From 92e877eeb90662aaf4b7d9a2b81c5fdba5987913 Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Tue, 27 Oct 2020 15:33:36 -0600 Subject: [PATCH 01/14] Rename googlecloud module to gcp module in Filebeat --- filebeat/docs/modules/gcp.asciidoc | 174 ++++++++++++++++++ filebeat/docs/modules_list.asciidoc | 4 +- x-pack/filebeat/filebeat.reference.yml | 14 +- x-pack/filebeat/include/list.go | 2 +- .../{googlecloud => gcp}/_meta/config.yml | 14 +- .../{googlecloud => gcp}/_meta/docs.asciidoc | 0 .../{googlecloud => gcp}/_meta/fields.yml | 0 .../dashboard/filebeat-googlecloud-audit.json | 0 .../audit/_meta/fields.yml | 0 .../audit/config/input.yml | 0 .../audit/config/pipeline.js | 0 .../audit/ingest/pipeline.yml | 0 .../{googlecloud => gcp}/audit/manifest.yml | 0 .../audit/test/audit-log-entries.json.log | 0 .../audit-log-entries.json.log-expected.json | 0 .../module/{googlecloud => gcp}/fields.go | 10 +- .../firewall/_meta/fields.yml | 0 .../firewall/config/input.yml | 0 .../firewall/config/pipeline.js | 0 .../firewall/ingest/pipeline.yml | 0 .../firewall/manifest.yml | 0 .../firewall/test/rare.log | 0 .../firewall/test/rare.log-expected.json | 0 .../firewall/test/test.log | 0 .../firewall/test/test.log-expected.json | 0 .../vpcflow/_meta/fields.yml | 0 .../vpcflow/config/input.yml | 0 .../vpcflow/config/pipeline.js | 0 .../vpcflow/ingest/pipeline.yml | 0 .../{googlecloud => gcp}/vpcflow/manifest.yml | 0 .../test/vpc-flow-log-entries.json.log | 0 ...pc-flow-log-entries.json.log-expected.json | 0 x-pack/filebeat/module/googlecloud/module.yml | 1 + ...glecloud.yml.disabled => gcp.yml.disabled} | 18 +- 34 files changed, 206 insertions(+), 31 deletions(-) create mode 100644 filebeat/docs/modules/gcp.asciidoc rename x-pack/filebeat/module/{googlecloud => gcp}/_meta/config.yml (83%) rename x-pack/filebeat/module/{googlecloud => gcp}/_meta/docs.asciidoc (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/_meta/fields.yml (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/_meta/kibana/7/dashboard/filebeat-googlecloud-audit.json (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/audit/_meta/fields.yml (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/audit/config/input.yml (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/audit/config/pipeline.js (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/audit/ingest/pipeline.yml (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/audit/manifest.yml (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/audit/test/audit-log-entries.json.log (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/audit/test/audit-log-entries.json.log-expected.json (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/fields.go (91%) rename x-pack/filebeat/module/{googlecloud => gcp}/firewall/_meta/fields.yml (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/firewall/config/input.yml (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/firewall/config/pipeline.js (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/firewall/ingest/pipeline.yml (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/firewall/manifest.yml (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/firewall/test/rare.log (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/firewall/test/rare.log-expected.json (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/firewall/test/test.log (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/firewall/test/test.log-expected.json (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/vpcflow/_meta/fields.yml (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/vpcflow/config/input.yml (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/vpcflow/config/pipeline.js (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/vpcflow/ingest/pipeline.yml (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/vpcflow/manifest.yml (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/vpcflow/test/vpc-flow-log-entries.json.log (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/vpcflow/test/vpc-flow-log-entries.json.log-expected.json (100%) create mode 100644 x-pack/filebeat/module/googlecloud/module.yml rename x-pack/filebeat/modules.d/{googlecloud.yml.disabled => gcp.yml.disabled} (81%) diff --git a/filebeat/docs/modules/gcp.asciidoc b/filebeat/docs/modules/gcp.asciidoc new file mode 100644 index 000000000000..d5e1aad50997 --- /dev/null +++ b/filebeat/docs/modules/gcp.asciidoc @@ -0,0 +1,174 @@ +//// +This file is generated! See scripts/docs_collector.py +//// + +[[filebeat-module-gcp]] +[role="xpack"] + +:modulename: googlecloud +:has-dashboards: false + +== Google Cloud module + + +This is a module for Google Cloud logs. It supports reading audit, VPC flow, +and firewall logs that have been exported from Stackdriver to a +Google Pub/Sub topic sink. + +include::../include/what-happens.asciidoc[] + +include::../include/gs-link.asciidoc[] + +include::../include/configuring-intro.asciidoc[] + +:fileset_ex: audit + +include::../include/config-option-intro.asciidoc[] + +[float] +==== `audit` fileset settings + +[role="screenshot"] +image::./images/filebeat-googlecloud-audit.png[] + +Example config: + +[source,yaml] +---- +- module: googlecloud + audit: + enabled: true + var.project_id: my-gcp-project-id + var.topic: googlecloud-vpc-audit + var.subscription_name: filebeat-googlecloud-audit-sub + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + var.keep_original_message: false +---- + +include::../include/var-paths.asciidoc[] + +*`var.project_id`*:: + +Google Cloud project ID. + +*`var.topic`*:: + +Google Cloud Pub/Sub topic name. + +*`var.subscription_name`*:: + +Google Cloud Pub/Sub topic subscription name. If the subscription does not +exist it will be created. + +*`var.credentials_file`*:: + +Path to a JSON file containing the credentials and key used to subscribe. + +*`var.keep_original_message`*:: + +Flag to control whether the original message is stored in the `log.original` +field. Defaults to `false`, meaning the original message is not saved. + +:fileset_ex!: + +:fileset_ex: vpcflow + +[float] +==== `vpcflow` fileset settings + +Example config: + +[source,yaml] +---- +- module: googlecloud + vpcflow: + enabled: true + var.project_id: my-gcp-project-id + var.topic: googlecloud-vpc-flowlogs + var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + var.keep_original_message: false +---- + +include::../include/var-paths.asciidoc[] + +*`var.project_id`*:: + +Google Cloud project ID. + +*`var.topic`*:: + +Google Cloud Pub/Sub topic name. + +*`var.subscription_name`*:: + +Google Cloud Pub/Sub topic subscription name. If the subscription does not +exist it will be created. + +*`var.credentials_file`*:: + +Path to a JSON file containing the credentials and key used to subscribe. + +*`var.keep_original_message`*:: + +Flag to control whether the original message is stored in the `log.original` +field. Defaults to `false`, meaning the original message is not saved. + +:fileset_ex!: + +:fileset_ex: firewall + +[float] +==== `firewall` fileset settings + +Example config: + +[source,yaml] +---- +- module: googlecloud + firewall: + enabled: true + var.project_id: my-gcp-project-id + var.topic: googlecloud-vpc-firewall + var.subscription_name: filebeat-googlecloud-vpc-firewall-sub + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + var.keep_original_message: false +---- + +include::../include/var-paths.asciidoc[] + +*`var.project_id`*:: + +Google Cloud project ID. + +*`var.topic`*:: + +Google Cloud Pub/Sub topic name. + +*`var.subscription_name`*:: + +Google Cloud Pub/Sub topic subscription name. If the subscription does not +exist it will be created. + +*`var.credentials_file`*:: + +Path to a JSON file containing the credentials and key used to subscribe. + +*`var.keep_original_message`*:: + +Flag to control whether the original message is stored in the `log.original` +field. Defaults to `false`, meaning the original message is not saved. + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: + + +[float] +=== Fields + +For a description of each field in the module, see the +<> section. + diff --git a/filebeat/docs/modules_list.asciidoc b/filebeat/docs/modules_list.asciidoc index cd466617a94c..ced7fc7001ca 100644 --- a/filebeat/docs/modules_list.asciidoc +++ b/filebeat/docs/modules_list.asciidoc @@ -22,7 +22,7 @@ This file is generated! See scripts/docs_collector.py * <> * <> * <> - * <> + * <> * <> * <> * <> @@ -90,7 +90,7 @@ include::modules/elasticsearch.asciidoc[] include::modules/envoyproxy.asciidoc[] include::modules/f5.asciidoc[] include::modules/fortinet.asciidoc[] -include::modules/googlecloud.asciidoc[] +include::modules/gcp.asciidoc[] include::modules/gsuite.asciidoc[] include::modules/haproxy.asciidoc[] include::modules/ibmmq.asciidoc[] diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index 80bfacbf2c33..32c01ddb88f6 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -799,7 +799,7 @@ filebeat.modules: # var.tz_offset: local #----------------------------- Google Cloud Module ----------------------------- -- module: googlecloud +- module: gcp vpcflow: enabled: true @@ -808,11 +808,11 @@ filebeat.modules: # Google Pub/Sub topic containing VPC flow logs. Stackdriver must be # configured to use this topic as a sink for VPC flow logs. - var.topic: googlecloud-vpc-flowlogs + var.topic: gcp-vpc-flowlogs # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub + var.subscription_name: filebeat-gcp-vpc-flowlogs-sub # Credentials file for the service account with authorization to read from # the subscription. @@ -826,11 +826,11 @@ filebeat.modules: # Google Pub/Sub topic containing firewall logs. Stackdriver must be # configured to use this topic as a sink for firewall logs. - var.topic: