From dfd1c37928859c3913aa85fe8eee22deb6d08f0e Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Fri, 17 Apr 2020 04:17:58 -0700 Subject: [PATCH] Handle ECS-compatible deprecation logs emitted by ES 8.0.0+ (#17728) * Adding sample logs * Handle ECS-compatible deprecation logs emitted by ES 8.0.0+ * Adding CHANGELOG entry --- CHANGELOG.next.asciidoc | 1 + .../deprecation/ingest/pipeline-json.yml | 40 ++- .../deprecation/ingest/pipeline.yml | 5 +- .../test/es_deprecation-json.800.log | 15 + .../es_deprecation-json.800.log-expected.json | 332 ++++++++++++++++++ 5 files changed, 391 insertions(+), 2 deletions(-) create mode 100644 filebeat/module/elasticsearch/deprecation/test/es_deprecation-json.800.log create mode 100644 filebeat/module/elasticsearch/deprecation/test/es_deprecation-json.800.log-expected.json diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index ec007636b24..2d16d2393a7 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -257,6 +257,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Release Google Cloud module as GA. {pull}17511[17511] - Improve ECS categorization field mappings for nats module. {issue}16173[16173] {pull}17550[17550] - Enhance `elasticsearch/server` fileset to handle ECS-compatible logs emitted by Elasticsearch. {issue}17715[17715] {pull}17714[17714] +- Enhance `elasticsearch/deprecation` fileset to handle ECS-compatible logs emitted by Elasticsearch. {issue}17715[17715] {pull}17728[17728] - Enhance `elasticsearch/slowlog` fileset to handle ECS-compatible logs emitted by Elasticsearch. {issue}17715[17715] {pull}17729[17729] *Heartbeat* diff --git a/filebeat/module/elasticsearch/deprecation/ingest/pipeline-json.yml b/filebeat/module/elasticsearch/deprecation/ingest/pipeline-json.yml index 43c9bbdd6e2..69ea1f0f59f 100644 --- a/filebeat/module/elasticsearch/deprecation/ingest/pipeline-json.yml +++ b/filebeat/module/elasticsearch/deprecation/ingest/pipeline-json.yml @@ -11,12 +11,42 @@ processors: if: ctx.elasticsearch.deprecation.type != 'deprecation' - remove: field: elasticsearch.deprecation.type +- dot_expander: + field: service.name + path: elasticsearch.deprecation +- rename: + field: elasticsearch.deprecation.service.name + target_field: service.name + ignore_missing: true - rename: field: elasticsearch.deprecation.level target_field: log.level + ignore_missing: true +- dot_expander: + field: log.level + path: elasticsearch.deprecation +- rename: + field: elasticsearch.deprecation.log.level + target_field: log.level + ignore_missing: true +- dot_expander: + field: log.logger + path: elasticsearch.deprecation +- rename: + field: elasticsearch.deprecation.log.logger + target_field: log.logger + ignore_missing: true +- dot_expander: + field: process.thread.name + path: elasticsearch.deprecation +- rename: + field: elasticsearch.deprecation.process.thread.name + target_field: process.thread.name + ignore_missing: true - rename: field: elasticsearch.deprecation.component target_field: elasticsearch.component + ignore_missing: true - dot_expander: field: cluster.name path: elasticsearch.deprecation @@ -48,9 +78,17 @@ processors: - rename: field: elasticsearch.deprecation.message target_field: message -- date: +- rename: + field: elasticsearch.deprecation.@timestamp + target_field: '@timestamp' + ignore_missing: true +- rename: field: elasticsearch.deprecation.timestamp target_field: '@timestamp' + ignore_missing: true +- date: + field: '@timestamp' + target_field: '@timestamp' formats: - ISO8601 ignore_failure: true diff --git a/filebeat/module/elasticsearch/deprecation/ingest/pipeline.yml b/filebeat/module/elasticsearch/deprecation/ingest/pipeline.yml index 1fab99c0b16..b306e35498b 100644 --- a/filebeat/module/elasticsearch/deprecation/ingest/pipeline.yml +++ b/filebeat/module/elasticsearch/deprecation/ingest/pipeline.yml @@ -33,7 +33,10 @@ processors: value: "{{elasticsearch.node.name}}" if: "ctx?.elasticsearch?.node?.name != null" - remove: - field: elasticsearch.deprecation.timestamp + field: + - elasticsearch.deprecation.timestamp + - elasticsearch.deprecation.