ingested": "2024-06-18T07:18:59Z", "kind": "metric", "module": "spring_boot", - "type": "info" + "type": [ + "info" + ] }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", - "id": "75e38940166b4dbc90b6f5610e8e9c39", + "id": "8259e024976a406e8a54cdbffeb84fec", "ip": [ - "192.168.246.7" + "192.168.245.7" ], "mac": [ - "02-42-C0-A8-F6-07" + "02-42-C0-A8-F5-07" ], "name": "docker-fleet-agent", "os": { "codename": "focal", "family": "debian", - "kernel": "3.10.0-1160.90.1.el7.x86_64", + "kernel": "3.10.0-1160.102.1.el7.x86_64", "name": "Ubuntu", "platform": "ubuntu", "type": "linux", - "version": "20.04.5 LTS (Focal Fossa)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "metricset": { @@ -355,16 +353,16 @@ An example event for `memory` looks as following: "spring_boot": { "memory": { "heap": { - "committed": 579338240, + "committed": 587202560, "init": 260046848, "max": 3698851840, - "used": 172880800 + "used": 158654888 }, "non_heap": { - "committed": 62873600, + "committed": 63504384, "init": 2555904, "max": -1, - "used": 56856368 + "used": 58973664 } } }, @@ -374,6 +372,10 @@ An example event for `memory` looks as following: } ``` +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | @@ -382,15 +384,6 @@ An example event for `memory` looks as following: | data_stream.dataset | Data stream dataset. | constant_keyword | | data_stream.namespace | Data stream namespace. | constant_keyword | | data_stream.type | Data stream type. | constant_keyword | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | -| error.message | Error message. | match_only_text | -| event.category | This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. `event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories. | keyword | -| event.dataset | Name of the dataset. If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. | keyword | -| event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword | -| event.module | Name of the module this data is coming from. If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. | keyword | -| host.ip | Host ip addresses. | ip | -| service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | -| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | spring_boot.memory.buffer_pool.direct.count | Count of direct buffer pool memory. | long | | spring_boot.memory.buffer_pool.direct.total_capacity | Total capacity of direct buffer pool memory. | long | | spring_boot.memory.buffer_pool.direct.used | Used memory of direct buffer pool. | long | @@ -409,7 +402,6 @@ An example event for `memory` looks as following: | spring_boot.memory.non_heap.init | Init non-heap memory usage of JVM. | long | | spring_boot.memory.non_heap.max | Max non-heap memory usage of JVM. | long | | spring_boot.memory.non_heap.used | Used non-heap memory usage of JVM. | long | -| tags | List of keywords used to tag each event. | keyword | ### Threading Metrics @@ -422,13 +414,13 @@ An example event for `threading` looks as following: ```json { - "@timestamp": "2023-09-28T13:09:36.850Z", + "@timestamp": "2024-06-18T07:19:44.017Z", "agent": { - "ephemeral_id": "f6ab2af3-153b-4970-99c9-a9c564407b18", - "id": "9a3f2233-d554-4847-9b74-1465e769563d", + "ephemeral_id": "9e0f783a-f02b-4fc0-90c9-2d264b73e4bc", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "8.5.1" + "version": "8.13.0" }, "data_stream": { "dataset": "spring_boot.threading", @@ -436,12 +428,12 @@ An example event for `threading` looks as following: "type": "metrics" }, "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "elastic_agent": { - "id": "9a3f2233-d554-4847-9b74-1465e769563d", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.5.1" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", @@ -449,32 +441,34 @@ An example event for `threading` looks as following: "web" ], "dataset": "spring_boot.threading", - "duration": 197157690, - "ingested": "2023-09-28T13:09:38Z", + "duration": 301437518, + "ingested": "2024-06-18T07:19:55Z", "kind": "metric", "module": "spring_boot", - "type": "info" + "type": [ + "info" + ] }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", - "id": "75e38940166b4dbc90b6f5610e8e9c39", + "id": "8259e024976a406e8a54cdbffeb84fec", "ip": [ - "192.168.246.7" + "192.168.245.7" ], "mac": [ - "02-42-C0-A8-F6-07" + "02-42-C0-A8-F5-07" ], "name": "docker-fleet-agent", "os": { "codename": "focal", "family": "debian", - "kernel": "3.10.0-1160.90.1.el7.x86_64", + "kernel": "3.10.0-1160.102.1.el7.x86_64", "name": "Ubuntu", "platform": "ubuntu", "type": "linux", - "version": "20.04.5 LTS (Focal Fossa)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "metricset": { @@ -490,10 +484,10 @@ An example event for `threading` looks as following: "threads": { "count": 20, "current": { - "allocated_bytes": 28523936, + "allocated_bytes": 29755720, "time": { - "cpu": 380757629, - "user": 370000000 + "cpu": 293039690, + "user": 280000000 } }, "daemon": 16, @@ -507,6 +501,10 @@ An example event for `threading` looks as following: } ``` +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | @@ -515,22 +513,12 @@ An example event for `threading` looks as following: | data_stream.dataset | Data stream dataset. | constant_keyword | | data_stream.namespace | Data stream namespace. | constant_keyword | | data_stream.type | Data stream type. | constant_keyword | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | -| error.message | Error message. | match_only_text | -| event.category | This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. `event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories. | keyword | -| event.dataset | Name of the dataset. If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. | keyword | -| event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword | -| event.module | Name of the module this data is coming from. If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. | keyword | -| host.ip | Host ip addresses. | ip | -| service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | -| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | spring_boot.threading.threads.count | Current number of live threads including both daemon and non-daemon threads. | long | | spring_boot.threading.threads.current.allocated_bytes | Allocated bytes for the current thread. | double | | spring_boot.threading.threads.current.time.cpu | CPU time for the current thread in nanoseconds. | long | | spring_boot.threading.threads.current.time.user | User time for the current thread. | long | | spring_boot.threading.threads.daemon | Current number of live daemon threads. | long | | spring_boot.threading.threads.started | Total number of threads created and also started since the Java virtual machine started. | long | -| tags | List of keywords used to tag each event. | keyword | ### GC Metrics @@ -543,13 +531,13 @@ An example event for `gc` looks as following: ```json { - "@timestamp": "2023-09-28T13:07:07.602Z", + "@timestamp": "2024-06-18T07:16:52.674Z", "agent": { - "ephemeral_id": "dcb46246-ff32-4d0e-89ce-d72ce374bb33", - "id": "9a3f2233-d554-4847-9b74-1465e769563d", + "ephemeral_id": "bfe8ee26-f9e4-4990-8790-7fbc2a8c075e", + "id": "97400795-188c-4140-a1ee-0002078c785d", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "8.5.1" + "version": "8.13.0" }, "data_stream": { "dataset": "spring_boot.gc", @@ -557,12 +545,12 @@ An example event for `gc` looks as following: "type": "metrics" }, "ecs": { - "version": "8.5.1" + "version": "8.11.0" }, "elastic_agent": { - "id": "9a3f2233-d554-4847-9b74-1465e769563d", + "id": "97400795-188c-4140-a1ee-0002078c785d", "snapshot": false, - "version": "8.5.1" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", @@ -570,8 +558,8 @@ An example event for `gc` looks as following: "web" ], "dataset": "spring_boot.gc", - "duration": 221408484, - "ingested": "2023-09-28T13:07:08Z", + "duration": 347472291, + "ingested": "2024-06-18T07:17:04Z", "kind": "metric", "module": "spring_boot", "type": [ @@ -582,22 +570,22 @@ An example event for `gc` looks as following: "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", - "id": "75e38940166b4dbc90b6f5610e8e9c39", + "id": "8259e024976a406e8a54cdbffeb84fec", "ip": [ - "192.168.246.7" + "192.168.245.7" ], "mac": [ - "02-42-C0-A8-F6-07" + "02-42-C0-A8-F5-07" ], "name": "docker-fleet-agent", "os": { "codename": "focal", "family": "debian", - "kernel": "3.10.0-1160.90.1.el7.x86_64", + "kernel": "3.10.0-1160.102.1.el7.x86_64", "name": "Ubuntu", "platform": "ubuntu", "type": "linux", - "version": "20.04.5 LTS (Focal Fossa)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "metricset": { @@ -611,44 +599,44 @@ An example event for `gc` looks as following: "spring_boot": { "gc": { "last_info": { - "id": 2, + "id": 6, "memory_usage": { "after": { "code_cache": { "committed": 14286848, "init": 2555904, "max": 251658240, - "used": 14209088 + "used": 14213056 }, "compressed_class_space": { "committed": 4980736, "init": 0, "max": 1073741824, - "used": 4436328 + "used": 4443120 }, "metaspace": { "committed": 36265984, "init": 0, "max": -1, - "used": 33758840 + "used": 33775552 }, "ps_eden_space": { - "committed": 435683328, + "committed": 457703424, "init": 65536000, - "max": 1354760192, + "max": 1354235904, "used": 0 }, "ps_old_gen": { - "committed": 118489088, + "committed": 90177536, "init": 173539328, "max": 2774007808, - "used": 14683728 + "used": 10597560 }, "ps_survivor_space": { "committed": 16777216, "init": 10485760, "max": 16777216, - "used": 0 + "used": 8605776 } }, "before": { @@ -656,48 +644,48 @@ An example event for `gc` looks as following: "committed": 14286848, "init": 2555904, "max": 251658240, - "used": 14209088 + "used": 14213056 }, "compressed_class_space": { "committed": 4980736, "init": 0, "max": 1073741824, - "used": 4436328 + "used": 4443120 }, "metaspace": { "committed": 36265984, "init": 0, "max": -1, - "used": 33758840 + "used": 33775552 }, "ps_eden_space": { - "committed": 435683328, + "committed": 262144000, "init": 65536000, - "max": 1354760192, - "used": 0 + "max": 1359478784, + "used": 10469928 }, "ps_old_gen": { - "committed": 94896128, + "committed": 90177536, "init": 173539328, "max": 2774007808, - "used": 10795056 + "used": 10589368 }, "ps_survivor_space": { - "committed": 16777216, + "committed": 10485760, "init": 10485760, - "max": 16777216, - "used": 8519744 + "max": 10485760, + "used": 10453056 } } }, "thread_count": 10, "time": { - "duration": 40, - "end": 3588, - "start": 3548 + "duration": 8, + "end": 3406, + "start": 3398 } }, - "name": "PS MarkSweep" + "name": "PS Scavenge" } }, "tags": [ @@ -706,6 +694,10 @@ An example event for `gc` looks as following: } ``` +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | Unit | @@ -714,18 +706,6 @@ An example event for `gc` looks as following: | data_stream.dataset | Data stream dataset. | constant_keyword | | | data_stream.namespace | Data stream namespace. | constant_keyword | | | data_stream.type | Data stream type. | constant_keyword | | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | -| error.message | Error message. | match_only_text | | -| event.category | This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. `event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories. | keyword | | -| event.dataset | Name of the dataset. If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. | keyword | | -| event.duration | Duration of the event in nanoseconds. If event.start and event.end are known this value should be the difference between the end and start time. | long | | -| event.ingested | Timestamp when an event arrived in the central data store. This is different from `@timestamp`, which is when the event originally occurred. It's also different from `event.created`, which is meant to capture the first time an agent saw the event. In normal conditions, assuming no tampering, the timestamps should chronologically look like this: `@timestamp` \< `event.created` \< `event.ingested`. | date | | -| event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword | | -| event.module | Name of the module this data is coming from. If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. | keyword | | -| event.type | This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. `event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. This field is an array. This will allow proper categorization of some events that fall in multiple event types. | keyword | | -| host.ip | Host ip addresses. | ip | | -| service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | | -| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | | spring_boot.gc.last_info.id | ID of the GC. | long | | | spring_boot.gc.last_info.memory_usage.after.code_cache.committed | Committed memory of the code cache memory pool after GC started. | long | byte | | spring_boot.gc.last_info.memory_usage.after.code_cache.init | Init memory of the code cache memory pool after GC started. | long | byte | @@ -804,5 +784,4 @@ An example event for `gc` looks as following: | spring_boot.gc.last_info.time.end | End time of the GC. | long | ms | | spring_boot.gc.last_info.time.start | Start time of the GC. | long | ms | | spring_boot.gc.name | Name of the GC. | keyword | | -| tags | List of keywords