googlecloud-vpc-firewall + var.topic: gcp-vpc-firewall # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-firewall-sub + var.subscription_name: filebeat-gcp-firewall-sub # Credentials file for the service account with authorization to read from # the subscription. @@ -844,11 +844,11 @@ filebeat.modules: # Google Pub/Sub topic containing firewall logs. Stackdriver must be # configured to use this topic as a sink for firewall logs. - var.topic: googlecloud-vpc-audit + var.topic: gcp-vpc-audit # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-audit + var.subscription_name: filebeat-gcp-audit # Credentials file for the service account with authorization to read from # the subscription. diff --git a/x-pack/filebeat/include/list.go b/x-pack/filebeat/include/list.go index fe3dd04ad7d9..8b04ab6eb8fd 100644 --- a/x-pack/filebeat/include/list.go +++ b/x-pack/filebeat/include/list.go @@ -29,7 +29,7 @@ import ( _ "github.com/elastic/beats/v7/x-pack/filebeat/module/envoyproxy" _ "github.com/elastic/beats/v7/x-pack/filebeat/module/f5" _ "github.com/elastic/beats/v7/x-pack/filebeat/module/fortinet" - _ "github.com/elastic/beats/v7/x-pack/filebeat/module/googlecloud" + _ "github.com/elastic/beats/v7/x-pack/filebeat/module/gcp" _ "github.com/elastic/beats/v7/x-pack/filebeat/module/gsuite" _ "github.com/elastic/beats/v7/x-pack/filebeat/module/ibmmq" _ "github.com/elastic/beats/v7/x-pack/filebeat/module/imperva" diff --git a/x-pack/filebeat/module/googlecloud/_meta/config.yml b/x-pack/filebeat/module/gcp/_meta/config.yml similarity index 83% rename from x-pack/filebeat/module/googlecloud/_meta/config.yml rename to x-pack/filebeat/module/gcp/_meta/config.yml index 7ca54bd84c06..613f8b1b8d12 100644 --- a/x-pack/filebeat/module/googlecloud/_meta/config.yml +++ b/x-pack/filebeat/module/gcp/_meta/config.yml @@ -1,4 +1,4 @@ -- module: googlecloud +- module: gcp vpcflow: enabled: true @@ -7,11 +7,11 @@ # Google Pub/Sub topic containing VPC flow logs. Stackdriver must be # configured to use this topic as a sink for VPC flow logs. - var.topic: googlecloud-vpc-flowlogs + var.topic: gcp-vpc-flowlogs # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub + var.subscription_name: filebeat-gcp-vpc-flowlogs-sub # Credentials file for the service account with authorization to read from # the subscription. @@ -25,11 +25,11 @@ # Google Pub/Sub topic containing firewall logs. Stackdriver must be # configured to use this topic as a sink for firewall logs. - var.topic: googlecloud-vpc-firewall + var.topic: gcp-vpc-firewall # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-firewall-sub + var.subscription_name: filebeat-gcp-firewall-sub # Credentials file for the service account with authorization to read from # the subscription. @@ -43,11 +43,11 @@ # Google Pub/Sub topic containing firewall logs. Stackdriver must be # configured to use this topic as a sink for firewall logs. - var.topic: googlecloud-vpc-audit + var.topic: gcp-vpc-audit # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-audit + var.subscription_name: filebeat-gcp-audit # Credentials file for the service account with authorization to read from # the subscription. diff --git a/x-pack/filebeat/module/googlecloud/_meta/docs.asciidoc b/x-pack/filebeat/module/gcp/_meta/docs.asciidoc similarity index 100% rename from x-pack/filebeat/module/googlecloud/_meta/docs.asciidoc rename to x-pack/filebeat/module/gcp/_meta/docs.asciidoc diff --git a/x-pack/filebeat/module/googlecloud/_meta/fields.yml b/x-pack/filebeat/module/gcp/_meta/fields.yml similarity index 100% rename from x-pack/filebeat/module/googlecloud/_meta/fields.yml rename to x-pack/filebeat/module/gcp/_meta/fields.yml diff --git a/x-pack/filebeat/module/googlecloud/_meta/kibana/7/dashboard/filebeat-googlecloud-audit.json b/x-pack/filebeat/module/gcp/_meta/kibana/7/dashboard/filebeat-googlecloud-audit.json similarity index 100% rename from x-pack/filebeat/module/googlecloud/_meta/kibana/7/dashboard/filebeat-googlecloud-audit.json rename to x-pack/filebeat/module/gcp/_meta/kibana/7/dashboard/filebeat-googlecloud-audit.json diff --git a/x-pack/filebeat/module/googlecloud/audit/_meta/fields.yml b/x-pack/filebeat/module/gcp/audit/_meta/fields.yml similarity index 100% rename from x-pack/filebeat/module/googlecloud/audit/_meta/fields.yml rename to x-pack/filebeat/module/gcp/audit/_meta/fields.yml diff --git a/x-pack/filebeat/module/googlecloud/audit/config/input.yml b/x-pack/filebeat/module/gcp/audit/config/input.yml similarity index 100% rename from x-pack/filebeat/module/googlecloud/audit/config/input.yml rename to x-pack/filebeat/module/gcp/audit/config/input.yml diff --git a/x-pack/filebeat/module/googlecloud/audit/config/pipeline.js b/x-pack/filebeat/module/gcp/audit/config/pipeline.js similarity index 100% rename from x-pack/filebeat/module/googlecloud/audit/config/pipeline.js rename to x-pack/filebeat/module/gcp/audit/config/pipeline.js diff --git a/x-pack/filebeat/module/googlecloud/audit/ingest/pipeline.yml b/x-pack/filebeat/module/gcp/audit/ingest/pipeline.yml similarity index 100% rename from x-pack/filebeat/module/googlecloud/audit/ingest/pipeline.yml rename to x-pack/filebeat/module/gcp/audit/ingest/pipeline.yml diff --git a/x-pack/filebeat/module/googlecloud/audit/manifest.yml b/x-pack/filebeat/module/gcp/audit/manifest.yml similarity index 100% rename from x-pack/filebeat/module/googlecloud/audit/manifest.yml rename to x-pack/filebeat/module/gcp/audit/manifest.yml diff --git a/x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log b/x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log similarity index 100% rename from x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log rename to x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log diff --git a/x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log-expected.json b/x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log-expected.json similarity index 100% rename from x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log-expected.json rename to x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log-expected.json diff --git a/x-pack/filebeat/module/googlecloud/fields.go b/x-pack/filebeat/module/gcp/fields.go similarity index 91% rename from x-pack/filebeat/module/googlecloud/fields.go rename to x-pack/filebeat/module/gcp/fields.go index 91fb012da25e..87840a3883e6 100644 --- a/x-pack/filebeat/module/googlecloud/fields.go +++ b/x-pack/filebeat/module/gcp/fields.go @@ -4,20 +4,20 @@ // Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. -package googlecloud +package gcp import ( "github.com/elastic/beats/v7/libbeat/asset" ) func init() { - if err := asset.SetFields("filebeat", "googlecloud", asset.ModuleFieldsPri, AssetGooglecloud); err != nil { + if err := asset.SetFields("filebeat", "gcp", asset.ModuleFieldsPri, AssetGcp); err != nil { panic(err) } } -// AssetGooglecloud returns asset data. -// This is the base64 encoded gzipped contents of module/googlecloud. -func AssetGooglecloud() string { +// AssetGcp returns asset data. +// This is the base64 encoded gzipped contents of module/gcp. +func AssetGcp() string { return "eJzsWltv47oRfs+vmLe0QFYHfd2HAoGzaYNuipzE3QJ9MRhybLGhSJUXu95fX/Am6+o4sbI9B1g/Jbp882lmOPNxpE/wgvvPsFFqI5AK5dgFgOVW4Gf4SzgIi3SUoaGa15Yr+Rn+fAEAcK+YEwhrpaEkkgkuNyDUxsBaq6pzf3EBsOYomPkc7vwEklTYN+x/dl/741q5Oh0ZMex/twFuaCowKNJlbZttuwyN5ZJ4zIJLY4mk2Fw0RuIIEf+7W4MtsQ0LKh6iSkqk4ciOGCDw7R6EosQiAyXDJYZUCN8eFlcdSFtyE/kDN1Cr2olw047b0oNk2sDQEi5MAXcSCDyVRCPzcB00quSab5wO3K6g1urfSO2KM6BKazS1ksyAVYFQOgu2JBbUThp/tAOXjV+BM44IsY8PgnrLaXN/0bqlH4h2MA5kOqdzGF5wv1O6f+5IMEJAbnIA8sNQJS3h0ueoP/ztvrgYZaNxw5Wcj8ljwMtsJs1+VxLnM/ovJXHU5NgC2Nb0d5X7DwuQaHdKv8ye+z7fI/dSGfv7TuRtTVf+r/m4eM/7WJaclsm2j4+q0ftWbiaIGPec4jUzn6cG+FRaDSXlNMU5S39EfE/mh2zvQP6s+j+r/odU/ZT28xT8H5LxP2v9z1offifX+j4j4hi356R73mgo3d1nBODObgNGcyYT8YYvTvPGUV8s93VIkBq13RcjhoizJUrLaVgEKy7XasRu3wOvWL3ugIIH1VXUjzBcypOLhkvKayJWWBEu5suOZYkQIIEwptGYvJBavkAGzqCGirzk9aTxPw6N7T1B249Kc7tfGRRIrdLzEm7wIeODqZHyNUcGz/s2Q6WvgK+ByH0Bd9ZnvFQWNo5oIi0ig4GBUN9iKUk+j3VZCLVD5iugMxiFdsOj44eeF74fTSaiNdm/LZkazHYuhVXmWacFrWRxenKhrrgxs7bxZQoB973m7vq+ZWQiaTYhIuNN4VkpgaRP7xUK/yzRlqhB6RDzTjiCuzSmTkwka/EL4U5sJrjmO1fEWs2fnUUzyntYKk7L7wY1r8ZssOhdPxbWVk+JAnOY4kfi+irBSNEbyOSSmT63zGKknc1OYco/ky1kJg4e4hiHbL9CWyo27Ozv7WTjEUhmfMYfygDcKg3XD3dAiRAmSsh+1TOlcoLBMwa0NrK/MaIW/Zs8Lv6XVLXAK7iMA8mCEUt81cVi+6fipvnn0clfHer95ZhzpKtWUWEaXHGLlRnxkVBy80YHuerZL/81BEzQaJ2WyOLkk8BXbqx3VSDWetDYMOpacEqexWg4U3M5Xxws2xW76apvkAXKqpn1YkclHXJ7hFlmsebC4owt/jbgnWR63kf/e6eiHFM4TQP4cAKHsjKmMdJFqwot8Uvv/Iy8T0hAnpWz0xE4lpa+0qBe8X7ri4QGh0/oiHcPfX0abUyEJxEwzq9iZCsvX1dkg9LOq3CCLA64fVpLX2Xb+iwpz66s9sJjANwqxhrjZZQqzbjciNFtS66d85ejiPubrEdj1A4z+jDwmFOSJcjj9l/TY2O2Z5dCwciUDnrhcmhiBgIet++bZu70/9WFJ3Fxg2nULFQcP9ErjWK3xLrxxH3P4nkKcIOkHe8kUx3tDI3a7LCUBqqESHPOsMXmYUwOlugNNuWzJVunJK/fd4OhJVb4SfiG8I/Hu6tQW7mkwrE8ovCCLutif+Mr+tWUKLZofnn665evt6u7m1+elXoxo3q1cVUY0/a3ze8uvBnt+J7maN91WqO0Da/5EgkWEboheXRn2tt/fti2px3iGrVvtjn604nUCfthuxL3L6TmpqCqGn2a4dp8d6xNZ2GqLWoixCTpozFXbLzZcmlxM5DlJ7S6xM0DX6V58UGSEAkoXQVbIlyIQ9r36ZoWC8X6q+yw/zWGbGZUBdfAcIvCe+zTmlAfdtRa6WxpyJxL+CI3gpuygGu5D9ot3zqA72C1QHz6C/49STfjVwSP72hafohVt8iSYQAewnnla+IBLk0tqeAo25uOwx5L446I9uR3tnn8bcJ+w0heO4GrMZn1rhVxcziZl0R+3mApNoyKWFoiiwOMw1uz18tjZ4we5rUTvX4wYxgwX8a5cBw+55Frh+uUwiB00CngbSLjutU8Q+X1nkllz4CS0UFT9hnXeDaFmwwSwqTJes1pOzgmBueYHzSuUaM8byr5mEHyK/iTQpC6tiZyUIneZD0Ojtb5PW7AM4e4dFM3DJL8aTUZmcP3P/Nxa39UNEnwdW7JZZYM18WZ8jgT9TxaL8Ut2ZzhyigmfwTdJFvPo8vrVa20Hb4bgiPvh95El9dxT06VMKFlHeaa4E3n3AivQ5zAyQ1SSoSs6Ailyg2mKR+VFFnjJavnJ8gPfoyULOc8Rut7hbVQu4+QAd8eFuCx3yID0CdRT2SeIe4NZ5iEW4Jm0T9C7QpYEOk1GPLwWu/y6XFx6UXU5c2Xp2VrozbG09pihrcKX4lFSfdADFRIjNPI4A/ej8vFQ+Do27DY/xGY03kjYrnfs0qLektEngsONmb5QhSkNl4Oot0hSq8ww4aWwNOXX8MC1kiRb+Oxw5c5/v/rxd96sP563nwLE/fb+VuQx+XSP8cOfR+Ip1JtSLO/+DERQ0H2xcX/AgAA//8iHdat" } diff --git a/x-pack/filebeat/module/googlecloud/firewall/_meta/fields.yml b/x-pack/filebeat/module/gcp/firewall/_meta/fields.yml similarity index 100% rename from x-pack/filebeat/module/googlecloud/firewall/_meta/fields.yml rename to x-pack/filebeat/module/gcp/firewall/_meta/fields.yml diff --git a/x-pack/filebeat/module/googlecloud/firewall/config/input.yml b/x-pack/filebeat/module/gcp/firewall/config/input.yml similarity index 100% rename from x-pack/filebeat/module/googlecloud/firewall/config/input.yml rename to x-pack/filebeat/module/gcp/firewall/config/input.yml diff --git a/x-pack/filebeat/module/googlecloud/firewall/config/pipeline.js b/x-pack/filebeat/module/gcp/firewall/config/pipeline.js similarity index 100% rename from x-pack/filebeat/module/googlecloud/firewall/config/pipeline.js rename to x-pack/filebeat/module/gcp/firewall/config/pipeline.js diff --git a/x-pack/filebeat/module/googlecloud/firewall/ingest/pipeline.yml b/x-pack/filebeat/module/gcp/firewall/ingest/pipeline.yml similarity index 100% rename from x-pack/filebeat/module/googlecloud/firewall/ingest/pipeline.yml rename to x-pack/filebeat/module/gcp/firewall/ingest/pipeline.yml diff --git a/x-pack/filebeat/module/googlecloud/firewall/manifest.yml b/x-pack/filebeat/module/gcp/firewall/manifest.yml similarity index 100% rename from x-pack/filebeat/module/googlecloud/firewall/manifest.yml rename to x-pack/filebeat/module/gcp/firewall/manifest.yml diff --git a/x-pack/filebeat/module/googlecloud/firewall/test/rare.log b/x-pack/filebeat/module/gcp/firewall/test/rare.log similarity index 100% rename from x-pack/filebeat/module/googlecloud/firewall/test/rare.log rename to x-pack/filebeat/module/gcp/firewall/test/rare.log diff --git a/x-pack/filebeat/module/googlecloud/firewall/test/rare.log-expected.json b/x-pack/filebeat/module/gcp/firewall/test/rare.log-expected.json similarity index 100% rename from x-pack/filebeat/module/googlecloud/firewall/test/rare.log-expected.json rename to x-pack/filebeat/module/gcp/firewall/test/rare.log-expected.json diff --git a/x-pack/filebeat/module/googlecloud/firewall/test/test.log b/x-pack/filebeat/module/gcp/firewall/test/test.log similarity index 100% rename from x-pack/filebeat/module/googlecloud/firewall/test/test.log rename to x-pack/filebeat/module/gcp/firewall/test/test.log diff --git a/x-pack/filebeat/module/googlecloud/firewall/test/test.log-expected.json b/x-pack/filebeat/module/gcp/firewall/test/test.log-expected.json similarity index 100% rename from x-pack/filebeat/module/googlecloud/firewall/test/test.log-expected.json rename to x-pack/filebeat/module/gcp/firewall/test/test.log-expected.json diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/_meta/fields.yml b/x-pack/filebeat/module/gcp/vpcflow/_meta/fields.yml similarity index 100% rename from x-pack/filebeat/module/googlecloud/vpcflow/_meta/fields.yml rename to x-pack/filebeat/module/gcp/vpcflow/_meta/fields.yml diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/config/input.yml b/x-pack/filebeat/module/gcp/vpcflow/config/input.yml similarity index 100% rename from x-pack/filebeat/module/googlecloud/vpcflow/config/input.yml rename to x-pack/filebeat/module/gcp/vpcflow/config/input.yml diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/config/pipeline.js b/x-pack/filebeat/module/gcp/vpcflow/config/pipeline.js similarity index 100% rename from x-pack/filebeat/module/googlecloud/vpcflow/config/pipeline.js rename to x-pack/filebeat/module/gcp/vpcflow/config/pipeline.js diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/ingest/pipeline.yml b/x-pack/filebeat/module/gcp/vpcflow/ingest/pipeline.yml similarity index 100% rename from x-pack/filebeat/module/googlecloud/vpcflow/ingest/pipeline.yml rename to x-pack/filebeat/module/gcp/vpcflow/ingest/pipeline.yml diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/manifest.yml b/x-pack/filebeat/module/gcp/vpcflow/manifest.yml similarity index 100% rename from x-pack/filebeat/module/googlecloud/vpcflow/manifest.yml rename to x-pack/filebeat/module/gcp/vpcflow/manifest.yml diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log b/x-pack/filebeat/module/gcp/vpcflow/test/vpc-flow-log-entries.json.log similarity index 100% rename from x-pack/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log rename to x-pack/filebeat/module/gcp/vpcflow/test/vpc-flow-log-entries.json.log diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log-expected.json b/x-pack/filebeat/module/gcp/vpcflow/test/vpc-flow-log-entries.json.log-expected.json similarity index 100% rename from x-pack/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log-expected.json rename to x-pack/filebeat/module/gcp/vpcflow/test/vpc-flow-log-entries.json.log-expected.json diff --git a/x-pack/filebeat/module/googlecloud/module.yml b/x-pack/filebeat/module/googlecloud/module.yml new file mode 100644 index 000000000000..e5d6de048869 --- /dev/null +++ b/x-pack/filebeat/module/googlecloud/module.yml @@ -0,0 +1 @@ +movedTo: gcp diff --git a/x-pack/filebeat/modules.d/googlecloud.yml.disabled b/x-pack/filebeat/modules.d/gcp.yml.disabled similarity index 81% rename from x-pack/filebeat/modules.d/googlecloud.yml.disabled rename to x-pack/filebeat/modules.d/gcp.yml.disabled index 9bf81802677a..330c7d375e17 100644 --- a/x-pack/filebeat/modules.d/googlecloud.yml.disabled +++ b/x-pack/filebeat/modules.d/gcp.yml.disabled @@ -1,7 +1,7 @@ -# Module: googlecloud -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-googlecloud.html +# Module: gcp +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-gcp.html -- module: googlecloud +- module: gcp vpcflow: enabled: true @@ -10,11 +10,11 @@ # Google Pub/Sub topic containing VPC flow logs. Stackdriver must be # configured to use this topic as a sink for VPC flow logs. - var.topic: googlecloud-vpc-flowlogs + var.topic: gcp-vpc-flowlogs # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub + var.subscription_name: filebeat-gcp-vpc-flowlogs-sub # Credentials file for the service account with authorization to read from # the subscription. @@ -28,11 +28,11 @@ # Google Pub/Sub topic containing firewall logs. Stackdriver must be # configured to use this topic as a sink for firewall logs. - var.topic: googlecloud-vpc-firewall + var.topic: gcp-vpc-firewall # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-firewall-sub + var.subscription_name: filebeat-gcp-firewall-sub # Credentials file for the service account with authorization to read from # the subscription. @@ -46,11 +46,11 @@ # Google Pub/Sub topic containing firewall logs. Stackdriver must be # configured to use this topic as a sink for firewall logs. - var.topic: googlecloud-vpc-audit + var.topic: gcp-vpc-audit # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-audit + var.subscription_name: filebeat-gcp-audit # Credentials file for the service account with authorization to read from # the subscription. From 265882e2463aba7c7be245064b241f0492369f87 Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Wed, 28 Oct 2020 07:48:02 -0600 Subject: [PATCH 02/14] Add googlecloud.yml.disabled back --- x-pack/filebeat/filebeat.reference.yml | 56 +++ .../module/googlecloud/_meta/config.yml | 54 +++ .../googlecloud/audit/config/pipeline.js | 315 +++++++++++++++++ .../googlecloud/firewall/config/pipeline.js | 331 ++++++++++++++++++ .../googlecloud/vpcflow/config/pipeline.js | 259 ++++++++++++++ .../modules.d/googlecloud.yml.disabled | 57 +++ 6 files changed, 1072 insertions(+) create mode 100644 x-pack/filebeat/module/googlecloud/_meta/config.yml create mode 100644 x-pack/filebeat/module/googlecloud/audit/config/pipeline.js create mode 100644 x-pack/filebeat/module/googlecloud/firewall/config/pipeline.js create mode 100644 x-pack/filebeat/module/googlecloud/vpcflow/config/pipeline.js create mode 100644 x-pack/filebeat/modules.d/googlecloud.yml.disabled diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index 32c01ddb88f6..a86809a1fbbc 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -854,6 +854,62 @@ filebeat.modules: # the subscription. var.credentials_file: ${path.config}/gcp-service-account-xyz.json +#----------------------------- Googlecloud Module ----------------------------- +- module: googlecloud + vpcflow: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing VPC flow logs. Stackdriver must be + # configured to use this topic as a sink for VPC flow logs. + var.topic: googlecloud-vpc-flowlogs + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + + firewall: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing firewall logs. Stackdriver must be + # configured to use this topic as a sink for firewall logs. + var.topic: googlecloud-vpc-firewall + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-googlecloud-firewall-sub + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + + audit: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing firewall logs. Stackdriver must be + # configured to use this topic as a sink for firewall logs. + var.topic: googlecloud-vpc-audit + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-googlecloud-audit + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + #-------------------------------- Gsuite Module -------------------------------- - module: gsuite saml: diff --git a/x-pack/filebeat/module/googlecloud/_meta/config.yml b/x-pack/filebeat/module/googlecloud/_meta/config.yml new file mode 100644 index 000000000000..7ca54bd84c06 --- /dev/null +++ b/x-pack/filebeat/module/googlecloud/_meta/config.yml @@ -0,0 +1,54 @@ +- module: googlecloud + vpcflow: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing VPC flow logs. Stackdriver must be + # configured to use this topic as a sink for VPC flow logs. + var.topic: googlecloud-vpc-flowlogs + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + + firewall: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing firewall logs. Stackdriver must be + # configured to use this topic as a sink for firewall logs. + var.topic: googlecloud-vpc-firewall + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-googlecloud-firewall-sub + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + + audit: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing firewall logs. Stackdriver must be + # configured to use this topic as a sink for firewall logs. + var.topic: googlecloud-vpc-audit + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-googlecloud-audit + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json diff --git a/x-pack/filebeat/module/googlecloud/audit/config/pipeline.js b/x-pack/filebeat/module/googlecloud/audit/config/pipeline.js new file mode 100644 index 000000000000..a24bd6219340 --- /dev/null +++ b/x-pack/filebeat/module/googlecloud/audit/config/pipeline.js @@ -0,0 +1,315 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +function Audit(keep_original_message) { + var processor = require("processor"); + + // The pub/sub input writes the Stackdriver LogEntry object into the message + // field. The message needs decoded as JSON. + var decodeJson = new processor.DecodeJSONFields({ + fields: ["message"], + target: "json", + }); + + // Set @timetamp the LogEntry's timestamp. + var parseTimestamp = new processor.Timestamp({ + field: "json.timestamp", + timezone: "UTC", + layouts: ["2006-01-02T15:04:05.999999999Z07:00"], + tests: ["2019-06-14T03:50:10.845445834Z"], + ignore_missing: true, + }); + + var saveOriginalMessage = function(evt) {}; + if (keep_original_message) { + saveOriginalMessage = new processor.Convert({ + fields: [ + {from: "message", to: "event.original"} + ], + mode: "rename" + }); + } + + var dropPubSubFields = function(evt) { + evt.Delete("message"); + }; + + var saveMetadata = new processor.Convert({ + fields: [ + {from: "json.logName", to: "log.logger"}, + {from: "json.insertId", to: "event.id"}, + ], + ignore_missing: true + }); + + // Use the monitored resource type's labels to set the cloud metadata. + // The labels can vary based on the resource.type. + // https://cloud.google.com/logging/docs/reference/v2/rest/v2/MonitoredResource + var setCloudMetadata = new processor.Convert({ + fields: [ + { + from: "json.resource.labels.project_id", + to: "cloud.project.id", + type: "string" + }, + { + from: "json.resource.labels.instance_id", + to: "cloud.instance.id", + type: "string" + } + ], + ignore_missing: true, + fail_on_error: false, + }); + + // The log includes a protoPayload field. + // https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry + var convertLogEntry = new processor.Convert({ + fields: [ + {from: "json.protoPayload", to: "json"}, + ], + mode: "rename", + }); + + // The LogEntry's protoPayload is moved to the json field. The protoPayload + // contains the structured audit log fields. + // https://cloud.google.com/logging/docs/reference/audit/auditlog/rest/Shared.Types/AuditLog + var convertProtoPayload = new processor.Convert({ + fields: [ + { + from: "json.@type", + to: "googlecloud.audit.type", + type: "string" + }, + { + from: "json.authenticationInfo.principalEmail", + to: "googlecloud.audit.authentication_info.principal_email", + type: "string" + }, + { + from: "json.authenticationInfo.authoritySelector", + to: "googlecloud.audit.authentication_info.authority_selector", + type: "string" + }, + { + from: "json.authorizationInfo", + to: "googlecloud.audit.authorization_info" + // Type is an array of objects. + }, + { + from: "json.methodName", + to: "googlecloud.audit.method_name", + type: "string", + }, + { + from: "json.numResponseItems", + to: "googlecloud.audit.num_response_items", + type: "long" + }, + { + from: "json.request.@type", + to: "googlecloud.audit.request.proto_name", + type: "string" + }, + // The values in the request object will depend on the proto type. + // So be very careful about making any assumptions about data shape. + { + from: "json.request.filter", + to: "googlecloud.audit.request.filter", + type: "string" + }, + { + from: "json.request.name", + to: "googlecloud.audit.request.name", + type: "string" + }, + { + from: "json.request.resourceName", + to: "googlecloud.audit.request.resource_name", + type: "string" + }, + { + from: "json.requestMetadata.callerIp", + to: "googlecloud.audit.request_metadata.caller_ip", + type: "ip" + }, + { + from: "json.requestMetadata.callerSuppliedUserAgent", + to: "googlecloud.audit.request_metadata.caller_supplied_user_agent", + type: "string", + }, + { + from: "json.response.@type", + to: "googlecloud.audit.response.proto_name", + type: "string" + }, + // The values in the response object will depend on the proto type. + // So be very careful about making any assumptions about data shape. + { + from: "json.response.status", + to: "googlecloud.audit.response.status", + type: "string" + }, + { + from: "json.response.details.group", + to: "googlecloud.audit.response.details.group", + type: "string" + }, + { + from: "json.response.details.kind", + to: "googlecloud.audit.response.details.kind", + type: "string" + }, + { + from: "json.response.details.name", + to: "googlecloud.audit.response.details.name", + type: "string" + }, + { + from: "json.response.details.uid", + to: "googlecloud.audit.response.details.uid", + type: "string", + }, + { + from: "json.resourceName", + to: "googlecloud.audit.resource_name", + type: "string", + }, + { + from: "json.resourceLocation.currentLocations", + to: "googlecloud.audit.resource_location.current_locations" + // Type is a string array. + }, + { + from: "json.serviceName", + to: "googlecloud.audit.service_name", + type: "string", + }, + { + from: "json.status.code", + to: "googlecloud.audit.status.code", + type: "integer", + }, + { + from: "json.status.message", + to: "googlecloud.audit.status.message", + type: "string" + }, + ], + mode: "rename", + ignore_missing: true, + fail_on_error: false, + }); + + // Copy some fields + var copyFields = new processor.Convert({ + fields: [ + { + from: "googlecloud.audit.request_metadata.caller_ip", + to: "source.ip", + type: "ip" + }, + { + from: "googlecloud.audit.authentication_info.principal_email", + to: "user.email", + type: "string" + }, + { + from: "googlecloud.audit.service_name", + to: "service.name", + type: "string" + }, + { + from: "googlecloud.audit.request_metadata.caller_supplied_user_agent", + to: "user_agent.original", + type: "string" + }, + { + from: "googlecloud.audit.method_name", + to: "event.action", + type: "string" + }, + ], + ignore_missing: true, + fail_on_error: false, + }); + + // Drop extra fields + var dropExtraFields = function(evt) { + evt.Delete("json"); + }; + + // Rename nested fields. + var renameNestedFields = function(evt) { + var arr = evt.Get("googlecloud.audit.authorization_info"); + if (Array.isArray(arr)) { + for (var i = 0; i < arr.length; i++) { + if (arr[i].resourceAttributes) { + // Convert to snake_case. + arr[i].resource_attributes = arr[i].resourceAttributes; + delete arr[i].resourceAttributes; + } + } + } + }; + + // Set ECS categorization fields. + var setECSCategorization = function(evt) { + evt.Put("event.kind", "event"); + + // google.rpc.Code value for OK is 0. + if (evt.Get("googlecloud.audit.status.code") === 0) { + evt.Put("event.outcome", "success"); + return; + } + + // Try to use authorization_info.granted when there was no status code. + if (evt.Get("googlecloud.audit.status.code") == null) { + var authorization_info = evt.Get("googlecloud.audit.authorization_info"); + if (Array.isArray(authorization_info) && authorization_info.length === 1) { + if (authorization_info[0].granted === true) { + evt.Put("event.outcome", "success"); + } else if (authorization_info[0].granted === false) { + evt.Put("event.outcome", "failure"); + } + return + } + + evt.Put("event.outcome", "unknown"); + return; + } + + evt.Put("event.outcome", "failure"); + }; + + var pipeline = new processor.Chain() + .Add(decodeJson) + .Add(parseTimestamp) + .Add(saveOriginalMessage) + .Add(dropPubSubFields) + .Add(saveMetadata) + .Add(setCloudMetadata) + .Add(convertLogEntry) + .Add(convertProtoPayload) + .Add(copyFields) + .Add(dropExtraFields) + .Add(renameNestedFields) + .Add(setECSCategorization) + .Build(); + + return { + process: pipeline.Run, + }; +} + +var audit; + +// Register params from configuration. +function register(params) { + audit = new Audit(params.keep_original_message); +} + +function process(evt) { + return audit.process(evt); +} diff --git a/x-pack/filebeat/module/googlecloud/firewall/config/pipeline.js b/x-pack/filebeat/module/googlecloud/firewall/config/pipeline.js new file mode 100644 index 000000000000..b059233ad4f1 --- /dev/null +++ b/x-pack/filebeat/module/googlecloud/firewall/config/pipeline.js @@ -0,0 +1,331 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +var processor = require("processor"); +var console = require("console"); + +// makeMapper({from:field, to:field, default:value mappings:{orig: new, [...]}}) +// +// Processor that sets _to_ field from a mapping of _from_ field's value. +function makeMapper(options) { + return function (evt) { + var key = evt.Get(options.from); + var value = options.default; + if (key in options.mappings) { + value = options.mappings[key]; + } + if (value != null) { + evt.Put(options.to, value); + } + }; +} + +// makeConditional({condition:expr, result1:processor|expr, [...]