@timestamp + ignore_missing: true - remove: field: - first_char diff --git a/filebeat/module/elasticsearch/deprecation/test/es_deprecation-json.800.log b/filebeat/module/elasticsearch/deprecation/test/es_deprecation-json.800.log new file mode 100644 index 00000000000..888a5d92080 --- /dev/null +++ b/filebeat/module/elasticsearch/deprecation/test/es_deprecation-json.800.log @@ -0,0 +1,15 @@ +{"@timestamp":"2020-04-15T12:35:20.315Z", "log.level": "WARN", "message":"Field parameter [precision] is deprecated and will be removed in a future version." , "service.name":"ES_ECS","process.thread.name":"elasticsearch[integTest-0][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.deprecation.index.mapper.LegacyGeoShapeFieldMapper","type":"deprecation","cluster.uuid":"a0P-i2H5R9-tJqwtF7BL0A","node.id":"FFMF7MVISuCWZMtxGmcGhg","node.name":"integTest-0","cluster.name":"integTest"} +{"@timestamp":"2020-04-15T12:35:20.316Z", "log.level": "WARN", "message":"Field parameter [tree] is deprecated and will be removed in a future version." , "service.name":"ES_ECS","process.thread.name":"elasticsearch[integTest-0][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.deprecation.index.mapper.LegacyGeoShapeFieldMapper","type":"deprecation","cluster.uuid":"a0P-i2H5R9-tJqwtF7BL0A","node.id":"FFMF7MVISuCWZMtxGmcGhg","node.name":"integTest-0","cluster.name":"integTest"} +{"@timestamp":"2020-04-15T12:35:20.366Z", "log.level": "WARN", "message":"Field parameter [precision] is deprecated and will be removed in a future version." , "service.name":"ES_ECS","process.thread.name":"elasticsearch[integTest-0][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.deprecation.index.mapper.LegacyGeoShapeFieldMapper","type":"deprecation","cluster.uuid":"a0P-i2H5R9-tJqwtF7BL0A","node.id":"FFMF7MVISuCWZMtxGmcGhg","node.name":"integTest-0","cluster.name":"integTest"} +{"@timestamp":"2020-04-15T12:35:20.367Z", "log.level": "WARN", "message":"Field parameter [strategy] is deprecated and will be removed in a future version." , "service.name":"ES_ECS","process.thread.name":"elasticsearch[integTest-0][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.deprecation.index.mapper.LegacyGeoShapeFieldMapper","type":"deprecation","cluster.uuid":"a0P-i2H5R9-tJqwtF7BL0A","node.id":"FFMF7MVISuCWZMtxGmcGhg","node.name":"integTest-0","cluster.name":"integTest"} +{"@timestamp":"2020-04-15T12:35:20.479Z", "log.level": "WARN", "message":"Field parameter [precision] is deprecated and will be removed in a future version." , "service.name":"ES_ECS","process.thread.name":"elasticsearch[integTest-0][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.deprecation.index.mapper.LegacyGeoShapeFieldMapper","type":"deprecation","cluster.uuid":"a0P-i2H5R9-tJqwtF7BL0A","node.id":"FFMF7MVISuCWZMtxGmcGhg","node.name":"integTest-0","cluster.name":"integTest"} +{"@timestamp":"2020-04-15T12:35:20.480Z", "log.level": "WARN", "message":"Field parameter [strategy] is deprecated and will be removed in a future version." , "service.name":"ES_ECS","process.thread.name":"elasticsearch[integTest-0][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.deprecation.index.mapper.LegacyGeoShapeFieldMapper","type":"deprecation","cluster.uuid":"a0P-i2H5R9-tJqwtF7BL0A","node.id":"FFMF7MVISuCWZMtxGmcGhg","node.name":"integTest-0","cluster.name":"integTest"} +{"@timestamp":"2020-04-15T12:35:20.481Z", "log.level": "WARN", "message":"Field