Regenerating golden files

elastic · Dec 28, 2018 · d9a2bac · d9a2bac
1 parent 6fea5c6
commit d9a2bac
Show file tree

Hide file tree

Showing 5 changed files with 673 additions and 673 deletions.
diff --git a/filebeat/module/elasticsearch/audit/test/test.log-expected.json b/filebeat/module/elasticsearch/audit/test/test.log-expected.json
@@ -1,114 +1,114 @@
 [
     {
-        "@timestamp": "2018-06-19T05:16:15.549Z",
-        "ecs.version": "1.0.0-beta2",
-        "elasticsearch.audit.event_type": "authentication_failed",
-        "elasticsearch.audit.layer": "rest",
-        "elasticsearch.audit.origin_address": "147.107.128.77",
-        "elasticsearch.audit.principal": "i030648",
-        "elasticsearch.audit.uri": "/_xpack/security/_authenticate",
-        "event.dataset": "audit",
-        "event.module": "elasticsearch",
-        "input.type": "log",
-        "log.offset": 0,
-        "message": "[2018-06-19T05:16:15,549] [rest] [authentication_failed]        origin_address=[147.107.128.77], principal=[i030648], uri=[/_xpack/security/_authenticate]",
+        "@timestamp": "2018-06-19T05:16:15.549Z", 
+        "ecs.version": "1.0.0-beta2", 
+        "elasticsearch.audit.event_type": "authentication_failed", 
+        "elasticsearch.audit.layer": "rest", 
+        "elasticsearch.audit.origin_address": "147.107.128.77", 
+        "elasticsearch.audit.principal": "i030648", 
+        "elasticsearch.audit.uri": "/_xpack/security/_authenticate", 
+        "event.dataset": "audit", 
+        "event.module": "elasticsearch", 
+        "input.type": "log", 
+        "log.offset": 0, 
+        "message": "[2018-06-19T05:16:15,549] [rest] [authentication_failed]        origin_address=[147.107.128.77], principal=[i030648], uri=[/_xpack/security/_authenticate]", 
         "service.name": "elasticsearch"
-    },
+    }, 
     {
-        "@timestamp": "2018-06-19T05:07:52.304Z",
-        "ecs.version": "1.0.0-beta2",
-        "elasticsearch.audit.event_type": "authentication_failed",
-        "elasticsearch.audit.layer": "rest",
-        "elasticsearch.audit.origin_address": "172.22.0.3",
-        "elasticsearch.audit.principal": "rado",
-        "elasticsearch.audit.uri": "/_xpack/security/_authenticate",
-        "elasticsearch.node.name": "v_VJhjV",
-        "event.dataset": "audit",
-        "event.module": "elasticsearch",
-        "input.type": "log",
-        "log.offset": 155,
-        "message": "[2018-06-19T05:07:52,304] [v_VJhjV] [rest] [authentication_failed]\torigin_address=[172.22.0.3], principal=[rado], uri=[/_xpack/security/_authenticate]",
+        "@timestamp": "2018-06-19T05:07:52.304Z", 
+        "ecs.version": "1.0.0-beta2", 
+        "elasticsearch.audit.event_type": "authentication_failed", 
+        "elasticsearch.audit.layer": "rest", 
+        "elasticsearch.audit.origin_address": "172.22.0.3", 
+        "elasticsearch.audit.principal": "rado", 
+        "elasticsearch.audit.uri": "/_xpack/security/_authenticate", 
+        "elasticsearch.node.name": "v_VJhjV", 
+        "event.dataset": "audit", 
+        "event.module": "elasticsearch", 
+        "input.type": "log", 
+        "log.offset": 155, 
+        "message": "[2018-06-19T05:07:52,304] [v_VJhjV] [rest] [authentication_failed]\torigin_address=[172.22.0.3], principal=[rado], uri=[/_xpack/security/_authenticate]", 
         "service.name": "elasticsearch"
-    },
+    }, 
     {
-        "@timestamp": "2018-06-19T05:00:15.778Z",
-        "ecs.version": "1.0.0-beta2",
-        "elasticsearch.audit.action": "indices:data/read/scroll/clear",
-        "elasticsearch.audit.event_type": "access_granted",
-        "elasticsearch.audit.layer": "transport",
-        "elasticsearch.audit.origin_address": "192.168.1.165",
-        "elasticsearch.audit.origin_type": "local_node",
-        "elasticsearch.audit.principal": "_xpack_security",
-        "elasticsearch.audit.request": "ClearScrollRequest",