}) +// +// Processor that selects which processor to run depending on the result of +// evaluating a _condition_. Result can be boolean (if-else equivalent) or any +// other value (switch equivalent). Unspecified values are a no-op. +function makeConditional(options) { + return function (evt) { + var branch = options[options.condition(evt)] || function(evt){}; + return (typeof branch === "function" ? branch : branch.Run)(evt); + }; +} + +// logEvent(msg) +// +// Processor that logs the current value of evt to console.debug. +function makeLogEvent(msg) { + return function (evt) { + console.debug(msg + " :" + JSON.stringify(evt, null, 4)); + }; +} + +// PipelineBuilder to aid debugging of pipelines during development. +function PipelineBuilder(pipelineName, debug) { + this.pipeline = new processor.Chain(); + this.add = function (processor) { + this.pipeline = this.pipeline.Add(processor); + }; + this.Add = function (name, processor) { + this.add(processor); + if (debug) { + this.add(makeLogEvent("after " + pipelineName + "/" + name)); + } + }; + this.Build = function () { + if (debug) { + this.add(makeLogEvent(pipelineName + "processing done")); + } + return this.pipeline.Build(); + }; + if (debug) { + this.add(makeLogEvent(pipelineName + ": begin processing event")); + } +} + +function FirewallProcessor(keep_original_message, debug) { + var builder = new PipelineBuilder("firewall", debug); + + // The pub/sub input writes the Stackdriver LogEntry object into the message + // field. The message needs decoded as JSON. + builder.Add("decodeJson", new processor.DecodeJSONFields({ + fields: ["message"], + target: "json" + })); + + // Set @timestamp to the LogEntry's timestamp. + builder.Add("parseTimestamp", new processor.Timestamp({ + field: "json.timestamp", + timezone: "UTC", + layouts: ["2006-01-02T15:04:05.999999999Z07:00"], + tests: ["2019-06-14T03:50:10.845445834Z"], + ignore_missing: true + })); + + if (keep_original_message) { + builder.Add("saveOriginalMessage", new processor.Convert({ + fields: [ + {from: "message", to: "event.original"} + ], + mode: "rename" + })); + } + + builder.Add("dropPubSubFields", function(evt) { + evt.Delete("message"); + evt.Delete("labels"); + }); + + builder.Add("categorizeEvent", new processor.AddFields({ + target: "event", + fields: { + kind: "event", + category: "network", + type: "connection", + action: "firewall-rule" + }, + })); + + builder.Add("saveMetadata", new processor.Convert({ + fields: [ + {from: "json.logName", to: "log.logger"}, + {from: "json.resource.labels.subnetwork_name", to: "network.name"}, + {from: "json.insertId", to: "event.id"} + ], + ignore_missing: true + })); + + // Firewall logs are structured so the LogEntry includes a jsonPayload field. + // https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry + // The LogEntry's jsonPayload is moved to the json field. The jsonPayload + // contains the structured VPC flow log fields. + builder.Add("convertLogEntry", new processor.Convert({ + fields: [ + {from: "json.jsonPayload", to: "json"}, + ], + mode: "rename" + })); + + builder.Add("addType", function(evt) { + var disp = evt.Get("json.disposition"); + if (disp != null) { + evt.AppendTo("event.type", disp.toLowerCase()); + } + }); + + builder.Add("addDirection", makeMapper({ + from: "json.rule_details.direction", + to: "network.direction", + mappings: { + INGRESS: "inbound", + EGRESS: "outbound" + }, + default: "unknown" + })); + + builder.Add("conditionalRename", makeConditional({ + condition: function(evt) { + return evt.Get("json.rule_details.direction"); + }, + EGRESS: processor.Convert({ + fields: [ + {from: "json.vpc", to: "json.src_vpc"}, + {from: "json.instance", to: "json.src_instance"}, + {from: "json.location", to: "json.src_location"}, + {from: "json.remote_vpc", to: "json.dest_vpc"}, + {from: "json.remote_instance", to: "json.dest_instance"}, + {from: "json.remote_location", to: "json.dest_location"} + ], + mode: "rename", + fail_on_error: false, + ignore_missing: true + }), + + INGRESS: processor.Convert({ + fields: [ + {from: "json.vpc", to: "json.dest_vpc"}, + {from: "json.instance", to: "json.dest_instance"}, + {from: "json.location", to: "json.dest_location"}, + {from: "json.remote_vpc", to: "json.src_vpc"}, + {from: "json.remote_instance", to: "json.src_instance"}, + {from: "json.remote_location", to: "json.src_location"} + ], + mode: "rename", + fail_on_error: false, + ignore_missing: true + }) + })); + + // Set network.iana_number from connection.protocol, converting it to long + // and ignoring the failure if it's not numeric. + builder.Add("ianaNumber", new processor.Convert({ + fields: [{ + from: "json.connection.protocol", + to: "network.iana_number", + type: "long" + }], + fail_on_error: false + })); + + // Set network.transport from iana_number. GCP Firewall only supports + // logging of tcp and udp connections, added icmp just in case as it's the + // other protocol supported by firewall rules. + builder.Add("transportFromIANA", makeMapper({ + from: "network.iana_number", + to: "network.transport", + mappings: { + 1: "icmp", + 6: "tcp", + 17: "udp" + } + })); + + builder.Add("convertJsonPayload", new processor.Convert({ + fields: [ + {from: "json.connection.dest_ip", to: "destination.address"}, + {from: "json.connection.dest_port", to: "destination.port", type: "long"}, + {from: "json.connection.src_ip", to: "source.address"}, + {from: "json.connection.src_port", to: "source.port", type: "long"}, + + {from: "json.src_instance.vm_name", to: "source.domain"}, + {from: "json.dest_instance.vm_name", to: "destination.domain"}, + + {from: "json.dest_location.asn", to: "destination.as.number", type: "long"}, + {from: "json.dest_location.continent", to: "destination.geo.continent_name"}, + {from: "json.dest_location.country", to: "destination.geo.country_name"}, + {from: "json.dest_location.region", to: "destination.geo.region_name"}, + {from: "json.dest_location.city", to: "destination.geo.city_name"}, + + {from: "json.src_location.asn", to: "source.as.number", type: "long"}, + {from: "json.src_location.continent", to: "source.geo.continent_name"}, + {from: "json.src_location.country", to: "source.geo.country_name"}, + {from: "json.src_location.region", to: "source.geo.region_name"}, + {from: "json.src_location.city", to: "source.geo.city_name"}, + + {from: "json.dest_instance", to: "googlecloud.destination.instance"}, + {from: "json.dest_vpc", to: "googlecloud.destination.vpc"}, + {from: "json.src_instance", to: "googlecloud.source.instance"}, + {from: "json.src_vpc", to: "googlecloud.source.vpc"}, + {from: "json.rule_details.reference", to: "rule.name"}, + {from: "json", to: "googlecloud.firewall"}, + ], + mode: "rename", + ignore_missing: true, + fail_on_error: false + })); + + // Delete emtpy object's whose fields have been renamed leaving them childless. + builder.Add("dropEmptyObjects", function (evt) { + evt.Delete("googlecloud.firewall.connection"); + evt.Delete("googlecloud.firewall.dest_location"); + evt.Delete("googlecloud.firewall.disposition"); + evt.Delete("googlecloud.firewall.src_location"); + }); + + // Copy the source/destination.address to source/destination.ip if they are + // valid IP addresses. + builder.Add("copyAddressFields", new processor.Convert({ + fields: [ + {from: "source.address", to: "source.ip", type: "ip"}, + {from: "destination.address", to: "destination.ip", type: "ip"} + ], + fail_on_error: false + })); + + builder.Add("setCloudMetadata", makeConditional({ + condition: function (evt) { + return evt.Get("json.rule_details.direction"); + }, + EGRESS: new processor.Convert({ + fields: [ + {from: "googlecloud.source.instance.project_id", to: "cloud.project.id"}, + {from: "googlecloud.source.instance.vm_name", to: "cloud.instance.name"}, + {from: "googlecloud.source.instance.region", to: "cloud.region"}, + {from: "googlecloud.source.instance.zone", to: "cloud.availability_zone"}, + {from: "googlecloud.source.vpc.subnetwork_name", to: "network.name"} + ], + ignore_missing: true + }), + + INGRESS: new processor.Convert({ + fields: [ + {from: "googlecloud.destination.instance.project_id", to: "cloud.project.id"}, + {from: "googlecloud.destination.instance.vm_name", to: "cloud.instance.name"}, + {from: "googlecloud.destination.instance.region", to: "cloud.region"}, + {from: "googlecloud.destination.instance.zone", to: "cloud.availability_zone"}, + {from: "googlecloud.destination.vpc.subnetwork_name", to: "network.name"}, + ], + ignore_missing: true + }) + })); + + builder.Add("communityId", new processor.CommunityID({ + fields: { + transport: "network.iana_number" + } + })); + + builder.Add("setInternalDirection", function(event) { + var srcInstance = event.Get("googlecloud.source.instance"); + var destInstance = event.Get("googlecloud.destination.instance"); + if (srcInstance && destInstance) { + event.Put("network.direction", "internal"); + } + }); + + builder.Add("setNetworkType", function(event) { + var ip = event.Get("source.ip"); + if (!ip) { + return; + } + + if (ip.indexOf(".") !