parameter [precision] is deprecated and will be removed in a future version." , "service.name":"ES_ECS","process.thread.name":"elasticsearch[integTest-0][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.deprecation.index.mapper.LegacyGeoShapeFieldMapper","type":"deprecation","cluster.uuid":"a0P-i2H5R9-tJqwtF7BL0A","node.id":"FFMF7MVISuCWZMtxGmcGhg","node.name":"integTest-0","cluster.name":"integTest"} +{"@timestamp":"2020-04-15T12:35:20.487Z", "log.level": "WARN", "message":"Field parameter [strategy] is deprecated and will be removed in a future version." , "service.name":"ES_ECS","process.thread.name":"elasticsearch[integTest-0][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.deprecation.index.mapper.LegacyGeoShapeFieldMapper","type":"deprecation","cluster.uuid":"a0P-i2H5R9-tJqwtF7BL0A","node.id":"FFMF7MVISuCWZMtxGmcGhg","node.name":"integTest-0","cluster.name":"integTest"} +{"@timestamp":"2020-04-16T13:46:33.582Z", "log.level": "WARN", "message":"[PUT /_xpack/security/user/{username}/_password] is deprecated! Use [PUT /_security/user/{username}/_password] instead." , "service.name":"ES_ECS","process.thread.name":"elasticsearch[n1][http_server_worker][T#3]","log.logger":"org.elasticsearch.deprecation.rest.RestController","type":"deprecation","cluster.uuid":"ZGYecRsDQPK_-ktRec3ZGQ","node.id":"Ni-9zbrZRm24wm7_zNtMTw","node.name":"n1","cluster.name":"es800"} +{"@timestamp":"2020-04-16T13:46:34.219Z", "log.level": "WARN", "message":"[PUT /_xpack/security/user/{username}/_password] is deprecated! Use [PUT /_security/user/{username}/_password] instead." , "service.name":"ES_ECS","process.thread.name":"elasticsearch[n1][http_server_worker][T#4]","log.logger":"org.elasticsearch.deprecation.rest.RestController","type":"deprecation","cluster.uuid":"ZGYecRsDQPK_-ktRec3ZGQ","node.id":"Ni-9zbrZRm24wm7_zNtMTw","node.name":"n1","cluster.name":"es800"} +{"@timestamp":"2020-04-16T13:46:34.339Z", "log.level": "WARN", "message":"[PUT /_xpack/security/user/{username}/_password] is deprecated! Use [PUT /_security/user/{username}/_password] instead." , "service.name":"ES_ECS","process.thread.name":"elasticsearch[n1][http_server_worker][T#5]","log.logger":"org.elasticsearch.deprecation.rest.RestController","type":"deprecation","cluster.uuid":"ZGYecRsDQPK_-ktRec3ZGQ","node.id":"Ni-9zbrZRm24wm7_zNtMTw","node.name":"n1","cluster.name":"es800"} +{"@timestamp":"2020-04-16T13:46:34.455Z", "log.level": "WARN", "message":"[PUT /_xpack/security/user/{username}/_password] is deprecated! Use [PUT /_security/user/{username}/_password] instead." , "service.name":"ES_ECS","process.thread.name":"elasticsearch[n1][http_server_worker][T#6]","log.logger":"org.elasticsearch.deprecation.rest.RestController","type":"deprecation","cluster.uuid":"ZGYecRsDQPK_-ktRec3ZGQ","node.id":"Ni-9zbrZRm24wm7_zNtMTw","node.name":"n1","cluster.name":"es800"} +{"@timestamp":"2020-04-16T13:47:36.309Z", "log.level": "WARN", "message":"index name [.apm-custom-link] starts with a dot '.', in the next major version, index names starting with a dot are reserved for hidden indices and system indices" , "service.name":"ES_ECS","process.thread.name":"elasticsearch[n1][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.deprecation.cluster.metadata.MetadataCreateIndexService","type":"deprecation","cluster.uuid":"ZGYecRsDQPK_-ktRec3ZGQ","node.id":"Ni-9zbrZRm24wm7_zNtMTw","node.name":"n1","cluster.name":"es800"} +{"@timestamp":"2020-04-16T13:55:56.365Z", "log.level": "WARN", "message":"index name [.monitoring-alerts-7] starts with a dot '.', in the next major