-        "event.dataset": "audit",
-        "event.module": "elasticsearch",
-        "input.type": "log",
-        "log.offset": 306,
-        "message": "[2018-06-19T05:00:15,778] [transport] [access_granted]  origin_type=[local_node], origin_address=[192.168.1.165], principal=[_xpack_security], action=[indices:data/read/scroll/clear], request=[ClearScrollRequest]",
+        "@timestamp": "2018-06-19T05:00:15.778Z", 
+        "ecs.version": "1.0.0-beta2", 
+        "elasticsearch.audit.action": "indices:data/read/scroll/clear", 
+        "elasticsearch.audit.event_type": "access_granted", 
+        "elasticsearch.audit.layer": "transport", 
+        "elasticsearch.audit.origin_address": "192.168.1.165", 
+        "elasticsearch.audit.origin_type": "local_node", 
+        "elasticsearch.audit.principal": "_xpack_security", 
+        "elasticsearch.audit.request": "ClearScrollRequest", 
+        "event.dataset": "audit", 
+        "event.module": "elasticsearch", 
+        "input.type": "log", 
+        "log.offset": 306, 
+        "message": "[2018-06-19T05:00:15,778] [transport] [access_granted]  origin_type=[local_node], origin_address=[192.168.1.165], principal=[_xpack_security], action=[indices:data/read/scroll/clear], request=[ClearScrollRequest]", 
         "service.name": "elasticsearch"
-    },
+    }, 
     {
-        "@timestamp": "2018-06-19T05:07:45.544Z",
-        "ecs.version": "1.0.0-beta2",
-        "elasticsearch.audit.event_type": "anonymous_access_denied",
-        "elasticsearch.audit.layer": "rest",
-        "elasticsearch.audit.origin_address": "172.22.0.3",
-        "elasticsearch.audit.uri": "/_xpack/security/_authenticate",
-        "elasticsearch.node.name": "v_VJhjV",
-        "event.dataset": "audit",
-        "event.module": "elasticsearch",
-        "input.type": "log",
-        "log.offset": 519,
-        "message": "[2018-06-19T05:07:45,544] [v_VJhjV] [rest] [anonymous_access_denied]\torigin_address=[172.22.0.3], uri=[/_xpack/security/_authenticate]",
+        "@timestamp": "2018-06-19T05:07:45.544Z", 
+        "ecs.version": "1.0.0-beta2", 
+        "elasticsearch.audit.event_type": "anonymous_access_denied", 
+        "elasticsearch.audit.layer": "rest", 
+        "elasticsearch.audit.origin_address": "172.22.0.3", 
+        "elasticsearch.audit.uri": "/_xpack/security/_authenticate", 
+        "elasticsearch.node.name": "v_VJhjV", 
+        "event.dataset": "audit", 
+        "event.module": "elasticsearch", 
+        "input.type": "log", 
+        "log.offset": 519, 
+        "message": "[2018-06-19T05:07:45,544] [v_VJhjV] [rest] [anonymous_access_denied]\torigin_address=[172.22.0.3], uri=[/_xpack/security/_authenticate]", 
         "service.name": "elasticsearch"
-    },
+    }, 
     {
-        "@timestamp": "2018-06-19T05:26:27.268Z",
-        "ecs.version": "1.0.0-beta2",
-        "elasticsearch.audit.event_type": "authentication_failed",
-        "elasticsearch.audit.layer": "rest",
-        "elasticsearch.audit.origin_address": "147.107.128.77",
-        "elasticsearch.audit.principal": "N078801",
-        "elasticsearch.audit.uri": "/_xpack/security/_authenticate",
-        "event.dataset": "audit",
-        "event.module": "elasticsearch",
-        "input.type": "log",
-        "log.offset": 654,
-        "message": "[2018-06-19T05:26:27,268] [rest] [authentication_failed]\torigin_address=[147.107.128.77], principal=[N078801], uri=[/_xpack/security/_authenticate]",
+        "@timestamp": "2018-06-19T05:26:27.268Z", 
+        "ecs.version": "1.0.0-beta2", 
+        "elasticsearch.audit.event_type": "authentication_failed", 
+        "elasticsearch.audit.layer": "rest", 
+        "elasticsearch.audit.origin_address": "147.107.128.77", 
+        "elasticsearch.audit.principal": "N078801", 
+        "elasticsearch.audit.uri": "/_xpack/security/_authenticate", 
+        "event.dataset": "audit", 