== -1) { + event.Put("network.type", "ipv4"); + } else { + event.Put("network.type", "ipv6"); + } + }); + + builder.Add("setRelatedIP", function(event) { + event.AppendTo("related.ip", event.Get("source.ip")); + event.AppendTo("related.ip", event.Get("destination.ip")); + }); + + var chain = builder.Build(); + return { + process: chain.Run + }; +} + +var firewall; + +// Register params from configuration. +function register(params) { + firewall = new FirewallProcessor(params.keep_original_message, params.debug); +} + +function process(evt) { + return firewall.process(evt); +} diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/config/pipeline.js b/x-pack/filebeat/module/googlecloud/vpcflow/config/pipeline.js new file mode 100644 index 000000000000..dd7e3e0ea7ed --- /dev/null +++ b/x-pack/filebeat/module/googlecloud/vpcflow/config/pipeline.js @@ -0,0 +1,259 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +function VPCFlow(keep_original_message) { + var processor = require("processor"); + + // The pub/sub input writes the Stackdriver LogEntry object into the message + // field. The message needs decoded as JSON. + var decodeJson = new processor.DecodeJSONFields({ + fields: ["message"], + target: "json", + }); + + // Set @timetamp the LogEntry's timestamp. + var parseTimestamp = new processor.Timestamp({ + field: "json.timestamp", + timezone: "UTC", + layouts: ["2006-01-02T15:04:05.999999999Z07:00"], + tests: ["2019-06-14T03:50:10.845445834Z"], + ignore_missing: true, + }); + + var saveOriginalMessage = function(evt) {}; + if (keep_original_message) { + saveOriginalMessage = new processor.Convert({ + fields: [ + {from: "message", to: "event.original"} + ], + mode: "rename" + }); + } + + var dropPubSubFields = function(evt) { + evt.Delete("message"); + evt.Delete("labels"); + }; + + var categorizeEvent = new processor.AddFields({ + target: "event", + fields: { + kind: "event", + category: "network", + type: "connection", + }, + }); + + + var saveMetadata = new processor.Convert({ + fields: [ + {from: "json.logName", to: "log.logger"}, + {from: "json.insertId", to: "event.id"}, + ], + ignore_missing: true + }); + + // Use the LogEntry object's timestamp. VPC flow logs are structured so the + // LogEntry includes a jsonPayload field. + // https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry + var convertLogEntry = new processor.Convert({ + fields: [ + {from: "json.jsonPayload", to: "json"}, + ], + mode: "rename", + }); + + // The LogEntry's jsonPayload is moved to the json field. The jsonPayload + // contains the structured VPC flow log fields. + // https://cloud.google.com/vpc/docs/using-flow-logs#record_format + var convertJsonPayload = new processor.Convert({ + fields: [ + {from: "json.connection.dest_ip", to: "destination.address"}, + {from: "json.connection.dest_port", to: "destination.port", type: "long"}, + {from: "json.connection.protocol", to: "network.iana_number", type: "string"}, + {from: "json.connection.src_ip", to: "source.address"}, + {from: "json.connection.src_port", to: "source.port", type: "long"}, + + {from: "json.src_instance.vm_name", to: "source.domain"}, + {from: "json.dest_instance.vm_name", to: "destination.domain"}, + + {from: "json.bytes_sent", to: "source.bytes", type: "long"}, + {from: "json.packets_sent", to: "source.packets", type: "long"}, + + {from: "json.start_time", to: "event.start"}, + {from: "json.end_time", to: "event.end"}, + + {from: "json.dest_location.asn", to: "destination.as.number", type: "long"}, + {from: "json.dest_location.continent", to: "destination.geo.continent_name"}, + {from: "json.dest_location.country", to: "destination.geo.country_name"}, + {from: "json.dest_location.region", to: "destination.geo.region_name"}, + {from: "json.dest_location.city", to: "destination.geo.city_name"}, + + {from: "json.src_location.asn", to: "source.as.number", type: "long"}, + {from: "json.src_location.continent", to: "source.geo.continent_name"}, + {from: "json.src_location.country", to: "source.geo.country_name"}, + {from: "json.src_location.region", to: "source.geo.region_name"}, + {from: "json.src_location.city", to: "source.geo.city_name"}, + + {from: "json.dest_instance", to: "googlecloud.destination.instance"}, + {from: "json.dest_vpc", to: "googlecloud.destination.vpc"}, + {from: "json.src_instance", to: "googlecloud.source.instance"}, + {from: "json.src_vpc", to: "googlecloud.source.vpc"}, + + {from: "json.rtt_msec", to: "json.rtt.ms", type: "long"}, + {from: "json", to: "googlecloud.vpcflow"}, + ], + mode: "rename", + ignore_missing: true, + }); + + // Delete emtpy object's whose fields have been renamed leaving them childless. + var dropEmptyObjects = function (evt) { + evt.Delete("googlecloud.vpcflow.connection"); + evt.Delete("googlecloud.vpcflow.dest_location"); + evt.Delete("googlecloud.vpcflow.src_location"); + }; + + // Copy the source/destination.address to source/destination.ip if they are + // valid IP addresses. + var copyAddressFields = new processor.Convert({ + fields: [ + {from: "source.address", to: "source.ip", type: "ip"}, + {from: "destination.address", to: "destination.ip", type: "ip"}, + ], + fail_on_error: false, + }); + + var setCloudFromDestInstance = new processor.Convert({ + fields: [ + {from: "googlecloud.destination.instance.project_id", to: "cloud.project.id"}, + {from: "googlecloud.destination.instance.vm_name", to: "cloud.instance.name"}, + {from: "googlecloud.destination.instance.region", to: "cloud.region"}, + {from: "googlecloud.destination.instance.zone", to: "cloud.availability_zone"}, + {from: "googlecloud.destination.vpc.subnetwork_name", to: "network.name"}, + ], + ignore_missing: true, + }); + + var setCloudFromSrcInstance = new processor.Convert({ + fields: [ + {from: "googlecloud.source.instance.project_id", to: "cloud.project.id"}, + {from: "googlecloud.source.instance.vm_name", to: "cloud.instance.name"}, + {from: "googlecloud.source.instance.region", to: "cloud.region"}, + {from: "googlecloud.source.instance.zone", to: "cloud.availability_zone"}, + {from: "googlecloud.source.vpc.subnetwork_name", to: "network.name"}, + ], + ignore_missing: true, + }); + + // Set the cloud metadata fields based on the instance that reported the + // event. + var setCloudMetadata = function(evt) { + var reporter = evt.Get("googlecloud.vpcflow.reporter"); + + if (reporter === "DEST") { + setCloudFromDestInstance.Run(evt); + } else if (reporter === "SRC") { + setCloudFromSrcInstance.Run(evt); + } + }; + + var communityId = new processor.CommunityID({ + fields: { + transport: "network.iana_number", + } + }); + + // VPC flows are unidirectional so we only have to worry about copy the + // source.bytes/packets over to network.bytes/packets. + var setNetworkBytesPackets = new processor.Convert({ + fields: [ + {from: "source.bytes", to: "network.bytes"}, + {from: "source.packets", to: "network.packets"}, + ], + ignore_missing: true, + }); + + // VPC flow logs are reported for TCP and UDP traffic only so handle these + // protocols' IANA numbers. + var setNetworkTransport = function(event) { + var ianaNumber = event.Get("network.iana_number"); + switch (ianaNumber) { + case "6": + event.Put("network.transport", "tcp"); + break; + case "17": + event.Put("network.transport", "udp"); + break; + } + }; + + var setNetworkDirection = function(event) { + var srcInstance = event.Get("googlecloud.source.instance"); + var destInstance = event.Get("googlecloud.destination.instance"); + var direction = "unknown"; + + if (srcInstance && destInstance) { + direction = "internal"; + } else if (srcInstance) { + direction = "outbound"; + } else if (destInstance) { + direction = "inbound"; + } + event.Put("network.direction", direction); + }; + + var setNetworkType = function(event) { + var ip = event.Get("source.ip"); + if (!ip) { + return; + } + + if (ip.indexOf(".") !== -1) { + event.Put("network.type", "ipv4"); + } else { + event.Put("network.type", "ipv6"); + } + }; + + var setRelatedIP = function(event) { + event.AppendTo("related.ip", event.Get("source.ip")); + event.AppendTo("related.ip", event.Get("destination.ip")); + }; + + var pipeline = new processor.Chain() + .Add(decodeJson) + .Add(parseTimestamp) + .Add(saveOriginalMessage) + .Add(dropPubSubFields) + .Add(categorizeEvent) + .Add(saveMetadata) + .Add(convertLogEntry) + .Add(convertJsonPayload) + .Add(dropEmptyObjects) + .Add(copyAddressFields) + .Add(setCloudMetadata) + .Add(communityId) + .Add(setNetworkBytesPackets) + .Add(setNetworkTransport) + .Add(setNetworkDirection) + .Add(setNetworkType) + .Add(setRelatedIP) + .Build(); + + return { + process: pipeline.Run, + }; +} + +var vpcflow; + +// Register params from configuration. +function register(params) { + vpcflow = new VPCFlow(params.keep_original_message); +} + +function process(evt) { + return vpcflow.process(evt); +} diff --git a/x-pack/filebeat/modules.d/googlecloud.yml.disabled b/x-pack/filebeat/modules.d/googlecloud.yml.disabled new file mode 100644 index 000000000000..9bf81802677a --- /dev/null +++ b/x-pack/filebeat/modules.d/googlecloud.yml.disabled @@ -0,0 +1,57 @@ +# Module: googlecloud +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-googlecloud.html + +- module: googlecloud + vpcflow: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing VPC flow logs. Stackdriver must be + # configured to use this topic as a sink for VPC flow logs. + var.topic: googlecloud-vpc-flowlogs + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + + firewall: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing firewall logs. Stackdriver must be + # configured to use this topic as a sink for firewall logs. + var.topic: googlecloud-vpc-firewall + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-googlecloud-firewall-sub + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + + audit: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing firewall logs. Stackdriver must be + # configured to use this topic as a sink for firewall logs. + var.topic: googlecloud-vpc-audit + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-googlecloud-audit + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json From cfb3d1f8edf09b4da89fe6bbb6e7f3770de88c02 Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Wed, 28 Oct 2020 14:47:36 -0600 Subject: [PATCH 03/14] fix visualization names --- .../dashboard/filebeat-googlecloud-audit.json | 36 +++++++++---------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/x-pack/filebeat/module/gcp/_meta/kibana/7/dashboard/filebeat-googlecloud-audit.json b/x-pack/filebeat/module/gcp/_meta/kibana/7/dashboard/filebeat-googlecloud-audit.json index b87e6793afbc..0c6cc78c153d 