version, index names starting with a dot are reserved for hidden indices and system indices" , "service.name":"ES_ECS","process.thread.name":"elasticsearch[n1][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.deprecation.cluster.metadata.MetadataCreateIndexService","type":"deprecation","cluster.uuid":"ZGYecRsDQPK_-ktRec3ZGQ","node.id":"Ni-9zbrZRm24wm7_zNtMTw","node.name":"n1","cluster.name":"es800"} +{"@timestamp":"2020-04-16T13:56:14.697Z", "log.level": "WARN", "message":"[types removal] Using the _type field in queries and aggregations is deprecated, prefer to use a field instead." , "service.name":"ES_ECS","process.thread.name":"elasticsearch[n1][search][T#7]","log.logger":"org.elasticsearch.deprecation.index.query.QueryShardContext","type":"deprecation","cluster.uuid":"ZGYecRsDQPK_-ktRec3ZGQ","node.id":"Ni-9zbrZRm24wm7_zNtMTw","node.name":"n1","cluster.name":"es800"} diff --git a/filebeat/module/elasticsearch/deprecation/test/es_deprecation-json.800.log-expected.json b/filebeat/module/elasticsearch/deprecation/test/es_deprecation-json.800.log-expected.json new file mode 100644 index 00000000000..89f625d1f17 --- /dev/null +++ b/filebeat/module/elasticsearch/deprecation/test/es_deprecation-json.800.log-expected.json @@ -0,0 +1,332 @@ +[ + { + "@timestamp": "2020-04-15T12:35:20.315Z", + "elasticsearch.cluster.name": "integTest", + "elasticsearch.cluster.uuid": "a0P-i2H5R9-tJqwtF7BL0A", + "elasticsearch.node.id": "FFMF7MVISuCWZMtxGmcGhg", + "elasticsearch.node.name": "integTest-0", + "event.category": "database", + "event.dataset": "elasticsearch.deprecation", + "event.kind": "event", + "event.module": "elasticsearch", + "event.type": "info", + "fileset.name": "deprecation", + "host.id": "FFMF7MVISuCWZMtxGmcGhg", + "input.type": "log", + "log.level": "WARN", + "log.logger": "org.elasticsearch.deprecation.index.mapper.LegacyGeoShapeFieldMapper", + "log.offset": 0, + "message": "Field parameter [precision] is deprecated and will be removed in a future version.", + "process.thread.name": "elasticsearch[integTest-0][masterService#updateTask][T#1]", + "service.name": "ES_ECS", + "service.type": "elasticsearch" + }, + { + "@timestamp": "2020-04-15T12:35:20.316Z", + "elasticsearch.cluster.name": "integTest", + "elasticsearch.cluster.uuid": "a0P-i2H5R9-tJqwtF7BL0A", + "elasticsearch.node.id": "FFMF7MVISuCWZMtxGmcGhg", + "elasticsearch.node.name": "integTest-0", + "event.category": "database", + "event.dataset": "elasticsearch.deprecation", + "event.kind": "event", + "event.module": "elasticsearch", + "event.type": "info", + "fileset.name": "deprecation", + "host.id": "FFMF7MVISuCWZMtxGmcGhg", + "input.type": "log", + "log.level": "WARN", + "log.logger": "org.elasticsearch.deprecation.index.mapper.LegacyGeoShapeFieldMapper", + "log.offset": 501, + "message": "Field parameter [tree] is deprecated and will be removed in a future version.", + "process.thread.name": "elasticsearch[integTest-0][masterService#updateTask][T#1]", + "service.name": "ES_ECS", + "service.type": "elasticsearch" + }, + { + "@timestamp": "2020-04-15T12:35:20.366Z", + "elasticsearch.cluster.name": "integTest", + "elasticsearch.cluster.uuid": "a0P-i2H5R9-tJqwtF7BL0A", + "elasticsearch.node.id": "FFMF7MVISuCWZMtxGmcGhg", + "elasticsearch.node.name": "integTest-0", + "event.category": "database", + "event.dataset": "elasticsearch.deprecation", + "event.kind": "event", + "event.module": "elasticsearch", + "event.type": "info", + "fileset.name": "deprecation", + "host.id": "FFMF7MVISuCWZMtxGmcGhg", + "input.type": "log", + "log.level": "WARN", + "log.logger": "org.elasticsearch.deprecation.index.mapper.LegacyGeoShapeFieldMapper", + "log.offset": 997, + "message": "Field