+        "event.module": "elasticsearch", 
+        "input.type": "log", 
+        "log.offset": 654, 
+        "message": "[2018-06-19T05:26:27,268] [rest] [authentication_failed]\torigin_address=[147.107.128.77], principal=[N078801], uri=[/_xpack/security/_authenticate]", 
         "service.name": "elasticsearch"
-    },
+    }, 
     {
-        "@timestamp": "2018-06-19T05:55:26.898Z",
-        "ecs.version": "1.0.0-beta2",
-        "elasticsearch.audit.action": "cluster:monitor/main",
-        "elasticsearch.audit.event_type": "access_denied",
-        "elasticsearch.audit.layer": "transport",
-        "elasticsearch.audit.origin_address": "147.107.128.77",
-        "elasticsearch.audit.origin_type": "rest",
-        "elasticsearch.audit.principal": "_anonymous",
-        "elasticsearch.audit.request": "MainRequest",
-        "event.dataset": "audit",
-        "event.module": "elasticsearch",
-        "input.type": "log",
-        "log.offset": 802,
-        "message": "[2018-06-19T05:55:26,898] [transport] [access_denied]\torigin_type=[rest], origin_address=[147.107.128.77], principal=[_anonymous], action=[cluster:monitor/main], request=[MainRequest]",
+        "@timestamp": "2018-06-19T05:55:26.898Z", 
+        "ecs.version": "1.0.0-beta2", 
+        "elasticsearch.audit.action": "cluster:monitor/main", 
+        "elasticsearch.audit.event_type": "access_denied", 
+        "elasticsearch.audit.layer": "transport", 
+        "elasticsearch.audit.origin_address": "147.107.128.77", 
+        "elasticsearch.audit.origin_type": "rest", 
+        "elasticsearch.audit.principal": "_anonymous", 
+        "elasticsearch.audit.request": "MainRequest", 
+        "event.dataset": "audit", 
+        "event.module": "elasticsearch", 
+        "input.type": "log", 
+        "log.offset": 802, 
+        "message": "[2018-06-19T05:55:26,898] [transport] [access_denied]\torigin_type=[rest], origin_address=[147.107.128.77], principal=[_anonymous], action=[cluster:monitor/main], request=[MainRequest]", 
         "service.name": "elasticsearch"
-    },
+    }, 
     {
-        "@timestamp": "2018-06-19T05:24:15.190Z",
-        "ecs.version": "1.0.0-beta2",
-        "elasticsearch.audit.event_type": "authentication_failed",
-        "elasticsearch.audit.layer": "rest",
-        "elasticsearch.audit.origin_address": "172.18.0.3",
-        "elasticsearch.audit.principal": "elastic",
-        "elasticsearch.audit.request_body": "body",
-        "elasticsearch.audit.uri": "/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip",
-        "elasticsearch.node.name": "v_VJhjV",
-        "event.dataset": "audit",
-        "event.module": "elasticsearch",
-        "input.type": "log",
-        "log.offset": 986,
-        "message": "[2018-06-19T05:24:15,190] [v_VJhjV] [rest] [authentication_failed]\torigin_address=[172.18.0.3], principal=[elastic], uri=[/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip], request_body=[body]",
+        "@timestamp": "2018-06-19T05:24:15.190Z", 
+        "ecs.version": "1.0.0-beta2", 
+        "elasticsearch.audit.event_type": "authentication_failed", 
+        "elasticsearch.audit.layer": "rest", 
+        "elasticsearch.audit.origin_address": "172.18.0.3", 
+        "elasticsearch.audit.principal": "elastic", 
+        "elasticsearch.audit.request_body": "body", 
+        "elasticsearch.audit.uri": "/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip", 
+        "elasticsearch.node.name": "v_VJhjV", 
+        "event.dataset": "audit", 
+        "event.module": "elasticsearch", 
+        "input.type": "log", 
+        "log.offset": 986, 
+        "message": "[2018-06-19T05:24:15,190] [v_VJhjV] [rest] [authentication_failed]\torigin_address=[172.18.0.3], principal=[elastic], uri=[/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip], request_body=[body]", 
         "service.name": "elasticsearch"
     }
-]
+]