used to tag each event. | keyword | | diff --git a/packages/spring_boot/manifest.yml b/packages/spring_boot/manifest.yml index f675951334a6..4c31d713f3aa 100644 --- a/packages/spring_boot/manifest.yml +++ b/packages/spring_boot/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: spring_boot title: Spring Boot -version: "1.5.0" +version: "1.6.0" description: This Elastic integration collects logs and metrics from Spring Boot integration. type: integration categories: @@ -9,7 +9,7 @@ categories: - java_observability conditions: kibana: - version: ^8.12.0 + version: "^8.13.0" elastic: subscription: basic screenshots: diff --git a/packages/sql_input/_dev/build/build.yml b/packages/sql_input/_dev/build/build.yml index 2c10980d4b03..2bfcfc223b04 100644 --- a/packages/sql_input/_dev/build/build.yml +++ b/packages/sql_input/_dev/build/build.yml @@ -1,4 +1,3 @@ dependencies: ecs: - reference: git@v8.7.0 - + reference: "git@v8.11.0" diff --git a/packages/sql_input/changelog.yml b/packages/sql_input/changelog.yml index 9658baa95309..ff8efce820fc 100644 --- a/packages/sql_input/changelog.yml +++ b/packages/sql_input/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.5.0" + changes: + - description: ECS version updated to 8.11.0. Update the kibana constraint to ^8.13.0. Modified the field definitions to remove ECS fields made redundant by the ecs@mappings component template. + type: enhancement + link: https://github.com/elastic/integrations/pull/10171 - version: "0.4.0" changes: - description: Add `condition` and `processors` settings. diff --git a/packages/sql_input/fields/base-fields.yml b/packages/sql_input/fields/base-fields.yml index e3577347f731..14017be5fb29 100644 --- a/packages/sql_input/fields/base-fields.yml +++ b/packages/sql_input/fields/base-fields.yml @@ -6,7 +6,3 @@ external: ecs - name: '@timestamp' external: ecs -- name: service.address - external: ecs -- name: service.type - external: ecs diff --git a/packages/sql_input/fields/ecs.yml b/packages/sql_input/fields/ecs.yml deleted file mode 100644 index f99c50be49de..000000000000 --- a/packages/sql_input/fields/ecs.yml +++ /dev/null @@ -1,2 +0,0 @@ -- name: ecs.version - external: ecs diff --git a/packages/sql_input/manifest.yml b/packages/sql_input/manifest.yml index 77ab8e3dd109..4bfccb3c7256 100644 --- a/packages/sql_input/manifest.yml +++ b/packages/sql_input/manifest.yml @@ -1,13 +1,14 @@ format_version: 2.0.0 name: sql title: "SQL Input" -version: "0.4.0" +version: "0.5.0" description: "Collects Metrics by Quering on SQL Databases" type: input categories: - custom conditions: - kibana.version: "^8.8.0" + kibana: + version: "^8.13.0" elastic.subscription: "basic" icons: - src: /img/sql-server-icon.svg diff --git a/packages/sql_input/sample_event.json b/packages/sql_input/sample_event.json index 5c3ed80b9773..b5f8d2e5f6a9 100644 --- a/packages/sql_input/sample_event.json +++ b/packages/sql_input/sample_event.json @@ -1,11 +1,11 @@ { - "@timestamp": "2023-06-09T08:27:42.884Z", + "@timestamp": "2024-06-19T06:12:25.260Z", "agent": { - "ephemeral_id": "41f4ec9a-4eea-437e-8bdb-136403df2324", - "id": "8080f7a9-0dbb-42ee-9580-790170265fa8", + "ephemeral_id": "44822e54-f658-4e8b-9d6d-781be5601775", + "id": "88cd20f7-39fa-4cc4-9840-becd737943a6", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "8.8.0" + "version": "8.13.0" }, "data_stream": { "dataset": "sql.sql", @@ -16,33 +16,33 @@ "version": "8.0.0" }, "elastic_agent": { - "id": "8080f7a9-0dbb-42ee-9580-790170265fa8", + "id": "88cd20f7-39fa-4cc4-9840-becd737943a6", "snapshot": false, - "version": "8.8.0" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", "dataset": "sql.sql", - "duration": 18846913, - "ingested": "2023-06-09T08:27:46Z", + "duration": 14117416, + "ingested": "2024-06-19T06:12:37Z", "module": "sql" }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", - "id": "e8978f2086c14e13b7a0af9ed0011d19", + "id": "8259e024976a406e8a54cdbffeb84fec", "ip": [ - "172.18.0.6" + "192.168.253.7" ], "mac": [ - "02-42-AC-12-00-06" + "02-42-C0-A8-FD-07" ], "name": "docker-fleet-agent", "os": { "codename": "focal", "family": "debian", - "kernel": "3.10.0-1160.88.1.el7.x86_64", + "kernel": "3.10.0-1160.102.1.el7.x86_64", "name": "Ubuntu", "platform": "ubuntu", "type": "linux", @@ -54,21 +54,37 @@ "period": 10000 }, "service": { - "address": "elastic-package-service_sql_input_1:3306", + "address": "elastic-package-service-sql_input_postgresql-1:5432", "type": "sql" }, "sql": { - "driver": "mysql", + "driver": "postgres", "metrics": { - "delayed_insert_threads": 0, - "mysqlx_worker_threads": 2, - "mysqlx_worker_threads_active": 0, - "slow_launch_threads": 0, - "threads_cached": 0, - "threads_connected": 1, - "threads_created": 1, - "threads_running": 2 + "active_time": 0, + "blk_read_time": 0, + "blk_write_time": 0, + "blks_hit": 453, + "blks_read": 87, + "conflicts": 0, + "datid": 0, + "deadlocks": 0, + "idle_in_transaction_time": 0, + "numbackends": 0, + "session_time": 0, + "sessions": 0, + "sessions_abandoned": 0, + "sessions_fatal": 0, + "sessions_killed": 0, + "temp_bytes": 0, + "temp_files": 0, + "tup_deleted": 0, + "tup_fetched": 50, + "tup_inserted": 24, + "tup_returned": 127, + "tup_updated": 5, + "xact_commit": 4, + "xact_rollback": 0 }, - "query": "SHOW STATUS LIKE '%Threads%'" + "query": "SELECT * FROM pg_stat_database;" } } \ No newline at end of file diff --git a/packages/stan/_dev/build/build.yml b/packages/stan/_dev/build/build.yml index 47cbed9fed86..2bfcfc223b04 100644 --- a/packages/stan/_dev/build/build.yml +++ b/packages/stan/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.0.0 + reference: "git@v8.11.0" diff --git a/packages/stan/_dev/build/docs/README.md b/packages/stan/_dev/build/docs/README.md index 3a0e4afba260..4db709be1fd4 100644 --- a/packages/stan/_dev/build/docs/README.md +++ b/packages/stan/_dev/build/docs/README.md @@ -16,6 +16,10 @@ The `log` dataset collects the STAN logs. {{event "log"}} +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "log"}} ## Metrics @@ -29,6 +33,10 @@ metrics from a STAN instance. {{event "stats"}} +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "stats"}} ### channels @@ -38,6 +46,10 @@ metrics about channels from a STAN instance. {{event "channels"}} +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "channels"}} ### subscriptions @@ -47,4 +59,8 @@ metrics about subscriptions from a STAN instance. {{event "subscriptions"}} +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + {{fields "subscriptions"}} \ No newline at end of file diff --git a/packages/stan/changelog.yml b/packages/stan/changelog.yml index 29206491da8a..062abcce7086 100644 --- a/packages/stan/changelog.yml +++ b/packages/stan/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: ECS version updated to 8.11.0. Update the kibana constraint to ^8.13.0. Modified the field definitions to remove ECS fields made redundant by the ecs@mappings component template. + type: enhancement + link: https://github.com/elastic/integrations/pull/10171 - version: "1.6.0" changes: - description: Add global filter on data_stream.dataset to improve performance. diff --git a/packages/stan/data_stream/channels/fields/ecs.yml b/packages/stan/data_stream/channels/fields/ecs.yml index d3c8fbe2618e..37cf21eb8269 100644 --- a/packages/stan/data_stream/channels/fields/ecs.yml +++ b/packages/stan/data_stream/channels/fields/ecs.yml @@ -1,10 +1,6 @@ -- external: ecs - name: ecs.version - external: ecs name: service.address dimension: true -- external: ecs - name: service.type - external: ecs name: agent.id dimension: true @@ -28,4 +24,4 @@ dimension: true - external: ecs name: host.name - dimension: true \ No newline at end of file + dimension: true diff --git a/packages/stan/data_stream/channels/sample_event.json b/packages/stan/data_stream/channels/sample_event.json index 6ac84237f7b0..9d8410e02792 100644 --- a/packages/stan/data_stream/channels/sample_event.json +++ b/packages/stan/data_stream/channels/sample_event.json @@ -1,11 +1,11 @@ { - "@timestamp": "2022-01-12T04:11:05.571Z", + "@timestamp": "2024-06-18T10:40:33.161Z", "agent": { - "ephemeral_id": "02c989d8-8cf2-4e65-bf07-a8e93785fdaa", - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "ephemeral_id": "2f2befc0-8f03-49d7-b5bf-8131709857b6", + "id": "21652d23-59b4-4d65-a341-ede15f919642", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "8.0.0-beta1" + "version": "8.13.0" }, "data_stream": { "dataset": "stan.channels", @@ -13,40 +13,36 @@ "type": "metrics" }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, "elastic_agent": { - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "id": "21652d23-59b4-4d65-a341-ede15f919642", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", "dataset": "stan.channels", - "duration": 22264899, - "ingested": "2022-01-12T04:11:06Z", + "duration": 3556501, + "ingested": "2024-06-18T10:40:45Z", "module": "stan" }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", - "id": "4ccba669f0df47fa3f57a9e4169ae7f1", - "ip": [ - "172.18.0.4" - ], - "mac": [ - "02:42:ac:12:00:04" - ], + "id": "8259e024976a406e8a54cdbffeb84fec", + "ip": "192.168.252.5", + "mac": "02-42-C0-A8-FC-05", "name": "docker-fleet-agent", "os": { - "codename": "Core", - "family": "redhat", - "kernel": "5.11.0-44-generic", - "name": "CentOS Linux", - "platform": "centos", + "codename": "focal", + "family": "debian", + "kernel": "3.10.0-1160.102.1.el7.x86_64", + "name": "Ubuntu", + "platform": "ubuntu", "type": "linux", - "version": "7 (Core)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "metricset": { @@ -70,7 +66,7 @@ "id": "test-cluster" }, "server": { - "id": "dEvzTKomxEioLU6oP1VuXM" + "id": "KJXiShxwxsi2oNAUH1Rlzn" } } } \ No newline at end of file diff --git a/packages/stan/data_stream/log/_dev/test/pipeline/test-log-sample.log-expected.json b/packages/stan/data_stream/log/_dev/test/pipeline/test-log-sample.log-expected.json index 576a810efc5e..4e924b6949f8 100644 --- a/packages/stan/data_stream/log/_dev/test/pipeline/test-log-sample.log-expected.json +++ b/packages/stan/data_stream/log/_dev/test/pipeline/test-log-sample.log-expected.json @@ -1,2710 +1,2710 @@ { "expected": [ { - "process": { - "pid": 7 - }, "@timestamp": "2021-01-13T14:20:06.981Z", "ecs": { - "version": "8.0.0" + "version": "8.11.0" + }, + "event": { + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830523006Z", + "kind": "event", + "original": "[7] 2021/01/13 14:20:06.981022 [INF] STREAM: Starting nats-streaming-server[test-cluster] version 0.15.1", + "type": [ + "info" + ] }, "log": { "level": "info" }, + "message": "STREAM: Starting nats-streaming-server[test-cluster] version 0.15.1", + "process": { + "pid": 7 + }, "stan": { "log": { "msg": {} } }, - "event": { - "ingested": "2022-01-12T04:09:27.469595465Z", - "original": "[7] 2021/01/13 14:20:06.981022 [INF] STREAM: Starting nats-streaming-server[test-cluster] version 0.15.1", - "type": [ - "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "message": "STREAM: Starting nats-streaming-server[test-cluster] version 0.15.1", "tags": [ "preserve_original_event" ] }, { - "process": { - "pid": 7 - }, "@timestamp": "2021-01-13T14:20:06.981Z", "ecs": { - "version": "8.0.0" + "version": "8.11.0" + }, + "event": { + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830536798Z", + "kind": "event", + "original": "[7] 2021/01/13 14:20:06.981055 [INF] STREAM: ServerID: tnudw5OA2pv04Sn0JpebGy", + "type": [ + "info" + ] }, "log": { "level": "info" }, + "message": "STREAM: ServerID: tnudw5OA2pv04Sn0JpebGy", + "process": { + "pid": 7 + }, "stan": { "log": { "msg": {} } }, - "event": { - "ingested": "2022-01-12T04:09:27.469599121Z", - "original": "[7] 2021/01/13 14:20:06.981055 [INF] STREAM: ServerID: tnudw5OA2pv04Sn0JpebGy", - "type": [ - "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "message": "STREAM: ServerID: tnudw5OA2pv04Sn0JpebGy", "tags": [ "preserve_original_event" ] }, { - "process": { - "pid": 7 - }, "@timestamp": "2021-01-13T14:20:06.981Z", "ecs": { - "version": "8.0.0" + "version": "8.11.0" + }, + "event": { + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830538407Z", + "kind": "event", + "original": "[7] 2021/01/13 14:20:06.981069 [INF] STREAM: Go version: go1.11.10", + "type": [ + "info" + ] }, "log": { "level": "info" }, + "message": "STREAM: Go version: go1.11.10", + "process": { + "pid": 7 + }, "stan": { "log": { "msg": {} } }, - "event": { - "ingested": "2022-01-12T04:09:27.469600231Z", - "original": "[7] 2021/01/13 14:20:06.981069 [INF] STREAM: Go version: go1.11.10", - "type": [ - "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "message": "STREAM: Go version: go1.11.10", "tags": [ "preserve_original_event" ] }, { - "process": { - "pid": 7 - }, "@timestamp": "2021-01-13T14:20:06.981Z", "ecs": { - "version": "8.0.0" + "version": "8.11.0" + }, + "event": { + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830539469Z", + "kind": "event", + "original": "[7] 2021/01/13 14:20:06.981082 [INF] STREAM: Git commit: [8e6aa7c]", + "type": [ + "info" + ] }, "log": { "level": "info" }, + "message": "STREAM: Git commit: [8e6aa7c]", + "process": { + "pid": 7 + }, "stan": { "log": { "msg": {} } }, - "event": { - "ingested": "2022-01-12T04:09:27.469601202Z", - "original": "[7] 