100644 --- a/x-pack/filebeat/module/gcp/_meta/kibana/7/dashboard/filebeat-googlecloud-audit.json +++ b/x-pack/filebeat/module/gcp/_meta/kibana/7/dashboard/filebeat-googlecloud-audit.json @@ -120,7 +120,7 @@ } ], "timeRestore": false, - "title": "[Filebeat GoogleCloud] Audit", + "title": "[Filebeat GCP] Audit", "version": 1 }, "id": "6576c480-73a2-11ea-a345-f985c61fe654", @@ -198,9 +198,9 @@ "type": "Polygon" }, "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"866b5ce1-6ca0-47db-a6f2-54c5e0dcd2f0\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{},\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"id\":\"79ec6461-7561-45e4-a6a2-9d6fbd4cf986\",\"geoField\":\"source.geo.location\",\"filterByMapBounds\":true,\"scalingType\":\"LIMIT\",\"topHitsSize\":1,\"type\":\"ES_SEARCH\",\"tooltipProperties\":[],\"sortField\":\"\",\"sortOrder\":\"desc\",\"applyGlobalQuery\":true,\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#41937c\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"279da950-e9a7-4287-ab37-25906e448455\",\"label\":\"Source Locations\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"joins\":[],\"query\":{\"query\":\"event.dataset:googlecloud.audit\",\"language\":\"kuery\"}}]", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"866b5ce1-6ca0-47db-a6f2-54c5e0dcd2f0\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{},\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"id\":\"79ec6461-7561-45e4-a6a2-9d6fbd4cf986\",\"geoField\":\"source.geo.location\",\"filterByMapBounds\":true,\"scalingType\":\"LIMIT\",\"topHitsSize\":1,\"type\":\"ES_SEARCH\",\"tooltipProperties\":[],\"sortField\":\"\",\"sortOrder\":\"desc\",\"applyGlobalQuery\":true,\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#41937c\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"279da950-e9a7-4287-ab37-25906e448455\",\"label\":\"Source Locations\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"joins\":[],\"query\":{\"query\":\"event.dataset:gcp.audit\",\"language\":\"kuery\"}}]", "mapStateJSON": "{\"zoom\":1.97,\"center\":{\"lon\":0,\"lat\":19.94277},\"timeFilters\":{\"from\":\"now-7d\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":false,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]}", - "title": "Audit Source Locations [Filebeat GoogleCloud]", + "title": "Audit Source Locations [Filebeat GCP]", "uiStateJSON": { "isLayerTOCOpen": true, "openTOCDetails": [] @@ -231,7 +231,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Audit Events Outcome over time [Filebeat GoogleCloud]", + "title": "Audit Events Outcome over time [Filebeat GCP]", "uiStateJSON": {}, "version": 1, "visState": { @@ -356,7 +356,7 @@ } ] }, - "title": "Audit Event Outcome over time [Filebeat GoogleCloud]", + "title": "Audit Event Outcome over time [Filebeat GCP]", "type": "histogram" } }, @@ -388,7 +388,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Audit Event Action [Filebeat GoogleCloud]", + "title": "Audit Event Action [Filebeat GCP]", "uiStateJSON": {}, "version": 1, "visState": { @@ -430,7 +430,7 @@ "legendPosition": "right", "type": "pie" }, - "title": "Audit Event Action [Filebeat GoogleCloud]", + "title": "Audit Event Action [Filebeat GCP]", "type": "pie" } }, @@ -462,7 +462,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Audit Top User Email [Filebeat GoogleCloud]", + "title": "Audit Top User Email [Filebeat GCP]", "uiStateJSON": {}, "version": 1, "visState": { @@ -498,7 +498,7 @@ "scale": "linear", "showLabel": true }, - "title": "Audit Top User Email [Filebeat GoogleCloud]", + "title": "Audit Top User Email [Filebeat GCP]", "type": "tagcloud" } }, @@ -530,7 +530,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Audit User Agent [Filebeat GoogleCloud]", + "title": "Audit User Agent [Filebeat GCP]", "uiStateJSON": {}, "version": 1, "visState": { @@ -572,7 +572,7 @@ "legendPosition": "right", "type": "pie" }, - "title": "Audit User Agent [Filebeat GoogleCloud]", + "title": "Audit User Agent [Filebeat GCP]", "type": "pie" } }, @@ -604,7 +604,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Audit Resource Name [Filebeat GoogleCloud]", + "title": "Audit Resource Name [Filebeat GCP]", "uiStateJSON": {}, "version": 1, "visState": { @@ -620,7 +620,7 @@ "enabled": true, "id": "2", "params": { - "field": "googlecloud.audit.resource_name", + "field": "gcp.audit.resource_name", "missingBucket": false, "missingBucketLabel": "Missing", "order": "desc", @@ -646,7 +646,7 @@ "legendPosition": "right", "type": "pie" }, - "title": "Audit Resource Name [Filebeat GoogleCloud]", + "title": "Audit Resource Name [Filebeat GCP]", "type": "pie" } }, @@ -670,7 +670,7 @@ "columns": [ "user.email", "service.name", - "googlecloud.audit.type", + "gcp.audit.type", "event.action", "event.outcome", "source.ip", @@ -692,13 +692,13 @@ "key": "event.dataset", "negate": false, "params": { - "query": "googlecloud.audit" + "query": "gcp.audit" }, "type": "phrase" }, "query": { "match_phrase": { - "event.dataset": "googlecloud.audit" + "event.dataset": "gcp.audit" } } } @@ -713,7 +713,7 @@ } }, "sort": [], - "title": "Audit [Filebeat GoogleCloud]", + "title": "Audit [Filebeat GCP]", "version": 1 }, "id": "d88364c0-73a1-11ea-a345-f985c61fe654", From 0d14d98cc276ab411b4da855878139eda29d0b7e Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Wed, 28 Oct 2020 15:01:26 -0600 Subject: [PATCH 04/14] change to gcp in fields.yml --- x-pack/filebeat/module/gcp/_meta/fields.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/x-pack/filebeat/module/gcp/_meta/fields.yml b/x-pack/filebeat/module/gcp/_meta/fields.yml index 8f97f9b19c09..3e2753f09b2a 100644 --- a/x-pack/filebeat/module/gcp/_meta/fields.yml +++ b/x-pack/filebeat/module/gcp/_meta/fields.yml @@ -1,9 +1,9 @@ -- key: googlecloud - title: Google Cloud +- key: gcp + title: GCP description: > Module for handling logs from Google Cloud. fields: - - name: googlecloud + - name: gcp type: group description: > Fields from Google Cloud logs. From 35f9ef15a615b6f5be4f5dcbac3ddb3c22a116d4 Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Thu, 29 Oct 2020 16:19:13 -0600 Subject: [PATCH 05/14] rerun mage update for fields.yml --- filebeat/docs/fields.asciidoc | 104 +++++++++--------- x-pack/filebeat/filebeat.reference.yml | 2 +- ...oud-audit.json => filebeat-gcp-audit.json} | 0 x-pack/filebeat/module/gcp/fields.go | 2 +- 4 files changed, 54 insertions(+), 54 deletions(-) rename x-pack/filebeat/module/gcp/_meta/kibana/7/dashboard/{filebeat-googlecloud-audit.json => filebeat-gcp-audit.json} (100%) diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index b1ee49fed5ca..9436eda700a7 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -37,7 +37,7 @@ grouped in the following categories: * <> * <> * <> -* <> +* <> * <> * <> * <> @@ -68451,15 +68451,15 @@ type: integer -- -[[exported-fields-googlecloud]] -== Google Cloud fields +[[exported-fields-gcp]] +== GCP fields Module for handling logs from Google Cloud. [float] -=== googlecloud +=== gcp Fields from Google Cloud logs. @@ -68472,7 +68472,7 @@ If the destination of the connection was a VM located on the same VPC, this fiel -*`googlecloud.destination.instance.project_id`*:: +*`gcp.destination.instance.project_id`*:: + -- ID of the project containing the VM. @@ -68482,7 +68482,7 @@ type: keyword -- -*`googlecloud.destination.instance.region`*:: +*`gcp.destination.instance.region`*:: + -- Region of the VM. @@ -68492,7 +68492,7 @@ type: keyword -- -*`googlecloud.destination.instance.zone`*:: +*`gcp.destination.instance.zone`*:: + -- Zone of the VM. @@ -68509,7 +68509,7 @@ If the destination of the connection was a VM located on the same VPC, this fiel -*`googlecloud.destination.vpc.project_id`*:: +*`gcp.destination.vpc.project_id`*:: + -- ID of the project containing the VM. @@ -68519,7 +68519,7 @@ type: keyword -- -*`googlecloud.destination.vpc.vpc_name`*:: +*`gcp.destination.vpc.vpc_name`*:: + -- VPC on which the VM is operating. @@ -68529,7 +68529,7 @@ type: keyword -- -*`googlecloud.destination.vpc.subnetwork_name`*:: +*`gcp.destination.vpc.subnetwork_name`*:: + -- Subnetwork on which the VM is operating. @@ -68546,7 +68546,7 @@ If the source of the connection was a VM located on the same VPC, this field is -*`googlecloud.source.instance.project_id`*:: +*`gcp.source.instance.project_id`*:: + -- ID of the project containing the VM. @@ -68556,7 +68556,7 @@ type: keyword -- -*`googlecloud.source.instance.region`*:: +*`gcp.source.instance.region`*:: + -- Region of the VM. @@ -68566,7 +68566,7 @@ type: keyword -- -*`googlecloud.source.instance.zone`*:: +*`gcp.source.instance.zone`*:: + -- Zone of the VM. @@ -68583,7 +68583,7 @@ If the source of the connection was a VM located on the same VPC, this field is -*`googlecloud.source.vpc.project_id`*:: +*`gcp.source.vpc.project_id`*:: + -- ID of the project containing the VM. @@ -68593,7 +68593,7 @@ type: keyword -- -*`googlecloud.source.vpc.vpc_name`*:: +*`gcp.source.vpc.vpc_name`*:: + -- VPC on which the VM is operating. @@ -68603,7 +68603,7 @@ type: keyword -- -*`googlecloud.source.vpc.subnetwork_name`*:: +*`gcp.source.vpc.subnetwork_name`*:: + -- Subnetwork on which the VM is operating. @@ -68620,7 +68620,7 @@ Fields for Google Cloud audit logs. -*`googlecloud.audit.type`*:: +*`gcp.audit.type`*:: + -- Type property. @@ -68637,7 +68637,7 @@ Authentication information. -*`googlecloud.audit.authentication_info.principal_email`*:: +*`gcp.audit.authentication_info.principal_email`*:: + -- The email address of the authenticated user making the request. @@ -68647,7 +68647,7 @@ type: keyword -- -*`googlecloud.audit.authentication_info.authority_selector`*:: +*`gcp.audit.authentication_info.authority_selector`*:: + -- The authority selector specified by the requestor, if