parameter [precision] is deprecated and will be removed in a future version.", + "process.thread.name": "elasticsearch[integTest-0][masterService#updateTask][T#1]", + "service.name": "ES_ECS", + "service.type": "elasticsearch" + }, + { + "@timestamp": "2020-04-15T12:35:20.367Z", + "elasticsearch.cluster.name": "integTest", + "elasticsearch.cluster.uuid": "a0P-i2H5R9-tJqwtF7BL0A", + "elasticsearch.node.id": "FFMF7MVISuCWZMtxGmcGhg", + "elasticsearch.node.name": "integTest-0", + "event.category": "database", + "event.dataset": "elasticsearch.deprecation", + "event.kind": "event", + "event.module": "elasticsearch", + "event.type": "info", + "fileset.name": "deprecation", + "host.id": "FFMF7MVISuCWZMtxGmcGhg", + "input.type": "log", + "log.level": "WARN", + "log.logger": "org.elasticsearch.deprecation.index.mapper.LegacyGeoShapeFieldMapper", + "log.offset": 1498, + "message": "Field parameter [strategy] is deprecated and will be removed in a future version.", + "process.thread.name": "elasticsearch[integTest-0][masterService#updateTask][T#1]", + "service.name": "ES_ECS", + "service.type": "elasticsearch" + }, + { + "@timestamp": "2020-04-15T12:35:20.479Z", + "elasticsearch.cluster.name": "integTest", + "elasticsearch.cluster.uuid": "a0P-i2H5R9-tJqwtF7BL0A", + "elasticsearch.node.id": "FFMF7MVISuCWZMtxGmcGhg", + "elasticsearch.node.name": "integTest-0", + "event.category": "database", + "event.dataset": "elasticsearch.deprecation", + "event.kind": "event", + "event.module": "elasticsearch", + "event.type": "info", + "fileset.name": "deprecation", + "host.id": "FFMF7MVISuCWZMtxGmcGhg", + "input.type": "log", + "log.level": "WARN", + "log.logger": "org.elasticsearch.deprecation.index.mapper.LegacyGeoShapeFieldMapper", + "log.offset": 1998, + "message": "Field parameter [precision] is deprecated and will be removed in a future version.", + "process.thread.name": "elasticsearch[integTest-0][clusterApplierService#updateTask][T#1]", + "service.name": "ES_ECS", + "service.type": "elasticsearch" + }, + { + "@timestamp": "2020-04-15T12:35:20.480Z", + "elasticsearch.cluster.name": "integTest", + "elasticsearch.cluster.uuid": "a0P-i2H5R9-tJqwtF7BL0A", + "elasticsearch.node.id": "FFMF7MVISuCWZMtxGmcGhg", + "elasticsearch.node.name": "integTest-0", + "event.category": "database", + "event.dataset": "elasticsearch.deprecation", + "event.kind": "event", + "event.module": "elasticsearch", + "event.type": "info", + "fileset.name": "deprecation", + "host.id": "FFMF7MVISuCWZMtxGmcGhg", + "input.type": "log", + "log.level": "WARN", + "log.logger": "org.elasticsearch.deprecation.index.mapper.LegacyGeoShapeFieldMapper", + "log.offset": 2507, + "message": "Field parameter [strategy] is deprecated and will be removed in a future version.", + "process.thread.name": "elasticsearch[integTest-0][clusterApplierService#updateTask][T#1]", + "service.name": "ES_ECS", + "service.type": "elasticsearch" + }, + { + "@timestamp": "2020-04-15T12:35:20.481Z", + "elasticsearch.cluster.name": "integTest", + "elasticsearch.cluster.uuid": "a0P-i2H5R9-tJqwtF7BL0A", + "elasticsearch.node.id": "FFMF7MVISuCWZMtxGmcGhg", + "elasticsearch.node.name": "integTest-0", + "event.category": "database", + "event.dataset": "elasticsearch.deprecation", + "event.kind": "event", + "event.module": "elasticsearch", + "event.type": "info", + "fileset.name": "deprecation", + "host.id": "FFMF7MVISuCWZMtxGmcGhg", + "input.type": "log", + "log.level": "WARN", + "log.logger": "org.elasticsearch.deprecation.index.mapper.LegacyGeoShapeFieldMapper", + "log.offset": 3015, + "message": "Field parameter [precision] is deprecated and will be removed in a future