2021/01/13 14:20:06.981082 [INF] STREAM: Git commit: [8e6aa7c]", - "type": [ - "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "message": "STREAM: Git commit: [8e6aa7c]", "tags": [ "preserve_original_event" ] }, { - "process": { - "pid": 7 - }, "@timestamp": "2021-01-13T14:20:06.981Z", "ecs": { - "version": "8.0.0" + "version": "8.11.0" + }, + "event": { + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830540456Z", + "kind": "event", + "original": "[7] 2021/01/13 14:20:06.981951 [INF] Starting nats-server version 2.0.0", + "type": [ + "info" + ] }, "log": { "level": "info" }, + "message": "Starting nats-server version 2.0.0", + "process": { + "pid": 7 + }, "stan": { "log": { "msg": {} } }, - "event": { - "ingested": "2022-01-12T04:09:27.469602121Z", - "original": "[7] 2021/01/13 14:20:06.981951 [INF] Starting nats-server version 2.0.0", - "type": [ - "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "message": "Starting nats-server version 2.0.0", "tags": [ "preserve_original_event" ] }, { - "process": { - "pid": 7 - }, "@timestamp": "2021-01-13T14:20:06.981Z", "ecs": { - "version": "8.0.0" + "version": "8.11.0" + }, + "event": { + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830541447Z", + "kind": "event", + "original": "[7] 2021/01/13 14:20:06.981983 [DBG] Go build version go1.11.10", + "type": [ + "info" + ] }, "log": { "level": "debug" }, + "message": "Go build version go1.11.10", + "process": { + "pid": 7 + }, "stan": { "log": { "msg": {} } }, - "event": { - "ingested": "2022-01-12T04:09:27.469603041Z", - "original": "[7] 2021/01/13 14:20:06.981983 [DBG] Go build version go1.11.10", - "type": [ - "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "message": "Go build version go1.11.10", "tags": [ "preserve_original_event" ] }, { - "process": { - "pid": 7 - }, "@timestamp": "2021-01-13T14:20:06.981Z", "ecs": { - "version": "8.0.0" + "version": "8.11.0" + }, + "event": { + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830542442Z", + "kind": "event", + "original": "[7] 2021/01/13 14:20:06.981996 [INF] Git commit [not set]", + "type": [ + "info" + ] }, "log": { "level": "info" }, + "message": "Git commit [not set]", + "process": { + "pid": 7 + }, "stan": { "log": { "msg": {} } }, - "event": { - "ingested": "2022-01-12T04:09:27.469603961Z", - "original": "[7] 2021/01/13 14:20:06.981996 [INF] Git commit [not set]", - "type": [ - "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "message": "Git commit [not set]", "tags": [ "preserve_original_event" ] }, { - "process": { - "pid": 7 - }, "@timestamp": "2021-01-13T14:20:06.982Z", "ecs": { - "version": "8.0.0" + "version": "8.11.0" + }, + "event": { + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830543444Z", + "kind": "event", + "original": "[7] 2021/01/13 14:20:06.982082 [INF] Starting http monitor on 0.0.0.0:8222", + "type": [ + "info" + ] }, "log": { "level": "info" }, + "message": "Starting http monitor on 0.0.0.0:8222", + "process": { + "pid": 7 + }, "stan": { "log": { "msg": {} } }, - "event": { - "ingested": "2022-01-12T04:09:27.469604882Z", - "original": "[7] 2021/01/13 14:20:06.982082 [INF] Starting http monitor on 0.0.0.0:8222", - "type": [ - "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "message": "Starting http monitor on 0.0.0.0:8222", "tags": [ "preserve_original_event" ] }, { - "process": { - "pid": 7 - }, "@timestamp": "2021-01-13T14:20:06.982Z", "ecs": { - "version": "8.0.0" + "version": "8.11.0" + }, + "event": { + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830544523Z", + "kind": "event", + "original": "[7] 2021/01/13 14:20:06.982116 [INF] Listening for client connections on 0.0.0.0:4222", + "type": [ + "info" + ] }, "log": { "level": "info" }, + "message": "Listening for client connections on 0.0.0.0:4222", + "process": { + "pid": 7 + }, "stan": { "log": { "msg": {} } }, - "event": { - "ingested": "2022-01-12T04:09:27.469605817Z", - "original": "[7] 2021/01/13 14:20:06.982116 [INF] Listening for client connections on 0.0.0.0:4222", - "type": [ - "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "message": "Listening for client connections on 0.0.0.0:4222", "tags": [ "preserve_original_event" ] }, { - "process": { - "pid": 7 - }, "@timestamp": "2021-01-13T14:20:06.982Z", "ecs": { - "version": "8.0.0" + "version": "8.11.0" + }, + "event": { + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830545504Z", + "kind": "event", + "original": "[7] 2021/01/13 14:20:06.982127 [INF] Server id is NCE3NFAMOIJHIR6KK53KBPN6C44LXZ6G4ULGLIWIBLYOLG5Z5LVCQSOB", + "type": [ + "info" + ] }, "log": { "level": "info" }, + "message": "Server id is NCE3NFAMOIJHIR6KK53KBPN6C44LXZ6G4ULGLIWIBLYOLG5Z5LVCQSOB", + "process": { + "pid": 7 + }, "stan": { "log": { "msg": {} } }, - "event": { - "ingested": "2022-01-12T04:09:27.469606743Z", - "original": "[7] 2021/01/13 14:20:06.982127 [INF] Server id is NCE3NFAMOIJHIR6KK53KBPN6C44LXZ6G4ULGLIWIBLYOLG5Z5LVCQSOB", - "type": [ - "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "message": "Server id is NCE3NFAMOIJHIR6KK53KBPN6C44LXZ6G4ULGLIWIBLYOLG5Z5LVCQSOB", "tags": [ "preserve_original_event" ] }, { - "process": { - "pid": 7 - }, "@timestamp": "2021-01-13T14:20:06.982Z", "ecs": { - "version": "8.0.0" + "version": "8.11.0" + }, + "event": { + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830546489Z", + "kind": "event", + "original": "[7] 2021/01/13 14:20:06.982136 [INF] Server is ready", + "type": [ + "info" + ] }, "log": { "level": "info" }, + "message": "Server is ready", + "process": { + "pid": 7 + }, "stan": { "log": { "msg": {} } }, - "event": { - "ingested": "2022-01-12T04:09:27.469607672Z", - "original": "[7] 2021/01/13 14:20:06.982136 [INF] Server is ready", - "type": [ - "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "message": "Server is ready", "tags": [ "preserve_original_event" ] }, { - "process": { - "pid": 7 - }, "@timestamp": "2021-01-13T14:20:06.982Z", "ecs": { - "version": "8.0.0" + "version": "8.11.0" + }, + "event": { + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830547647Z", + "kind": "event", + "original": "[7] 2021/01/13 14:20:06.982149 [DBG] Get non local IPs for \"0.0.0.0\"", + "type": [ + "info" + ] }, "log": { "level": "debug" }, + "message": "Get non local IPs for \"0.0.0.0\"", + "process": { + "pid": 7 + }, "stan": { "log": { "msg": {} } }, - "event": { - "ingested": "2022-01-12T04:09:27.469608724Z", - "original": "[7] 2021/01/13 14:20:06.982149 [DBG] Get non local IPs for \"0.0.0.0\"", - "type": [ - "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "message": "Get non local IPs for \"0.0.0.0\"", "tags": [ "preserve_original_event" ] }, { - "process": { - "pid": 7 - }, "@timestamp": "2021-01-13T14:20:06.982Z", "ecs": { - "version": "8.0.0" + "version": "8.11.0" }, - "log": { + "event": { + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830548638Z", + "kind": "event", + "original": "[7] 2021/01/13 14:20:06.982402 [DBG] ip=192.168.240.2", + "type": [ + "info" + ] + }, + "log": { "level": "debug" }, + "message": " ip=192.168.240.2", + "process": { + "pid": 7 + }, "stan": { "log": { "msg": {} } }, - "event": { - "ingested": "2022-01-12T04:09:27.469609676Z", - "original": "[7] 2021/01/13 14:20:06.982402 [DBG] ip=192.168.240.2", - "type": [ - "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "message": " ip=192.168.240.2", "tags": [ "preserve_original_event" ] }, { - "process": { - "pid": 7 - }, "@timestamp": "2021-01-13T14:20:07.008Z", + "client": { + "ip": "127.0.0.1", + "port": 33150 + }, "ecs": { - "version": "8.0.0" + "version": "8.11.0" }, - "related": { - "ip": [ - "127.0.0.1" + "event": { + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830549626Z", + "kind": "event", + "original": "[7] 2021/01/13 14:20:07.008167 [DBG] 127.0.0.1:33150 - cid:1 - Client connection created", + "type": [ + "info" ] }, "log": { "level": "debug" }, + "message": "Client connection created", + "process": { + "pid": 7 + }, + "related": { + "ip": [ + "127.0.0.1" + ] + }, "stan": { "log": { - "msg": {}, "client": { "id": "1" - } + }, + "msg": {} } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:20:07.009Z", "client": { - "port": 33150, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 33152 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469610602Z", - "original": "[7] 2021/01/13 14:20:07.008167 [DBG] 127.0.0.1:33150 - cid:1 - Client connection created", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830551044Z", + "kind": "event", + "original": "[7] 2021/01/13 14:20:07.009385 [DBG] 127.0.0.1:33152 - cid:2 - Client connection created", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "debug" }, "message": "Client connection created", - "tags": [ - "preserve_original_event" - ] - }, - { "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:20:07.009Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "debug" - }, "stan": { "log": { - "msg": {}, "client": { "id": "2" - } + }, + "msg": {} } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:20:07.010Z", "client": { - "port": 33152, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 33154 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469611533Z", - "original": "[7] 2021/01/13 14:20:07.009385 [DBG] 127.0.0.1:33152 - cid:2 - Client connection created", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830552029Z", + "kind": "event", + "original": "[7] 2021/01/13 14:20:07.010819 [DBG] 127.0.0.1:33154 - cid:3 - Client connection created", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "debug" }, "message": "Client connection created", - "tags": [ - "preserve_original_event" - ] - }, - { "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:20:07.010Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "debug" - }, "stan": { "log": { - "msg": {}, "client": { "id": "3" - } + }, + "msg": {} } }, - "client": { - "port": 33154, - "ip": "127.0.0.1" - }, - "event": { - "ingested": "2022-01-12T04:09:27.469612478Z", - "original": "[7] 2021/01/13 14:20:07.010819 [DBG] 127.0.0.1:33154 - cid:3 - Client connection created", - "type": [ - "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "message": "Client connection created", "tags": [ "preserve_original_event" ] }, { - "process": { - "pid": 7 - }, "@timestamp": "2021-01-13T14:20:07.011Z", "ecs": { - "version": "8.0.0" + "version": "8.11.0" + }, + "event": { + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830553137Z", + "kind": "event", + "original": "[7] 2021/01/13 14:20:07.011557 [INF] STREAM: Recovering the state...", + "type": [ + "info" + ] }, "log": { "level": "info" }, + "message": "STREAM: Recovering the state...", + "process": { + "pid": 7 + }, "stan": { "log": { "msg": {} } }, - "event": { - "ingested": "2022-01-12T04:09:27.469613532Z", - "original": "[7] 2021/01/13 14:20:07.011557 [INF] STREAM: Recovering the state...", - "type": [ - "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "message": "STREAM: Recovering the state...", "tags": [ "preserve_original_event" ] }, { - "process": { - "pid": 7 - }, "@timestamp": "2021-01-13T14:20:07.011Z", "ecs": { - "version": "8.0.0" + "version": "8.11.0" + }, + "event": { + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830554130Z", + "kind": "event", + "original": "[7] 2021/01/13 14:20:07.011583 [INF] STREAM: No recovered state", + "type": [ + "info" + ] }, "log": { "level": "info" }, + "message": "STREAM: No recovered state", + "process": { + "pid": 7 + }, "stan": { "log": { "msg": {} } }, - "event": { - "ingested": "2022-01-12T04:09:27.469614478Z", - "original": "[7] 2021/01/13 14:20:07.011583 [INF] STREAM: No recovered state", - "type": [ - "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "message": "STREAM: No recovered state", "tags": [ "preserve_original_event" ] }, { - "process": { - "pid": 7 - }, "@timestamp": "2021-01-13T14:20:07.263Z", "ecs": { - "version": "8.0.0" + "version": "8.11.0" + }, + "event": { + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830555200Z", + "kind": "event", + "original": "[7] 2021/01/13 14:20:07.263504 [INF] STREAM: Message store is MEMORY", + "type": [ + "info" + ] }, "log": { "level": "info" }, + "message": "STREAM: Message store is MEMORY", + "process": { + "pid": 7 + }, "stan": { "log": { "msg": {} } }, - "event": { - "ingested": "2022-01-12T04:09:27.469615407Z", - "original": "[7] 2021/01/13 14:20:07.263504 [INF] STREAM: Message store is MEMORY", - "type": [ - "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "message": "STREAM: Message store is MEMORY", "tags": [ "preserve_original_event" ] }, { - "process": { - "pid": 7 - }, "@timestamp": "2021-01-13T14:20:07.263Z", "ecs": { - "version": "8.0.0" + "version": "8.11.0" + }, + "event": { + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830556190Z", + "kind": "event", + "original": "[7] 2021/01/13 14:20:07.263623 [INF] STREAM: ---------- Store Limits ----------", + "type": [ + "info" + ] }, "log": { "level": "info" }, + "message": "STREAM: ---------- Store Limits ----------", + "process": { + "pid": 7 + }, "stan": { "log": { "msg": {} } }, - "event": { - "ingested": "2022-01-12T04:09:27.469616367Z", - "original": "[7] 2021/01/13 14:20:07.263623 [INF] STREAM: ---------- Store Limits ----------", - "type": [ - "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "message": "STREAM: ---------- Store Limits ----------", "tags": [ "preserve_original_event" ] }, { - "process": { - "pid": 7 - }, "@timestamp": "2021-01-13T14:20:07.263Z", "ecs": { - "version": "8.0.0" + "version": "8.11.0" + }, + "event": { + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830557257Z", + "kind": "event", + "original": "[7] 2021/01/13 14:20:07.263653 [INF] STREAM: Channels: 100 *", + "type": [ + "info" + ] }, "log": { "level": "info" }, + "message": "STREAM: Channels: 100 *", + "process": { + "pid": 7 + }, "stan": { "log": { "msg": {} } }, - "event": { - "ingested": "2022-01-12T04:09:27.469617312Z", - "original": "[7] 2021/01/13 14:20:07.263653 [INF] STREAM: Channels: 100 *", - "type": [ - "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "message": "STREAM: Channels: 100 *", "tags": [ "preserve_original_event" ] }, { - "process": { - "pid": 7 - }, "@timestamp": "2021-01-13T14:20:07.263Z", "ecs": { - "version": "8.0.0" + "version": "8.11.0" + }, + "event": { + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830558315Z", + "kind": "event", + "original": "[7] 2021/01/13 14:20:07.263671 [INF] STREAM: --------- Channels Limits --------", + "type": [ + "info" + ] }, "log": { "level": "info" }, + "message": "STREAM: --------- Channels Limits --------", + "process": { + "pid": 7 + }, "stan": { "log": { "msg": {} } }, - "event": { - "ingested": "2022-01-12T04:09:27.469618235Z", - "original": "[7] 2021/01/13 14:20:07.263671 [INF] STREAM: --------- Channels Limits --------", - "type": [ - "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "message": "STREAM: --------- Channels Limits --------", "tags": [ "preserve_original_event" ] }, { - "process": { - "pid": 7 - }, "@timestamp": "2021-01-13T14:20:07.263Z", "ecs": { - "version": "8.0.0" + "version": "8.11.0" + }, + "event": { + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830559302Z", + "kind": "event", + "original": "[7] 2021/01/13 14:20:07.263690 [INF] STREAM: Subscriptions: 1000 *", + "type": [ + "info" + ] }, "log": { "level": "info" }, + "message": "STREAM: Subscriptions: 1000 *", + "process": { + "pid": 7 + }, "stan": { "log": { "msg": {} } }, - "event": { - "ingested": "2022-01-12T04:09:27.469619165Z", - "original": "[7] 2021/01/13 14:20:07.263690 [INF] STREAM: Subscriptions: 1000 *", - "type": [ - "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "message": "STREAM: Subscriptions: 1000 *", "tags": [ "preserve_original_event" ] }, { - "process": { - "pid": 7 - }, "@timestamp": "2021-01-13T14:20:07.263Z", "ecs": { - "version": "8.0.0" + "version": "8.11.0" + }, + "event": { + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830560865Z", + "kind": "event", + "original": "[7] 2021/01/13 14:20:07.263710 [INF] STREAM: Messages : 1000000 *", + "type": [ + "info" + ] }, "log": { "level": "info" }, + "message": "STREAM: Messages : 1000000 *", + "process": { + "pid": 7 + }, "stan": { "log": { "msg": {} } }, - "event": { - "ingested": "2022-01-12T04:09:27.469620213Z", - "original": "[7] 2021/01/13 14:20:07.263710 [INF] STREAM: Messages : 1000000 *", - "type": [ - "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "message": "STREAM: Messages : 1000000 *", "tags": [ "preserve_original_event" ] }, { - "process": { - "pid": 7 - }, "@timestamp": "2021-01-13T14:20:07.263Z", "ecs": { - "version": "8.0.0" + "version": "8.11.0" + }, + "event": { + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830561847Z", + "kind": "event", + "original": "[7] 2021/01/13 14:20:07.263728 [INF] STREAM: Bytes : 976.56 MB *", + "type": [ + "info" + ] }, "log": { "level": "info" }, + "message": "STREAM: Bytes : 976.56 MB *", + "process": { + "pid": 7 + }, "stan": { "log": { "msg": {} } }, - "event": { - "ingested": "2022-01-12T04:09:27.469621137Z", - "original": "[7] 2021/01/13 14:20:07.263728 [INF] STREAM: Bytes : 976.56 MB *", - "type": [ - "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "message": "STREAM: Bytes : 976.56 MB *", "tags": [ "preserve_original_event" ] }, { - "process": { - "pid": 7 - }, "@timestamp": "2021-01-13T14:20:07.263Z", "ecs": { - "version": "8.0.0" + "version": "8.11.0" + }, + "event": { + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830562838Z", + "kind": "event", + "original": "[7] 2021/01/13 14:20:07.263749 [INF] STREAM: Age : unlimited *", + "type": [ + "info" + ] }, "log": { "level": "info" }, + "message": "STREAM: Age : unlimited *", + "process": { + "pid": 7 + }, "stan": { "log": { "msg": {} } }, - "event": { - "ingested": "2022-01-12T04:09:27.469622088Z", - "original": "[7] 2021/01/13 14:20:07.263749 [INF] STREAM: Age : unlimited *", - "type": [ - "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "message": "STREAM: Age : unlimited *", "tags": [ "preserve_original_event" ] }, { - "process": { - "pid": 7 - }, "@timestamp": "2021-01-13T14:20:07.263Z", "ecs": { - "version": "8.0.0" + "version": "8.11.0" + }, + "event": { + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830563876Z", + "kind": "event", + "original": "[7] 2021/01/13 14:20:07.263767 [INF] STREAM: Inactivity : unlimited *", + "type": [ + "info" + ] }, "log": { "level": "info" }, + "message": "STREAM: Inactivity : unlimited *", + "process": { + "pid": 7 + }, "stan": { "log": { "msg": {} } }, - "event": { - "ingested": "2022-01-12T04:09:27.469623050Z", - "original": "[7] 2021/01/13 14:20:07.263767 [INF] STREAM: Inactivity : unlimited *", - "type": [ - "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "message": "STREAM: Inactivity : unlimited *", "tags": [ "preserve_original_event" ] }, { - "process": { - "pid": 7 - }, "@timestamp": "2021-01-13T14:20:07.263Z", "ecs": { - "version": "8.0.0" + "version": "8.11.0" + }, + "event": { + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830564864Z", + "kind": "event", + "original": "[7] 2021/01/13 14:20:07.263788 [INF] STREAM: ----------------------------------", + "type": [ + "info" + ] }, "log": { "level": "info" }, + "message": "STREAM: ----------------------------------", + "process": { + "pid": 7 + }, "stan": { "log": { "msg": {} } }, - "event": { - "ingested": "2022-01-12T04:09:27.469623983Z", - "original": "[7] 2021/01/13 14:20:07.263788 [INF] STREAM: ----------------------------------", - "type": [ - "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "message": "STREAM: ----------------------------------", "tags": [ "preserve_original_event" ] }, { - "process": { - "pid": 7 - }, "@timestamp": "2021-01-13T14:20:08.988Z", + "client": { + "ip": "127.0.0.1", + "port": 33160 + }, "ecs": { - "version": "8.0.0" + "version": "8.11.0" }, - "related": { - "ip": [ - "127.0.0.1" + "event": { + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830565850Z", + "kind": "event", + "original": "[7] 2021/01/13 14:20:08.988091 [DBG] 127.0.0.1:33160 - cid:4 - Client connection created", + "type": [ + "info" ] }, "log": { "level": "debug" }, + "message": "Client connection created", + "process": { + "pid": 7 + }, + "related": { + "ip": [ + "127.0.0.1" + ] + }, "stan": { "log": { - "msg": {}, "client": { "id": "4" - } + }, + "msg": {} } }, - "client": { - "port": 33160, - "ip": "127.0.0.1" - }, - "event": { - "ingested": "2022-01-12T04:09:27.469624952Z", - "original": "[7] 2021/01/13 14:20:08.988091 [DBG] 127.0.0.1:33160 - cid:4 - Client connection created", - "type": [ - "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "message": "Client connection created", "tags": [ "preserve_original_event" ] }, { - "process": { - "pid": 7 - }, "@timestamp": "2021-01-13T14:20:09.010Z", "ecs": { - "version": "8.0.0" + "version": "8.11.0" + }, + "event": { + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830566831Z", + "kind": "event", + "original": "[7] 2021/01/13 14:20:09.010952 [INF] STREAM: Channel \"bar\" has been created", + "type": [ + "info" + ] }, "log": { "level": "info" }, + "message": "STREAM: Channel \"bar\" has been created", + "process": { + "pid": 7 + }, "stan": { "log": { "msg": {} } }, - "event": { - "ingested": "2022-01-12T04:09:27.469625901Z", - "original": "[7] 2021/01/13 14:20:09.010952 [INF] STREAM: Channel \"bar\" has been created", - "type": [ - "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" - }, - "message": "STREAM: Channel \"bar\" has been created", "tags": [ "preserve_original_event" ] }, { - "process": { - "pid": 7 - }, "@timestamp": "2021-01-13T14:22:50.499Z", - "ecs": { - "version": "8.0.0" - }, - "related": { - "ip": [ - "127.0.0.1" - ] - }, - "log": { - "level": "trace" - }, - "stan": { - "log": { - "msg": { - "type": "subscribe", - "subject": "_INBOX.mUz7h6B3wGNf7P7bhyQldF", - "sid": "43" - }, - "client": { - "id": "3" - } - } - }, "client": { - "port": 60748, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60748 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469626854Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830567821Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.499525 [TRC] 127.0.0.1:60748 - cid:3 - \u003c\u003c- [SUB _INBOX.mUz7h6B3wGNf7P7bhyQldF 43]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], "network": { "direction": "inbound" - } - }, - { + }, "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.497Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "debug" - }, "stan": { "log": { - "msg": {}, "client": { - "id": "27" + "id": "3" + }, + "msg": { + "sid": "43", + "subject": "_INBOX.mUz7h6B3wGNf7P7bhyQldF", + "type": "subscribe" } } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.497Z", "client": { - "port": 60800, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60800 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469627784Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830568810Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.497650 [DBG] 127.0.0.1:60800 - cid:27 - Client connection closed", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "debug" }, "message": "Client connection closed", - "tags": [ - "preserve_original_event" - ] - }, - { "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.499Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "debug" - }, "stan": { "log": { - "msg": {}, "client": { - "id": "34" - } + "id": "27" + }, + "msg": {} } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.499Z", "client": { - "port": 60812, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60812 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469628709Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830569798Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.499560 [DBG] 127.0.0.1:60812 - cid:34 - Client connection closed", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "debug" }, "message": "Client connection closed", - "tags": [ - "preserve_original_event" - ] - }, - { "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.499Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "debug" - }, "stan": { "log": { - "msg": {}, "client": { - "id": "36" - } + "id": "34" + }, + "msg": {} } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.499Z", "client": { - "port": 60818, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60818 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469629638Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830570857Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.499565 [DBG] 127.0.0.1:60818 - cid:36 - Client connection closed", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "debug" }, "message": "Client connection closed", - "tags": [ - "preserve_original_event" - ] - }, - { "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.499Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "debug" - }, "stan": { "log": { - "msg": {}, "client": { - "id": "35" - } + "id": "36" + }, + "msg": {} } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.499Z", "client": { - "port": 60816, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60816 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469630661Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830573713Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.499560 [DBG] 127.0.0.1:60816 - cid:35 - Client connection closed", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "debug" }, "message": "Client connection closed", - "tags": [ - "preserve_original_event" - ] - }, - { "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.499Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "trace" - }, "stan": { "log": { - "msg": { - "type": "ping" - }, "client": { - "id": "3" - } + "id": "35" + }, + "msg": {} } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.499Z", "client": { - "port": 60748, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60748 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469631593Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830574737Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.499586 [TRC] 127.0.0.1:60748 - cid:3 - \u003c\u003c- [PING]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], "network": { "direction": "inbound" - } - }, - { + }, "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.499Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "debug" - }, "stan": { "log": { - "msg": {}, "client": { - "id": "38" + "id": "3" + }, + "msg": { + "type": "ping" } } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.499Z", "client": { - "port": 