diff --git a/filebeat/module/elasticsearch/deprecation/test/elasticsearch_deprecation.log-expected.json b/filebeat/module/elasticsearch/deprecation/test/elasticsearch_deprecation.log-expected.json
@@ -1,50 +1,50 @@
 [
     {
-        "@timestamp": "2018-04-23T16:40:13.737Z",
-        "ecs.version": "1.0.0-beta2",
-        "elasticsearch.server.component": "o.e.d.a.a.i.t.p.PutIndexTemplateRequest",
-        "event.dataset": "deprecation",
-        "event.module": "elasticsearch",
-        "input.type": "log",
-        "log.level": "WARN",
-        "log.offset": 0,
-        "message": "Deprecated field [template] used, replaced by [index_patterns]",
+        "@timestamp": "2018-04-23T16:40:13.737Z", 
+        "ecs.version": "1.0.0-beta2", 
+        "elasticsearch.server.component": "o.e.d.a.a.i.t.p.PutIndexTemplateRequest", 
+        "event.dataset": "deprecation", 
+        "event.module": "elasticsearch", 
+        "input.type": "log", 
+        "log.level": "WARN", 
+        "log.offset": 0, 
+        "message": "Deprecated field [template] used, replaced by [index_patterns]", 
         "service.name": "elasticsearch"
-    },
+    }, 
     {
-        "@timestamp": "2018-04-23T16:40:13.862Z",
-        "ecs.version": "1.0.0-beta2",
-        "elasticsearch.server.component": "o.e.d.a.a.i.t.p.PutIndexTemplateRequest",
-        "event.dataset": "deprecation",
-        "event.module": "elasticsearch",
-        "input.type": "log",
-        "log.level": "WARN",
-        "log.offset": 137,
-        "message": "Deprecated field [template] used, replaced by [index_patterns]",
+        "@timestamp": "2018-04-23T16:40:13.862Z", 
+        "ecs.version": "1.0.0-beta2", 
+        "elasticsearch.server.component": "o.e.d.a.a.i.t.p.PutIndexTemplateRequest", 
+        "event.dataset": "deprecation", 
+        "event.module": "elasticsearch", 
+        "input.type": "log", 
+        "log.level": "WARN", 
+        "log.offset": 137, 
+        "message": "Deprecated field [template] used, replaced by [index_patterns]", 
         "service.name": "elasticsearch"
-    },
+    }, 
     {
-        "@timestamp": "2018-04-23T16:40:14.792Z",
-        "ecs.version": "1.0.0-beta2",
-        "elasticsearch.server.component": "o.e.d.a.a.i.t.p.PutIndexTemplateRequest",
-        "event.dataset": "deprecation",
-        "event.module": "elasticsearch",
-        "input.type": "log",
-        "log.level": "WARN",
-        "log.offset": 274,
-        "message": "Deprecated field [template] used, replaced by [index_patterns]",
+        "@timestamp": "2018-04-23T16:40:14.792Z", 
+        "ecs.version": "1.0.0-beta2", 
+        "elasticsearch.server.component": "o.e.d.a.a.i.t.p.PutIndexTemplateRequest", 
+        "event.dataset": "deprecation", 
+        "event.module": "elasticsearch", 
+        "input.type": "log", 
+        "log.level": "WARN", 
+        "log.offset": 274, 
+        "message": "Deprecated field [template] used, replaced by [index_patterns]", 
         "service.name": "elasticsearch"
-    },
+    }, 
     {
-        "@timestamp": "2018-04-23T16:40:15.127Z",
-        "ecs.version": "1.0.0-beta2",
-        "elasticsearch.server.component": "o.e.d.a.a.i.t.p.PutIndexTemplateRequest",
-        "event.dataset": "deprecation",
-        "event.module": "elasticsearch",
-        "input.type": "log",
-        "log.level": "WARN",
-        "log.offset": 411,
-        "message": "Deprecated field [template] used, replaced by [index_patterns]",
+        "@timestamp": "2018-04-23T16:40:15.127Z", 
+        "ecs.version": "1.0.0-beta2", 
+        "elasticsearch.server.component": "o.e.d.a.a.i.t.p.PutIndexTemplateRequest", 
+        "event.dataset": "deprecation", 
+        "event.module": "elasticsearch", 
+        "input.type": "log", 
+        "log.level": "WARN", 
+        "log.offset": 411, 
+        "message": "Deprecated field [template] used, replaced by [index_patterns]", 
         "service.name": "elasticsearch"
     }
-]
+]