version.", + "process.thread.name": "elasticsearch[integTest-0][clusterApplierService#updateTask][T#1]", + "service.name": "ES_ECS", + "service.type": "elasticsearch" + }, + { + "@timestamp": "2020-04-15T12:35:20.487Z", + "elasticsearch.cluster.name": "integTest", + "elasticsearch.cluster.uuid": "a0P-i2H5R9-tJqwtF7BL0A", + "elasticsearch.node.id": "FFMF7MVISuCWZMtxGmcGhg", + "elasticsearch.node.name": "integTest-0", + "event.category": "database", + "event.dataset": "elasticsearch.deprecation", + "event.kind": "event", + "event.module": "elasticsearch", + "event.type": "info", + "fileset.name": "deprecation", + "host.id": "FFMF7MVISuCWZMtxGmcGhg", + "input.type": "log", + "log.level": "WARN", + "log.logger": "org.elasticsearch.deprecation.index.mapper.LegacyGeoShapeFieldMapper", + "log.offset": 3524, + "message": "Field parameter [strategy] is deprecated and will be removed in a future version.", + "process.thread.name": "elasticsearch[integTest-0][clusterApplierService#updateTask][T#1]", + "service.name": "ES_ECS", + "service.type": "elasticsearch" + }, + { + "@timestamp": "2020-04-16T13:46:33.582Z", + "elasticsearch.cluster.name": "es800", + "elasticsearch.cluster.uuid": "ZGYecRsDQPK_-ktRec3ZGQ", + "elasticsearch.node.id": "Ni-9zbrZRm24wm7_zNtMTw", + "elasticsearch.node.name": "n1", + "event.category": "database", + "event.dataset": "elasticsearch.deprecation", + "event.kind": "event", + "event.module": "elasticsearch", + "event.type": "info", + "fileset.name": "deprecation", + "host.id": "Ni-9zbrZRm24wm7_zNtMTw", + "input.type": "log", + "log.level": "WARN", + "log.logger": "org.elasticsearch.deprecation.rest.RestController", + "log.offset": 4032, + "message": "[PUT /_xpack/security/user/{username}/_password] is deprecated! Use [PUT /_security/user/{username}/_password] instead.", + "process.thread.name": "elasticsearch[n1][http_server_worker][T#3]", + "service.name": "ES_ECS", + "service.type": "elasticsearch" + }, + { + "@timestamp": "2020-04-16T13:46:34.219Z", + "elasticsearch.cluster.name": "es800", + "elasticsearch.cluster.uuid": "ZGYecRsDQPK_-ktRec3ZGQ", + "elasticsearch.node.id": "Ni-9zbrZRm24wm7_zNtMTw", + "elasticsearch.node.name": "n1", + "event.category": "database", + "event.dataset": "elasticsearch.deprecation", + "event.kind": "event", + "event.module": "elasticsearch", + "event.type": "info", + "fileset.name": "deprecation", + "host.id": "Ni-9zbrZRm24wm7_zNtMTw", + "input.type": "log", + "log.level": "WARN", + "log.logger": "org.elasticsearch.deprecation.rest.RestController", + "log.offset": 4523, + "message": "[PUT /_xpack/security/user/{username}/_password] is deprecated! Use [PUT /_security/user/{username}/_password] instead.", + "process.thread.name": "elasticsearch[n1][http_server_worker][T#4]", + "service.name": "ES_ECS", + "service.type": "elasticsearch" + }, + { + "@timestamp": "2020-04-16T13:46:34.339Z", + "elasticsearch.cluster.name": "es800", + "elasticsearch.cluster.uuid": "ZGYecRsDQPK_-ktRec3ZGQ", + "elasticsearch.node.id": "Ni-9zbrZRm24wm7_zNtMTw", + "elasticsearch.node.name": "n1", + "event.category": "database", + "event.dataset": "elasticsearch.deprecation", + "event.kind": "event", + "event.module": "elasticsearch", + "event.type": "info", + "fileset.name": "deprecation", + "host.id": "Ni-9zbrZRm24wm7_zNtMTw", + "input.type": "log", + "log.level": "WARN", + "log.logger": "org.elasticsearch.deprecation.rest.RestController", + "log.offset": 5014, + "message": "[PUT /_xpack/security/user/{username}/_password] is deprecated! Use [PUT /_security/user/{username}/_password] instead.", + "process.thread.name": "elasticsearch[n1][http_server_worker][T#5]", + "service.name": "ES_ECS", + "service.type": "elasticsearch" + }, + { + "@timestamp": "2020-04-16T13:46:34.455Z", + "elasticsearch.cluster.name": "es800", + "elasticsearch.cluster.uuid": "ZGYecRsDQPK_-ktRec3ZGQ", + "elasticsearch.node.id": "Ni-9zbrZRm24wm7_zNtMTw", + "elasticsearch.node.name": "n1", + "event.category": "database", + "event.dataset": "elasticsearch.deprecation", + "event.kind": "event", + "event.module": "elasticsearch", + "event.type": "info", + "fileset.name": "deprecation", + "host.id": "Ni-9zbrZRm24wm7_zNtMTw", + "input.type": "log", + "log.level": "WARN", + "log.logger": "org.elasticsearch.deprecation.rest.RestController", + "log.offset": 5505, + "message": "[PUT /_xpack/security/user/{username}/_password] is deprecated! Use [PUT /_security/user/{username}/_password] instead.", + "process.thread.name": "elasticsearch[n1][http_server_worker][T#6]", + "service.name": "ES_ECS", + "service.type": "elasticsearch" + }, + { + "@timestamp": "2020-04-16T13:47:36.309Z", + "elasticsearch.cluster.name": "es800", + "elasticsearch.cluster.uuid": "ZGYecRsDQPK_-ktRec3ZGQ", + "elasticsearch.node.id": "Ni-9zbrZRm24wm7_zNtMTw", + "elasticsearch.node.name": "n1", + "event.category": "database", + "event.dataset": "elasticsearch.deprecation", + "event.kind": "event", + "event.module": "elasticsearch", + "event.type": "info", + "fileset.name": "deprecation", + "host.id": "Ni-9zbrZRm24wm7_zNtMTw", + "input.type": "log", + "log.level": "WARN", + "log.logger": "org.elasticsearch.deprecation.cluster.metadata.MetadataCreateIndexService", + "log.offset": 5996, + "message": "index name [.apm-custom-link] starts with a dot '.', in the next major version, index names starting with a dot are reserved for hidden indices and system indices", + "process.thread.name": "elasticsearch[n1][masterService#updateTask][T#1]", + "service.name": "ES_ECS", + "service.type": "elasticsearch" + }, + { + "@timestamp": "2020-04-16T13:55:56.365Z", + "elasticsearch.cluster.name": "es800", + "elasticsearch.cluster.uuid": "ZGYecRsDQPK_-ktRec3ZGQ", + "elasticsearch.node.id": "Ni-9zbrZRm24wm7_zNtMTw", + "elasticsearch.node.name": "n1", + "event.category": "database", + "event.dataset": "elasticsearch.deprecation", + "event.kind": "event", + "event.module": "elasticsearch", + "event.type": "info", + "fileset.name": "deprecation", + "host.id": "Ni-9zbrZRm24wm7_zNtMTw", + "input.type": "log", + "log.level": "WARN", + "log.logger": "org.elasticsearch.deprecation.cluster.metadata.MetadataCreateIndexService", + "log.offset": 6560, + "message": "index name [.monitoring-alerts-7] starts with a dot '.', in the next major version, index names starting with a dot are reserved for hidden indices and system indices", + "process.thread.name": "elasticsearch[n1][masterService#updateTask][T#1]", + "service.name": "ES_ECS", + "service.type": "elasticsearch" + }, + { + "@timestamp": "2020-04-16T13:56:14.697Z", + "elasticsearch.cluster.name": "es800", + "elasticsearch.cluster.uuid": "ZGYecRsDQPK_-ktRec3ZGQ", + "elasticsearch.node.id": "Ni-9zbrZRm24wm7_zNtMTw", + "elasticsearch.node.name": "n1", + "event.category": "database", + "event.dataset": "elasticsearch.deprecation", + "event.kind": "event", + "event.module": "elasticsearch", + "event.type": "info", + "fileset.name": "deprecation", + "host.id": "Ni-9zbrZRm24wm7_zNtMTw", + "input.type": "log", + "log.level": "WARN", + "log.logger": "org.elasticsearch.deprecation.index.query.QueryShardContext", + "log.offset": 7128, + "message": "[types removal] Using the _type field in queries and aggregations is deprecated, prefer to use a field instead.", + "process.thread.name": "elasticsearch[n1][search][T#7]", + "service.name": "ES_ECS", + "service.type": "elasticsearch" + } +] \ No newline at end of file