60820, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60820 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469632514Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830575716Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.499599 [DBG] 127.0.0.1:60820 - cid:38 - Client connection closed", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "debug" }, "message": "Client connection closed", - "tags": [ - "preserve_original_event" - ] - }, - { "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.499Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "trace" - }, "stan": { "log": { - "msg": { - "type": "pong" - }, "client": { - "id": "3" - } + "id": "38" + }, + "msg": {} } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.499Z", "client": { - "port": 60748, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60748 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469633452Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830576707Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.499607 [TRC] 127.0.0.1:60748 - cid:3 - -\u003e\u003e [PONG]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], "network": { "direction": "outbound" - } - }, - { + }, "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.499Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "debug" - }, "stan": { "log": { - "msg": {}, "client": { - "id": "30" + "id": "3" + }, + "msg": { + "type": "pong" } } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.499Z", "client": { - "port": 60804, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60804 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469634375Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830577692Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.499634 [DBG] 127.0.0.1:60804 - cid:30 - Client connection closed", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "debug" }, "message": "Client connection closed", - "tags": [ - "preserve_original_event" - ] - }, - { "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.499Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "debug" - }, "stan": { "log": { - "msg": {}, "client": { - "id": "32" - } + "id": "30" + }, + "msg": {} } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.499Z", "client": { - "port": 60806, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60806 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469635304Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830578677Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.499651 [DBG] 127.0.0.1:60806 - cid:32 - Client connection closed", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "debug" }, "message": "Client connection closed", - "tags": [ - "preserve_original_event" - ] - }, - { "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.499Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "debug" - }, "stan": { "log": { - "msg": {}, "client": { - "id": "42" - } + "id": "32" + }, + "msg": {} } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.499Z", "client": { - "port": 60814, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60814 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469636233Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830579685Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.499656 [DBG] 127.0.0.1:60814 - cid:42 - Client connection closed", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "debug" }, "message": "Client connection closed", - "tags": [ - "preserve_original_event" - ] - }, - { "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.499Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "debug" - }, "stan": { "log": { - "msg": {}, "client": { - "id": "33" - } + "id": "42" + }, + "msg": {} } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.499Z", "client": { - "port": 60808, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60808 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469637159Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830580667Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.499694 [DBG] 127.0.0.1:60808 - cid:33 - Client connection closed", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "debug" }, "message": "Client connection closed", - "tags": [ - "preserve_original_event" - ] - }, - { "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.499Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "debug" - }, "stan": { "log": { - "msg": {}, "client": { - "id": "31" - } + "id": "33" + }, + "msg": {} } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.499Z", "client": { - "port": 60802, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60802 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469638095Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830581659Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.499717 [DBG] 127.0.0.1:60802 - cid:31 - Client connection closed", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "debug" }, "message": "Client connection closed", - "tags": [ - "preserve_original_event" - ] - }, - { "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.499Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "trace" - }, "stan": { "log": { - "msg": { - "type": "subscribe", - "subject": "_INBOX.mUz7h6B3wGNf7P7bhyQlf6", - "sid": "44" - }, "client": { - "id": "3" - } + "id": "31" + }, + "msg": {} } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.499Z", "client": { - "port": 60748, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60748 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469639011Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830582647Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.499727 [TRC] 127.0.0.1:60748 - cid:3 - \u003c\u003c- [SUB _INBOX.mUz7h6B3wGNf7P7bhyQlf6 44]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], "network": { "direction": "inbound" - } - }, - { + }, "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.499Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "trace" - }, "stan": { "log": { - "msg": { - "type": "ping" - }, "client": { "id": "3" + }, + "msg": { + "sid": "44", + "subject": "_INBOX.mUz7h6B3wGNf7P7bhyQlf6", + "type": "subscribe" } } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.499Z", "client": { - "port": 60748, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60748 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469639930Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830583637Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.499769 [TRC] 127.0.0.1:60748 - cid:3 - \u003c\u003c- [PING]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], "network": { "direction": "inbound" - } - }, - { + }, "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.488Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "trace" - }, "stan": { "log": { - "msg": { - "type": "message", - "bytes": 31, - "subject": "_INBOX.ZXYA2FSF5VwytqOUdLsWfp.RdKmEViH", - "sid": "3" - }, "client": { - "id": "83" + "id": "3" + }, + "msg": { + "type": "ping" } } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.488Z", "client": { - "port": 60910, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60910 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469640851Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830584623Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.488515 [TRC] 127.0.0.1:60910 - cid:83 - -\u003e\u003e [MSG _INBOX.ZXYA2FSF5VwytqOUdLsWfp.RdKmEViH 3 31]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], "network": { "direction": "outbound" - } - }, - { + }, "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.499Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "trace" - }, "stan": { "log": { - "msg": { - "type": "pong" - }, "client": { - "id": "3" + "id": "83" + }, + "msg": { + "bytes": 31, + "sid": "3", + "subject": "_INBOX.ZXYA2FSF5VwytqOUdLsWfp.RdKmEViH", + "type": "message" } } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.499Z", "client": { - "port": 60748, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60748 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469641775Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830585616Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.499782 [TRC] 127.0.0.1:60748 - cid:3 - -\u003e\u003e [PONG]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], "network": { "direction": "outbound" - } - }, - { + }, "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.499Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "trace" - }, "stan": { "log": { - "msg": { - "type": "publish", - "bytes": 31, - "subject": "_INBOX.ZXYA2FSF5VwytqOUdLsXOL.kiHXi6ux" - }, "client": { - "id": "1" + "id": "3" + }, + "msg": { + "type": "pong" } } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.499Z", "client": { - "port": 60744, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60744 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469642698Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830586610Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.499811 [TRC] 127.0.0.1:60744 - cid:1 - \u003c\u003c- [PUB _INBOX.ZXYA2FSF5VwytqOUdLsXOL.kiHXi6ux 31]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], "network": { "direction": "inbound" - } - }, - { + }, "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.499Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "trace" - }, "stan": { "log": { - "msg": { - "type": "payload" - }, "client": { "id": "1" + }, + "msg": { + "bytes": 31, + "subject": "_INBOX.ZXYA2FSF5VwytqOUdLsXOL.kiHXi6ux", + "type": "publish" } } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.499Z", "client": { - "port": 60744, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60744 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469643623Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830587598Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.499850 [TRC] 127.0.0.1:60744 - cid:1 - \u003c\u003c- MSG_PAYLOAD: [\"\\x12\\x1d_INBOX.mUz7h6B3wGNf7P7bhyQlS7\"]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], "network": { "direction": "inbound" - } - }, - { + }, "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.499Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "debug" - }, "stan": { "log": { - "msg": {}, "client": { - "id": "83" + "id": "1" + }, + "msg": { + "type": "payload" } } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.499Z", "client": { - "port": 60910, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60910 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469644560Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830588585Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.499850 [DBG] 127.0.0.1:60910 - cid:83 - Client connection closed", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "debug" }, "message": "Client connection closed", - "tags": [ - "preserve_original_event" - ] - }, - { "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.499Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "trace" - }, "stan": { "log": { - "msg": { - "type": "publish", - "bytes": 31, - "subject": "_INBOX.ZXYA2FSF5VwytqOUdLsUbq.CeeDx8Zh" - }, "client": { - "id": "1" - } + "id": "83" + }, + "msg": {} } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.499Z", "client": { - "port": 60744, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60744 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469645583Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830589709Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.499961 [TRC] 127.0.0.1:60744 - cid:1 - \u003c\u003c- [PUB _INBOX.ZXYA2FSF5VwytqOUdLsUbq.CeeDx8Zh 31]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], "network": { "direction": "inbound" - } - }, - { + }, "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.500Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "trace" - }, "stan": { "log": { - "msg": { - "type": "payload" - }, "client": { "id": "1" + }, + "msg": { + "bytes": 31, + "subject": "_INBOX.ZXYA2FSF5VwytqOUdLsUbq.CeeDx8Zh", + "type": "publish" } } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.500Z", "client": { - "port": 60744, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60744 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469646506Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830590726Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.500004 [TRC] 127.0.0.1:60744 - cid:1 - \u003c\u003c- MSG_PAYLOAD: [\"\\x12\\x1d_INBOX.mUz7h6B3wGNf7P7bhyQlTy\"]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], "network": { "direction": "inbound" - } - }, - { + }, "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.500Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "debug" - }, "stan": { "log": { - "msg": {}, "client": { - "id": "29" + "id": "1" + }, + "msg": { + "type": "payload" } } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.500Z", "client": { - "port": 60810, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60810 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469647430Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830591851Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.500142 [DBG] 127.0.0.1:60810 - cid:29 - Client connection closed", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "debug" }, "message": "Client connection closed", - "tags": [ - "preserve_original_event" - ] - }, - { "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.508Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "trace" - }, "stan": { "log": { - "msg": { - "type": "publish", - "bytes": 31, - "subject": "_INBOX.ZXYA2FSF5VwytqOUdLsUsX.7vrrWV3v" - }, "client": { - "id": "1" - } + "id": "29" + }, + "msg": {} } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.508Z", "client": { - "port": 60744, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60744 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469648364Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830592848Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.508653 [TRC] 127.0.0.1:60744 - cid:1 - \u003c\u003c- [PUB _INBOX.ZXYA2FSF5VwytqOUdLsUsX.7vrrWV3v 31]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], "network": { "direction": "inbound" - } - }, - { + }, "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.508Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "trace" - }, "stan": { "log": { - "msg": { - "type": "payload" - }, "client": { "id": "1" + }, + "msg": { + "bytes": 31, + "subject": "_INBOX.ZXYA2FSF5VwytqOUdLsUsX.7vrrWV3v", + "type": "publish" } } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.508Z", "client": { - "port": 60744, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60744 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469649287Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830593833Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.508725 [TRC] 127.0.0.1:60744 - cid:1 - \u003c\u003c- MSG_PAYLOAD: [\"\\x12\\x1d_INBOX.mUz7h6B3wGNf7P7bhyQm1M\"]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], "network": { "direction": "inbound" - } - }, - { + }, "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.508Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "trace" - }, "stan": { "log": { - "msg": { - "type": "subscribe", - "subject": "_INBOX.mUz7h6B3wGNf7P7bhyQm3D", - "sid": "57" - }, "client": { - "id": "3" + "id": "1" + }, + "msg": { + "type": "payload" } } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.508Z", "client": { - "port": 60748, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60748 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469650240Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830594845Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.508872 [TRC] 127.0.0.1:60748 - cid:3 - \u003c\u003c- [SUB _INBOX.mUz7h6B3wGNf7P7bhyQm3D 57]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], "network": { "direction": "inbound" - } - }, - { + }, "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.509Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "trace" - }, "stan": { "log": { - "msg": { - "type": "ping" - }, "client": { "id": "3" + }, + "msg": { + "sid": "57", + "subject": "_INBOX.mUz7h6B3wGNf7P7bhyQm3D", + "type": "subscribe" } } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.509Z", "client": { - "port": 60748, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60748 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469651163Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830595844Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.509016 [TRC] 127.0.0.1:60748 - cid:3 - \u003c\u003c- [PING]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], "network": { "direction": "inbound" - } - }, - { + }, "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.509Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "trace" - }, "stan": { "log": { - "msg": { - "type": "pong" - }, "client": { "id": "3" + }, + "msg": { + "type": "ping" } } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.509Z", "client": { - "port": 60748, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60748 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469652091Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830596833Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.509046 [TRC] 127.0.0.1:60748 - cid:3 - -\u003e\u003e [PONG]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], "network": { "direction": "outbound" - } - }, - { + }, "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.509Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "trace" - }, "stan": { "log": { - "msg": { - "type": "publish", - "bytes": 31, - "subject": "_INBOX.ZXYA2FSF5VwytqOUdLsYyH.3U691ECJ" - }, "client": { - "id": "1" + "id": "3" + }, + "msg": { + "type": "pong" } } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.509Z", "client": { - "port": 60744, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60744 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469653014Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830597825Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.509787 [TRC] 127.0.0.1:60744 - cid:1 - \u003c\u003c- [PUB _INBOX.ZXYA2FSF5VwytqOUdLsYyH.3U691ECJ 31]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], "network": { "direction": "inbound" - } - }, - { + }, "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.509Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "trace" - }, "stan": { "log": { - "msg": { - "type": "payload" - }, "client": { "id": "1" + }, + "msg": { + "bytes": 31, + "subject": "_INBOX.ZXYA2FSF5VwytqOUdLsYyH.3U691ECJ", + "type": "publish" } } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.509Z", "client": { - "port": 60744, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60744 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469653938Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830599184Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.509825 [TRC] 127.0.0.1:60744 - cid:1 - \u003c\u003c- MSG_PAYLOAD: [\"\\x12\\x1d_INBOX.mUz7h6B3wGNf7P7bhyQm3D\"]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], "network": { "direction": "inbound" - } - }, - { + }, "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.509Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "trace" - }, "stan": { "log": { - "msg": { - "type": "subscribe", - "subject": "_INBOX.mUz7h6B3wGNf7P7bhyQm54", - "sid": "58" - }, "client": { - "id": "3" + "id": "1" + }, + "msg": { + "type": "payload" } } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.509Z", "client": { - "port": 60748, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60748 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469654862Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830600173Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.509825 [TRC] 127.0.0.1:60748 - cid:3 - \u003c\u003c- [SUB _INBOX.mUz7h6B3wGNf7P7bhyQm54 58]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], "network": { "direction": "inbound" - } - }, - { + }, "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.509Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "trace" - }, "stan": { "log": { - "msg": { - "type": "ping" - }, "client": { "id": "3" + }, + "msg": { + "sid": "58", + "subject": "_INBOX.mUz7h6B3wGNf7P7bhyQm54", + "type": "subscribe" } } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.509Z", "client": { - "port": 60748, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60748 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469655795Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830601169Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.509899 [TRC] 127.0.0.1:60748 - cid:3 - \u003c\u003c- [PING]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], "network": { "direction": "inbound" - } - }, - { + }, "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.509Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "trace" - }, "stan": { "log": { - "msg": { - "type": "pong" - }, "client": { "id": "3" + }, + "msg": { + "type": "ping" } } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.509Z", "client": { - "port": 60748, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60748 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469656714Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830602171Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.509912 [TRC] 127.0.0.1:60748 - cid:3 - -\u003e\u003e [PONG]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], "network": { "direction": "outbound" - } - }, - { + }, "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.510Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "trace" - }, "stan": { "log": { - "msg": { - "type": "publish", - "bytes": 31, - "subject": "_INBOX.ZXYA2FSF5VwytqOUdLsYpN.R6hUgpF6" - }, "client": { - "id": "1" + "id": "3" + }, + "msg": { + "type": "pong" } } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.510Z", "client": { - "port": 60744, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60744 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469657654Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830603161Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.510036 [TRC] 127.0.0.1:60744 - cid:1 - \u003c\u003c- [PUB _INBOX.ZXYA2FSF5VwytqOUdLsYpN.R6hUgpF6 31]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], "network": { "direction": "inbound" - } - }, - { + }, "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.510Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "trace" - }, "stan": { "log": { - "msg": { - "type": "payload" - }, "client": { "id": "1" + }, + "msg": { + "bytes": 31, + "subject": "_INBOX.ZXYA2FSF5VwytqOUdLsYpN.R6hUgpF6", + "type": "publish" } } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.510Z", "client": { - "port": 60744, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60744 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469658584Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830604150Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.510073 [TRC] 127.0.0.1:60744 - cid:1 - \u003c\u003c- MSG_PAYLOAD: [\"\\x12\\x1d_INBOX.mUz7h6B3wGNf7P7bhyQm54\"]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], "network": { "direction": "inbound" - } - }, - { + }, "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.949Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "trace" - }, "stan": { "log": { - "msg": { - "type": "publish", - "bytes": 220, - "subject": "_INBOX.ZXYA2FSF5VwytqOUdLsWF7.IqlBSvhV" - }, "client": { - "id": "2" + "id": "1" + }, + "msg": { + "type": "payload" } } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.949Z", "client": { - "port": 60746, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60746 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469659566Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830605146Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.949500 [TRC] 127.0.0.1:60746 - cid:2 - \u003c\u003c- [PUB _INBOX.ZXYA2FSF5VwytqOUdLsWF7.IqlBSvhV 220]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], "network": { "direction": "inbound" - } - }, - { + }, "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.949Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "trace" - }, "stan": { "log": { - "msg": { - "type": "payload" - }, "client": { "id": "2" + }, + "msg": { + "bytes": 220, + "subject": "_INBOX.ZXYA2FSF5VwytqOUdLsWF7.IqlBSvhV", + "type": "publish" } } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.949Z", "client": { - "port": 60746, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60746 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469660486Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830606132Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.949675 [TRC] 127.0.0.1:60746 - cid:2 - \u003c\u003c- MSG_PAYLOAD: [\"\\n _STAN.pub.mUz7h6B3wGNf7P7bhyQkHm\\x12 _STAN.sub.mUz7h6B3wGNf7P7bhyQkHm\\x1a\\\"_STAN.unsub.mUz7h6B3wGNf7P7bhyQkHm\\\"\\\"_STAN.close.mUz7h6B3wGNf7P7bhyQkHm2%_STAN.subclose.mUz7h6B3wGNf7P7bhyQkHm:!_STAN.discover.test-cluster.pings@\\x05H\\x03P\\x01\"]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, - "tags": [ - "preserve_original_event" - ], "network": { "direction": "inbound" - } - }, - { + }, "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.949Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "trace" - }, "stan": { "log": { - "msg": {}, "client": { - "id": "3" + "id": "2" + }, + "msg": { + "type": "payload" } } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.949Z", "client": { - "port": 60748, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60748 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469661417Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830607123Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.949848 [TRC] 127.0.0.1:60748 - cid:3 - \u003c\u003c- [UNSUB 21 ]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, "message": "\u003c\u003c- [UNSUB 21 ]", - "tags": [ - "preserve_original_event" - ] - }, - { "process": { "pid": 7 }, - "@timestamp": "2021-01-13T14:22:50.949Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "127.0.0.1" ] }, - "log": { - "level": "trace" - }, "stan": { "log": { - "msg": {}, "client": { "id": "3" - } + }, + "msg": {} } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2021-01-13T14:22:50.949Z", "client": { - "port": 60748, - "ip": "127.0.0.1" + "ip": "127.0.0.1", + "port": 60748 + }, + "ecs": { + "version": "8.11.0" }, "event": { - "ingested": "2022-01-12T04:09:27.469662339Z", + "created": "2020-04-28T11:07:58.223Z", + "ingested": "2024-06-17T12:59:33.830614124Z", + "kind": "event", "original": "[7] 2021/01/13 14:22:50.949912 [TRC] 127.0.0.1:60748 - cid:3 - \u003c-\u003e [DELSUB 21]", "type": [ "info" - ], - "created": "2020-04-28T11:07:58.223Z", - "kind": "event" + ] + }, + "log": { + "level": "trace" }, "message": "\u003c-\u003e [DELSUB 21]", + "process": { + "pid": 7 + }, + "related": { + "ip": [ + "127.0.0.1" + ] + }, + "stan": { + "log": { + "client": { + "id": "3" + }, + "msg": {} + } + }, "tags": [ "preserve_original_event" ] diff --git a/packages/stan/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/stan/data_stream/log/elasticsearch/ingest_pipeline/default.yml index ab9c90479a01..3c237741c26b 100644 --- a/packages/stan/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/stan/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '8.0.0' + value: '8.11.0' - rename: field: message target_field: event.original diff --git a/packages/stan/data_stream/log/fields/base-fields.yml b/packages/stan/data_stream/log/fields/base-fields.yml index 6489afea6946..f21661913542 100644 --- a/packages/stan/data_stream/log/fields/base-fields.yml +++ b/packages/stan/data_stream/log/fields/base-fields.yml @@ -13,11 +13,6 @@ - name: input.type description: Type of Filebeat input. type: keyword -- name: log.file.path - description: Full path to the log file this event came from. - example: /var/log/fun-times.log - ignore_above: 1024 - type: keyword - name: log.offset type: long description: Offset of the entry in the log file. diff --git a/packages/stan/data_stream/log/fields/ecs.yml b/packages/stan/data_stream/log/fields/ecs.yml deleted file mode 100644 index 5bdf95442339..000000000000 --- a/packages/stan/data_stream/log/fields/ecs.yml +++ /dev/null @@ -1,26 +0,0 @@ -- external: ecs - name: client.ip -- external: ecs - name: client.port -- external: ecs - name: ecs.version -- external: ecs - name: error.message -- external: ecs - name: event.created -- external: ecs - name: event.kind -- external: ecs - name: event.type -- external: ecs - name: log.level -- external: ecs - name: message -- external: ecs - name: network.direction -- external: ecs - name: process.pid -- external: ecs - name: related.ip -- external: ecs - name: tags diff --git a/packages/stan/data_stream/log/sample_event.json b/packages/stan/data_stream/log/sample_event.json index c3d8bca20c16..433f22d4bdbf 100644 --- a/packages/stan/data_stream/log/sample_event.json +++ b/packages/stan/data_stream/log/sample_event.json @@ -1,11 +1,11 @@ { - "@timestamp": "2022-01-12T04:11:35.529Z", + "@timestamp": "2024-06-18T10:41:22.515Z", "agent": { - "ephemeral_id": "8d87b679-d308-4954-a88f-fdac22706bb7", - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "ephemeral_id": "e925a178-f704-43e6-899e-b69b164425d8", + "id": "21652d23-59b4-4d65-a341-ede15f919642", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.0.0-beta1" + "version": "8.13.0" }, "data_stream": { "dataset": "stan.log", @@ -13,18 +13,18 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.11.0" }, "elastic_agent": { - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "id": "21652d23-59b4-4d65-a341-ede15f919642", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", - "created": "2022-01-12T04:11:50.063Z", + "created": "2024-06-18T10:41:36.382Z", "dataset": "stan.log", - "ingested": "2022-01-12T04:11:50Z", + "ingested": "2024-06-18T10:41:38Z", "kind": "event", "type": [ "info" diff --git a/packages/stan/data_stream/stats/fields/ecs.yml b/packages/stan/data_stream/stats/fields/ecs.yml index d3c8fbe2618e..37cf21eb8269 100644 --- a/packages/stan/data_stream/stats/fields/ecs.yml +++ b/packages/stan/data_stream/stats/fields/ecs.yml @@ -1,10 +1,6 @@ -- external: ecs - name: ecs.version - external: ecs name: service.address dimension: true -- external: ecs - name: service.type - external: ecs name: agent.id dimension: true @@ -28,4 +24,4 @@ dimension: true - external: ecs name: host.name - dimension: true \ No newline at end of file + dimension: true diff --git a/packages/stan/data_stream/stats/manifest.yml b/packages/stan/data_stream/stats/manifest.yml index 5003316f526d..ed8adf01a7f5 100644 --- a/packages/stan/data_stream/stats/manifest.yml +++ b/packages/stan/data_stream/stats/manifest.yml @@ -13,4 +13,4 @@ streams: title: Stan stats metrics description: Collect Stan stats metrics elasticsearch: - index_mode: "time_series" \ No newline at end of file + index_mode: "time_series" diff --git a/packages/stan/data_stream/stats/sample_event.json b/packages/stan/data_stream/stats/sample_event.json index e9644c64ec3c..75325f5ef112 100644 --- a/packages/stan/data_stream/stats/sample_event.json +++ b/packages/stan/data_stream/stats/sample_event.json @@ -1,11 +1,11 @@ { - "@timestamp": "2022-01-12T04:12:59.760Z", + "@timestamp": "2024-06-18T10:42:35.470Z", "agent": { - "ephemeral_id": "6e4beb8a-ccda-438d-b3f4-e89b98e870d8", - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "ephemeral_id": "b30d1b07-36f0-4e5f-9f80-56b6015fb855", + "id": "21652d23-59b4-4d65-a341-ede15f919642", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "8.0.0-beta1" + "version": "8.13.0" }, "data_stream": { "dataset": "stan.stats", @@ -13,40 +13,36 @@ "type": "metrics" }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, "elastic_agent": { - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "id": "21652d23-59b4-4d65-a341-ede15f919642", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", "dataset": "stan.stats", - "duration": 15794254, - "ingested": "2022-01-12T04:13:00Z", + "duration": 1823495, + "ingested": "2024-06-18T10:42:47Z", "module": "stan" }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", - "id": "4ccba669f0df47fa3f57a9e4169ae7f1", - "ip": [ - "172.18.0.4" - ], - "mac": [ - "02:42:ac:12:00:04" - ], + "id": "8259e024976a406e8a54cdbffeb84fec", + "ip": "192.168.252.5", + "mac": "02-42-C0-A8-FC-05", "name": "docker-fleet-agent", "os": { - "codename": "Core", - "family": "redhat", - "kernel": "5.11.0-44-generic", - "name": "CentOS Linux", - "platform": "centos", + "codename": "focal", + "family": "debian", + "kernel": "3.10.0-1160.102.1.el7.x86_64", + "name": "Ubuntu", + "platform": "ubuntu", "type": "linux", - "version": "7 (Core)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "metricset": { @@ -62,7 +58,7 @@ "id": "test-cluster" }, "server": { - "id": "JQCbrpPJGBxuQGsQ9Yx4Xs" + "id": "I9vNI3muOuNoem5vuoyo5z" }, "stats": { "bytes": 0, diff --git a/packages/stan/data_stream/subscriptions/fields/ecs.yml b/packages/stan/data_stream/subscriptions/fields/ecs.yml index d3c8fbe2618e..37cf21eb8269 100644 --- a/packages/stan/data_stream/subscriptions/fields/ecs.yml +++ b/packages/stan/data_stream/subscriptions/fields/ecs.yml @@ -1,10 +1,6 @@ -- external: ecs - name: ecs.version - external: ecs name: service.address dimension: true -- external: ecs - name: service.type - external: ecs name: agent.id dimension: true @@ -28,4 +24,4 @@ dimension: true - external: ecs name: host.name - dimension: true \ No newline at end of file + dimension: true diff --git a/packages/stan/data_stream/subscriptions/sample_event.json b/packages/stan/data_stream/subscriptions/sample_event.json index e5f953c7b5c2..2efdcaf7f155 100644 --- a/packages/stan/data_stream/subscriptions/sample_event.json +++ b/packages/stan/data_stream/subscriptions/sample_event.json @@ -1,11 +1,11 @@ { - "@timestamp": "2022-01-12T04:13:52.133Z", + "@timestamp": "2024-06-18T10:43:38.692Z", "agent": { - "ephemeral_id": "edb669a5-3b36-43d7-8190-d485d6517f69", - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "ephemeral_id": "871b52f0-2644-4638-811c-1b0befe0ee13", + "id": "21652d23-59b4-4d65-a341-ede15f919642", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "8.0.0-beta1" + "version": "8.13.0" }, "data_stream": { "dataset": "stan.subscriptions", @@ -13,40 +13,36 @@ "type": "metrics" }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, "elastic_agent": { - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "id": "21652d23-59b4-4d65-a341-ede15f919642", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", "dataset": "stan.subscriptions", - "duration": 6243276, - "ingested": "2022-01-12T04:13:53Z", + "duration": 1947519984, + "ingested": "2024-06-18T10:43:50Z", "module": "stan" }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", - "id": "4ccba669f0df47fa3f57a9e4169ae7f1", - "ip": [ - "172.18.0.4" - ], - "mac": [ - "02:42:ac:12:00:04" - ], + "id": "8259e024976a406e8a54cdbffeb84fec", + "ip": "192.168.252.5", + "mac": "02-42-C0-A8-FC-05", "name": "docker-fleet-agent", "os": { - "codename": "Core", - "family": "redhat", - "kernel": "5.11.0-44-generic", - "name": "CentOS Linux", - "platform": "centos", + "codename": "focal", + "family": "debian", + "kernel": "3.10.0-1160.102.1.el7.x86_64", + "name": "Ubuntu", + "platform": "ubuntu", "type": "linux", - "version": "7 (Core)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "metricset": { @@ -62,11 +58,11 @@ "id": "test-cluster" }, "server": { - "id": "NevWjtY7nB1yzea8TtJaGb" + "id": "SwiO2nzNV8CW27j45QPnFz" }, "subscriptions": { "channel": "foo", - "id": "benchmark-sub-25", + "id": "benchmark-sub-23", "last_sent": 0, "offline": false, "pending": 0, diff --git a/packages/stan/docs/README.md b/packages/stan/docs/README.md index 5e97be142f8b..a7f97e1afbf0 100644 --- a/packages/stan/docs/README.md +++ b/packages/stan/docs/README.md @@ -18,13 +18,13 @@ An example event for `log` looks as following: ```json { - "@timestamp": "2022-01-12T04:11:35.529Z", + "@timestamp": "2024-06-18T10:41:22.515Z", "agent": { - "ephemeral_id": "8d87b679-d308-4954-a88f-fdac22706bb7", - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "ephemeral_id": "e925a178-f704-43e6-899e-b69b164425d8", + "id": "21652d23-59b4-4d65-a341-ede15f919642", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.0.0-beta1" + "version": "8.13.0" }, "data_stream": { "dataset": "stan.log", @@ -32,18 +32,18 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.11.0" }, "elastic_agent": { - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "id": "21652d23-59b4-4d65-a341-ede15f919642", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", - "created": "2022-01-12T04:11:50.063Z", + "created": "2024-06-18T10:41:36.382Z", "dataset": "stan.log", - "ingested": "2022-01-12T04:11:50Z", + "ingested": "2024-06-18T10:41:38Z", "kind": "event", "type": [ "info" @@ -75,31 +75,22 @@ An example event for `log` looks as following: } ``` +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | |---|---|---| | @timestamp | Event timestamp. | date | -| client.ip | IP address of the client (IPv4 or IPv6). | ip | -| client.port | Port of the client. | long | | data_stream.dataset | Data stream dataset. | constant_keyword | | data_stream.namespace | Data stream namespace. | constant_keyword | | data_stream.type | Data stream type. | constant_keyword | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | -| error.message | Error message. | match_only_text | -| event.created | event.created contains the date/time when the event was first read by an agent, or by your pipeline. This field is distinct from @timestamp in that @timestamp typically contain the time extracted from the original event. In most situations, these two timestamps will be slightly different. The difference can be used to calculate the delay between your source generating an event, and the time when your agent first processed it. This can be used to monitor your agent's or pipeline's ability to keep up with your event source. In case the two timestamps are identical, @timestamp should be used. | date | | event.dataset | Event dataset | constant_keyword | -| event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword | | event.module | Event module | constant_keyword | -| event.type | This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. `event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. This field is an array. This will allow proper categorization of some events that fall in multiple event types. | keyword | | input.type | Type of Filebeat input. | keyword | -| log.file.path | Full path to the log file this event came from. | keyword | -| log.level | Original log level of the log event. If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). Some examples are `warn`, `err`, `i`, `informational`. | keyword | | log.offset | Offset of the entry in the log file. | long | -| message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | -| process.pid | Process id. | long | -| related.ip | All of the IPs seen on your event. | ip | | stan.log.client.id | The id of the client | integer | | stan.log.msg.bytes | Size of the payload in bytes | long | | stan.log.msg.error.message | Details about the error occurred | text | @@ -109,7 +100,6 @@ An example event for `log` looks as following: | stan.log.msg.sid | The unique alphanumeric subscription ID of the subject | integer | | stan.log.msg.subject | Subject name this message was received on | keyword | | stan.log.msg.type | The protocol message type | keyword | -| tags | List of keywords used to tag each event. | keyword | ## Metrics @@ -125,13 +115,13 @@ An example event for `stats` looks as following: ```json { - "@timestamp": "2022-01-12T04:12:59.760Z", + "@timestamp": "2024-06-18T10:42:35.470Z", "agent": { - "ephemeral_id": "6e4beb8a-ccda-438d-b3f4-e89b98e870d8", - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "ephemeral_id": "b30d1b07-36f0-4e5f-9f80-56b6015fb855", + "id": "21652d23-59b4-4d65-a341-ede15f919642", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "8.0.0-beta1" + "version": "8.13.0" }, "data_stream": { "dataset": "stan.stats", @@ -139,40 +129,36 @@ An example event for `stats` looks as following: "type": "metrics" }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, "elastic_agent": { - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "id": "21652d23-59b4-4d65-a341-ede15f919642", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", "dataset": "stan.stats", - "duration": 15794254, - "ingested": "2022-01-12T04:13:00Z", + "duration": 1823495, + "ingested": "2024-06-18T10:42:47Z", "module": "stan" }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", - "id": "4ccba669f0df47fa3f57a9e4169ae7f1", - "ip": [ - "172.18.0.4" - ], - "mac": [ - "02:42:ac:12:00:04" - ], + "id": "8259e024976a406e8a54cdbffeb84fec", + "ip": "192.168.252.5", + "mac": "02-42-C0-A8-FC-05", "name": "docker-fleet-agent", "os": { - "codename": "Core", - "family": "redhat", - "kernel": "5.11.0-44-generic", - "name": "CentOS Linux", - "platform": "centos", + "codename": "focal", + "family": "debian", + "kernel": "3.10.0-1160.102.1.el7.x86_64", + "name": "Ubuntu", + "platform": "ubuntu", "type": "linux", - "version": "7 (Core)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "metricset": { @@ -188,7 +174,7 @@ An example event for `stats` looks as following: "id": "test-cluster" }, "server": { - "id": "JQCbrpPJGBxuQGsQ9Yx4Xs" + "id": "I9vNI3muOuNoem5vuoyo5z" }, "stats": { "bytes": 0, @@ -202,6 +188,10 @@ An example event for `stats` looks as following: } ``` +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | Metric Type | @@ -217,12 +207,10 @@ An example event for `stats` looks as following: | data_stream.dataset | Data stream dataset. | constant_keyword | | | data_stream.namespace | Data stream namespace. | constant_keyword | | | data_stream.type | Data stream type. | constant_keyword | | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | | event.dataset | Event dataset | constant_keyword | | | event.module | Event module | constant_keyword | | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | | service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | | -| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | | stan.cluster.id | The cluster ID | keyword | | | stan.server.id | The server ID | keyword | | | stan.stats.bytes | Number of bytes consumed across all STAN queues | long | counter | @@ -243,13 +231,13 @@ An example event for `channels` looks as following: ```json { - "@timestamp": "2022-01-12T04:11:05.571Z", + "@timestamp": "2024-06-18T10:40:33.161Z", "agent": { - "ephemeral_id": "02c989d8-8cf2-4e65-bf07-a8e93785fdaa", - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "ephemeral_id": "2f2befc0-8f03-49d7-b5bf-8131709857b6", + "id": "21652d23-59b4-4d65-a341-ede15f919642", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "8.0.0-beta1" + "version": "8.13.0" }, "data_stream": { "dataset": "stan.channels", @@ -257,40 +245,36 @@ An example event for `channels` looks as following: "type": "metrics" }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, "elastic_agent": { - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "id": "21652d23-59b4-4d65-a341-ede15f919642", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", "dataset": "stan.channels", - "duration": 22264899, - "ingested": "2022-01-12T04:11:06Z", + "duration": 3556501, + "ingested": "2024-06-18T10:40:45Z", "module": "stan" }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", - "id": "4ccba669f0df47fa3f57a9e4169ae7f1", - "ip": [ - "172.18.0.4" - ], - "mac": [ - "02:42:ac:12:00:04" - ], + "id": "8259e024976a406e8a54cdbffeb84fec", + "ip": "192.168.252.5", + "mac": "02-42-C0-A8-FC-05", "name": "docker-fleet-agent", "os": { - "codename": "Core", - "family": "redhat", - "kernel": "5.11.0-44-generic", - "name": "CentOS Linux", - "platform": "centos", + "codename": "focal", + "family": "debian", + "kernel": "3.10.0-1160.102.1.el7.x86_64", + "name": "Ubuntu", + "platform": "ubuntu", "type": "linux", - "version": "7 (Core)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "metricset": { @@ -314,12 +298,16 @@ An example event for `channels` looks as following: "id": "test-cluster" }, "server": { - "id": "dEvzTKomxEioLU6oP1VuXM" + "id": "KJXiShxwxsi2oNAUH1Rlzn" } } } ``` +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | Metric Type | @@ -335,12 +323,10 @@ An example event for `channels` looks as following: | data_stream.dataset | Data stream dataset. | constant_keyword | | | data_stream.namespace | Data stream namespace. | constant_keyword | | | data_stream.type | Data stream type. | constant_keyword | | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | | event.dataset | Event dataset | constant_keyword | | | event.module | Event module | constant_keyword | | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | | service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | | -| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | | stan.channels.bytes | The number of STAN bytes in the channel | long | counter | | stan.channels.depth | Queue depth based upon current sequence number and highest reported subscriber sequence number | long | gauge | | stan.channels.first_seq | First sequence number stored in the channel. If first_seq \> min([seq in subscriptions]) data loss has possibly occurred | long | | @@ -360,13 +346,13 @@ An example event for `subscriptions` looks as following: ```json { - "@timestamp": "2022-01-12T04:13:52.133Z", + "@timestamp": "2024-06-18T10:43:38.692Z", "agent": { - "ephemeral_id": "edb669a5-3b36-43d7-8190-d485d6517f69", - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "ephemeral_id": "871b52f0-2644-4638-811c-1b0befe0ee13", + "id": "21652d23-59b4-4d65-a341-ede15f919642", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "8.0.0-beta1" + "version": "8.13.0" }, "data_stream": { "dataset": "stan.subscriptions", @@ -374,40 +360,36 @@ An example event for `subscriptions` looks as following: "type": "metrics" }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, "elastic_agent": { - "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", + "id": "21652d23-59b4-4d65-a341-ede15f919642", "snapshot": false, - "version": "8.0.0-beta1" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", "dataset": "stan.subscriptions", - "duration": 6243276, - "ingested": "2022-01-12T04:13:53Z", + "duration": 1947519984, + "ingested": "2024-06-18T10:43:50Z", "module": "stan" }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", - "id": "4ccba669f0df47fa3f57a9e4169ae7f1", - "ip": [ - "172.18.0.4" - ], - "mac": [ - "02:42:ac:12:00:04" - ], + "id": "8259e024976a406e8a54cdbffeb84fec", + "ip": "192.168.252.5", + "mac": "02-42-C0-A8-FC-05", "name": "docker-fleet-agent", "os": { - "codename": "Core", - "family": "redhat", - "kernel": "5.11.0-44-generic", - "name": "CentOS Linux", - "platform": "centos", + "codename": "focal", + "family": "debian", + "kernel": "3.10.0-1160.102.1.el7.x86_64", + "name": "Ubuntu", + "platform": "ubuntu", "type": "linux", - "version": "7 (Core)" + "version": "20.04.6 LTS (Focal Fossa)" } }, "metricset": { @@ -423,11 +405,11 @@ An example event for `subscriptions` looks as following: "id": "test-cluster" }, "server": { - "id": "NevWjtY7nB1yzea8TtJaGb" + "id": "SwiO2nzNV8CW27j45QPnFz" }, "subscriptions": { "channel": "foo", - "id": "benchmark-sub-25", + "id": "benchmark-sub-23", "last_sent": 0, "offline": false, "pending": 0, @@ -438,6 +420,10 @@ An example event for `subscriptions` looks as following: } ``` +**ECS Field Reference** + +Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields. + **Exported fields** | Field | Description | Type | Metric Type | @@ -453,12 +439,10 @@ An example event for `subscriptions` looks as following: | data_stream.dataset | Data stream dataset. | constant_keyword | | | data_stream.namespace | Data stream namespace. | constant_keyword | | | data_stream.type | Data stream type. | constant_keyword | | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | | event.dataset | Event dataset | constant_keyword | | | event.module | Event module | constant_keyword | | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | | | service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | | -| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | | stan.cluster.id | The cluster ID | keyword | | | stan.server.id | The server ID | keyword | | | stan.subscriptions.channel | The name of the STAN channel the subscription is associated with | keyword | | diff --git a/packages/stan/manifest.yml b/packages/stan/manifest.yml index 96575c6d7ac3..7a168cdec288 100644 --- a/packages/stan/manifest.yml +++ b/packages/stan/manifest.yml @@ -1,6 +1,6 @@ name: stan title: STAN -version: 1.6.0 +version: 1.7.0 release: ga description: Collect logs and metrics from STAN servers with Elastic Agent. type: integration @@ -14,7 +14,8 @@ license: basic categories: - observability conditions: - kibana.version: "^8.10.2" + kibana: + version: "^8.13.0" screenshots: - src: /img/metrics-stan-overview.png title: Metrics STAN Dashboard diff --git a/packages/statsd_input/_dev/build/build.yml b/packages/statsd_input/_dev/build/build.yml index 2c10980d4b03..2bfcfc223b04 100644 --- a/packages/statsd_input/_dev/build/build.yml +++ b/packages/statsd_input/_dev/build/build.yml @@ -1,4 +1,3 @@ dependencies: ecs: - reference: git@v8.7.0 - + reference: "git@v8.11.0" diff --git a/packages/statsd_input/changelog.yml b/packages/statsd_input/changelog.yml index d6e297103e14..a83442ae15c5 100644 --- a/packages/statsd_input/changelog.yml +++ b/packages/statsd_input/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.4.0" + changes: + - description: ECS version updated to 8.11.0. Update the kibana constraint to ^8.13.0. Modified the field definitions to remove ECS fields made redundant by the ecs@mappings component template. + type: enhancement + link: https://github.com/elastic/integrations/pull/10171 - version: "0.3.0" changes: - description: Update to Kibana 8.11 to support enhanced statsd implementation, and fix system test cases. diff --git a/packages/statsd_input/fields/base-fields.yml b/packages/statsd_input/fields/base-fields.yml index b2f0cf952931..14017be5fb29 100644 --- a/packages/statsd_input/fields/base-fields.yml +++ b/packages/statsd_input/fields/base-fields.yml @@ -6,5 +6,3 @@ external: ecs - name: '@timestamp' external: ecs -- name: service.type - external: ecs diff --git a/packages/statsd_input/fields/ecs.yml b/packages/statsd_input/fields/ecs.yml deleted file mode 100644 index f99c50be49de..000000000000 --- a/packages/statsd_input/fields/ecs.yml +++ /dev/null @@ -1,2 +0,0 @@ -- name: ecs.version - external: ecs diff --git a/packages/statsd_input/manifest.yml b/packages/statsd_input/manifest.yml index 6f0b2257371f..554ede8a6bf7 100644 --- a/packages/statsd_input/manifest.yml +++ b/packages/statsd_input/manifest.yml @@ -1,13 +1,14 @@ format_version: 2.0.0 name: statsd_input title: StatsD Input -version: "0.3.0" +version: "0.4.0" description: StatsD Input Package type: input categories: - observability conditions: - kibana.version: "^8.11.0" + kibana: + version: "^8.13.0" elastic.subscription: "basic" icons: - src: /img/statsd.svg diff --git a/packages/statsd_input/sample_event.json b/packages/statsd_input/sample_event.json index 30c85427a9af..0f3d6eeb459a 100644 --- a/packages/statsd_input/sample_event.json +++ b/packages/statsd_input/sample_event.json @@ -1,11 +1,11 @@ { - "@timestamp": "2024-04-15T14:06:01.418Z", + "@timestamp": "2024-06-19T06:26:36.664Z", "agent": { - "ephemeral_id": "ee629c67-5780-4bfd-83c0-c89a032eba12", - "id": "b2bdd114-8042-4441-bd68-123aee9eca3b", + "ephemeral_id": "f9a3bc3e-14ed-4245-a140-38032ec3e459", + "id": "b138c66d-6261-4eac-a652-7f30ea89bcfc", "name": "docker-fleet-agent", "type": "metricbeat", - "version": "8.11.0" + "version": "8.13.0" }, "data_stream": { "dataset": "statsd_input.statsd", @@ -16,26 +16,26 @@ "version": "8.0.0" }, "elastic_agent": { - "id": "b2bdd114-8042-4441-bd68-123aee9eca3b", + "id": "b138c66d-6261-4eac-a652-7f30ea89bcfc", "snapshot": false, - "version": "8.11.0" + "version": "8.13.0" }, "event": { "agent_id_status": "verified", "dataset": "statsd_input.statsd", - "ingested": "2024-04-15T14:06:02Z", + "ingested": "2024-06-19T06:26:46Z", "module": "statsd" }, "host": { "architecture": "x86_64", "containerized": true, "hostname": "docker-fleet-agent", - "id": "d7fd92f5e61644938d48518adcee73ad", + "id": "8259e024976a406e8a54cdbffeb84fec", "ip": [ - "172.25.0.7" + "192.168.253.7" ], "mac": [ - "02-42-AC-19-00-07" + "02-42-C0-A8-FD-07" ], "name": "docker-fleet-agent", "os": { @@ -56,8 +56,8 @@ "type": "statsd" }, "statsd": { - "python_counter": { - "count": 4 + "python_gauge_foo": { + "value": 10 } } } \ No newline at end of file