any. It is not guaranteed that the principal was allowed to use this authority. @@ -68657,7 +68657,7 @@ type: keyword -- -*`googlecloud.audit.authorization_info`*:: +*`gcp.audit.authorization_info`*:: + -- Authorization information for the operation. @@ -68667,7 +68667,7 @@ type: array -- -*`googlecloud.audit.method_name`*:: +*`gcp.audit.method_name`*:: + -- The name of the service method or operation. For API calls, this should be the name of the API method. For example, 'google.datastore.v1.Datastore.RunQuery'. @@ -68677,7 +68677,7 @@ type: keyword -- -*`googlecloud.audit.num_response_items`*:: +*`gcp.audit.num_response_items`*:: + -- The number of items returned from a List or Query API method, if applicable. @@ -68694,7 +68694,7 @@ The operation request. -*`googlecloud.audit.request.proto_name`*:: +*`gcp.audit.request.proto_name`*:: + -- Type property of the request. @@ -68704,7 +68704,7 @@ type: keyword -- -*`googlecloud.audit.request.filter`*:: +*`gcp.audit.request.filter`*:: + -- Filter of the request. @@ -68714,7 +68714,7 @@ type: keyword -- -*`googlecloud.audit.request.name`*:: +*`gcp.audit.request.name`*:: + -- Name of the request. @@ -68724,7 +68724,7 @@ type: keyword -- -*`googlecloud.audit.request.resource_name`*:: +*`gcp.audit.request.resource_name`*:: + -- Name of the request resource. @@ -68741,7 +68741,7 @@ Metadata about the request. -*`googlecloud.audit.request_metadata.caller_ip`*:: +*`gcp.audit.request_metadata.caller_ip`*:: + -- The IP address of the caller. @@ -68751,7 +68751,7 @@ type: ip -- -*`googlecloud.audit.request_metadata.caller_supplied_user_agent`*:: +*`gcp.audit.request_metadata.caller_supplied_user_agent`*:: + -- The user agent of the caller. This information is not authenticated and should be treated accordingly. @@ -68768,7 +68768,7 @@ The operation response. -*`googlecloud.audit.response.proto_name`*:: +*`gcp.audit.response.proto_name`*:: + -- Type property of the response. @@ -68785,7 +68785,7 @@ The details of the response. -*`googlecloud.audit.response.details.group`*:: +*`gcp.audit.response.details.group`*:: + -- The name of the group. @@ -68795,7 +68795,7 @@ type: keyword -- -*`googlecloud.audit.response.details.kind`*:: +*`gcp.audit.response.details.kind`*:: + -- The kind of the response details. @@ -68805,7 +68805,7 @@ type: keyword -- -*`googlecloud.audit.response.details.name`*:: +*`gcp.audit.response.details.name`*:: + -- The name of the response details. @@ -68815,7 +68815,7 @@ type: keyword -- -*`googlecloud.audit.response.details.uid`*:: +*`gcp.audit.response.details.uid`*:: + -- The uid of the response details. @@ -68825,7 +68825,7 @@ type: keyword -- -*`googlecloud.audit.response.status`*:: +*`gcp.audit.response.status`*:: + -- Status of the response. @@ -68835,7 +68835,7 @@ type: keyword -- -*`googlecloud.audit.resource_name`*:: +*`gcp.audit.resource_name`*:: + -- The resource or collection that is the target of the operation. The name is a scheme-less URI, not including the API service name. For example, 'shelves/SHELF_ID/books'. @@ -68852,7 +68852,7 @@ The location of the resource. -*`googlecloud.audit.resource_location.current_locations`*:: +*`gcp.audit.resource_location.current_locations`*:: + -- Current locations of the resource. @@ -68862,7 +68862,7 @@ type: keyword -- -*`googlecloud.audit.service_name`*:: +*`gcp.audit.service_name`*:: + -- The name of the API service performing the operation. For example, datastore.googleapis.com. @@ -68879,7 +68879,7 @@ The status of the overall operation. -*`googlecloud.audit.status.code`*:: +*`gcp.audit.status.code`*:: + -- The status code, which should be an enum value of google.rpc.Code. @@ -68889,7 +68889,7 @@ type: integer -- -*`googlecloud.audit.status.message`*:: +*`gcp.audit.status.message`*:: + -- A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. @@ -68913,7 +68913,7 @@ Description of the firewall rule that matched this connection. -*`googlecloud.firewall.rule_details.priority`*:: +*`gcp.firewall.rule_details.priority`*:: + -- The priority for the firewall rule. @@ -68922,7 +68922,7 @@ type: long -- -*`googlecloud.firewall.rule_details.action`*:: +*`gcp.firewall.rule_details.action`*:: + -- Action that the rule performs on match. @@ -68931,7 +68931,7 @@ type: keyword -- -*`googlecloud.firewall.rule_details.direction`*:: +*`gcp.firewall.rule_details.direction`*:: + -- Direction of traffic that matches this rule. @@ -68940,7 +68940,7 @@ type: keyword -- -*`googlecloud.firewall.rule_details.reference`*:: +*`gcp.firewall.rule_details.reference`*:: + -- Reference to the firewall rule. @@ -68949,7 +68949,7 @@ type: keyword -- -*`googlecloud.firewall.rule_details.source_range`*:: +*`gcp.firewall.rule_details.source_range`*:: + -- List of source ranges that the firewall rule applies to. @@ -68958,7 +68958,7 @@ type: keyword -- -*`googlecloud.firewall.rule_details.destination_range`*:: +*`gcp.firewall.rule_details.destination_range`*:: + -- List of destination ranges that the firewall applies to. @@ -68967,7 +68967,7 @@ type: keyword -- -*`googlecloud.firewall.rule_details.source_tag`*:: +*`gcp.firewall.rule_details.source_tag`*:: + -- List of all the source tags that the firewall rule applies to. @@ -68977,7 +68977,7 @@ type: keyword -- -*`googlecloud.firewall.rule_details.target_tag`*:: +*`gcp.firewall.rule_details.target_tag`*:: + -- List of all the target tags that the firewall rule applies to. @@ -68987,7 +68987,7 @@ type: keyword -- -*`googlecloud.firewall.rule_details.ip_port_info`*:: +*`gcp.firewall.rule_details.ip_port_info`*:: + -- List of ip protocols and applicable port ranges for rules. @@ -68997,7 +68997,7 @@ type: array -- -*`googlecloud.firewall.rule_details.source_service_account`*:: +*`gcp.firewall.rule_details.source_service_account`*:: + -- List of all the source service accounts that the firewall rule applies to. @@ -69007,7 +69007,7 @@ type: keyword -- -*`googlecloud.firewall.rule_details.target_service_account`*:: +*`gcp.firewall.rule_details.target_service_account`*:: + -- List of all the target service accounts that the firewall rule applies to. @@ -69024,7 +69024,7 @@ Fields for Google Cloud VPC flow logs. -*`googlecloud.vpcflow.reporter`*:: +*`gcp.vpcflow.reporter`*:: + -- The side which reported the flow. Can be either 'SRC' or 'DEST'. @@ -69034,7 +69034,7 @@ type: keyword -- -*`googlecloud.vpcflow.rtt.ms`*:: +*`gcp.vpcflow.rtt.ms`*:: + -- Latency as measured (for TCP flows only) during the time interval. This is the time elapsed between sending a SEQ and receiving a corresponding ACK and it contains the network RTT as well as the application related delay. diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index a86809a1fbbc..651354df0825 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -798,7 +798,7 @@ filebeat.modules: # "+02:00" for GMT+02:00 # var.tz_offset: local -#----------------------------- Google Cloud Module ----------------------------- +#--------------------------------- GCP Module --------------------------------- - module: gcp vpcflow: enabled: true diff --git a/x-pack/filebeat/module/gcp/_meta/kibana/7/dashboard/filebeat-googlecloud-audit.json b/x-pack/filebeat/module/gcp/_meta/kibana/7/dashboard/filebeat-gcp-audit.json similarity index 100% rename from x-pack/filebeat/module/gcp/_meta/kibana/7/dashboard/filebeat-googlecloud-audit.json rename to x-pack/filebeat/module/gcp/_meta/kibana/7/dashboard/filebeat-gcp-audit.json diff --git a/x-pack/filebeat/module/gcp/fields.go b/x-pack/filebeat/module/gcp/fields.go index 87840a3883e6..4a5d9dcf88c0 100644 --- a/x-pack/filebeat/module/gcp/fields.go +++ b/x-pack/filebeat/module/gcp/fields.go @@ -19,5 +19,5 @@ func init() { // AssetGcp returns asset data. // This is the base64 encoded gzipped contents of module/gcp. func AssetGcp() string { - return "eJzsWltv47oRfs+vmLe0QFYHfd2HAoGzaYNuipzE3QJ9MRhybLGhSJUXu95fX/Am6+o4sbI9B1g/Jbp882lmOPNxpE/wgvvPsFFqI5AK5dgFgOVW4Gf4SzgIi3SUoaGa15Yr+Rn+fAEAcK+YEwhrpaEkkgkuNyDUxsBaq6pzf3EBsOYomPkc7vwEklTYN+x/dl/741q5Oh0ZMex/twFuaCowKNJlbZttuwyN5ZJ4zIJLY4mk2Fw0RuIIEf+7W4MtsQ0LKh6iSkqk4ciOGCDw7R6EosQiAyXDJYZUCN8eFlcdSFtyE/kDN1Cr2olw047b0oNk2sDQEi5MAXcSCDyVRCPzcB00quSab5wO3K6g1urfSO2KM6BKazS1ksyAVYFQOgu2JBbUThp/tAOXjV+BM44IsY8PgnrLaXN/0bqlH4h2MA5kOqdzGF5wv1O6f+5IMEJAbnIA8sNQJS3h0ueoP/ztvrgYZaNxw5Wcj8ljwMtsJs1+VxLnM/ovJXHU5NgC2Nb0d5X7DwuQaHdKv8ye+z7fI/dSGfv7TuRtTVf+r/m4eM/7WJaclsm2j4+q0ftWbiaIGPec4jUzn6cG+FRaDSXlNMU5S39EfE/mh2zvQP6s+j+r/odU/ZT28xT8H5LxP2v9z1offifX+j4j4hi356R73mgo3d1nBODObgNGcyYT8YYvTvPGUV8s93VIkBq13RcjhoizJUrLaVgEKy7XasRu3wOvWL3ugIIH1VXUjzBcypOLhkvKayJWWBEu5suOZYkQIIEwptGYvJBavkAGzqCGirzk9aTxPw6N7T1B249Kc7tfGRRIrdLzEm7wIeODqZHyNUcGz/s2Q6WvgK+ByH0Bd9ZnvFQWNo5oIi0ig4GBUN9iKUk+j3VZCLVD5iugMxiFdsOj44eeF74fTSaiNdm/LZkazHYuhVXmWacFrWRxenKhrrgxs7bxZQoB973m7vq+ZWQiaTYhIuNN4VkpgaRP7xUK/yzRlqhB6RDzTjiCuzSmTkwka/EL4U5sJrjmO1fEWs2fnUUzyntYKk7L7wY1r8ZssOhdPxbWVk+JAnOY4kfi+irBSNEbyOSSmT63zGKknc1OYco/ky1kJg4e4hiHbL9CWyo27Ozv7WTjEUhmfMYfygDcKg3XD3dAiRAmSsh+1TOlcoLBMwa0NrK/MaIW/Zs8Lv6XVLXAK7iMA8mCEUt81cVi+6fipvnn0clfHer95ZhzpKtWUWEaXHGLlRnxkVBy80YHuerZL/81BEzQaJ2WyOLkk8BXbqx3VSDWetDYMOpacEqexWg4U3M5Xxws2xW76apvkAXKqpn1YkclHXJ7hFlmsebC4owt/jbgnWR63kf/e6eiHFM4TQP4cAKHsjKmMdJFqwot8Uvv/Iy8T0hAnpWz0xE4lpa+0qBe8X7ri4QGh0/oiHcPfX0abUyEJxEwzq9iZCsvX1dkg9LOq3CCLA64fVpLX2Xb+iwpz66s9sJjANwqxhrjZZQqzbjciNFtS66d85ejiPubrEdj1A4z+jDwmFOSJcjj9l/TY2O2Z5dCwciUDnrhcmhiBgIet++bZu70/9WFJ3Fxg2nULFQcP9ErjWK3xLrxxH3P4nkKcIOkHe8kUx3tDI3a7LCUBqqESHPOsMXmYUwOlugNNuWzJVunJK/fd4OhJVb4SfiG8I/Hu6tQW7mkwrE8ovCCLutif+Mr+tWUKLZofnn665evt6u7m1+elXoxo3q1cVUY0/a3ze8uvBnt+J7maN91WqO0Da/5EgkWEboheXRn2tt/fti2px3iGrVvtjn604nUCfthuxL3L6TmpqCqGn2a4dp8d6xNZ2GqLWoixCTpozFXbLzZcmlxM5DlJ7S6xM0DX6V58UGSEAkoXQVbIlyIQ9r36ZoWC8X6q+yw/zWGbGZUBdfAcIvCe+zTmlAfdtRa6WxpyJxL+CI3gpuygGu5D9ot3zqA72C1QHz6C/49STfjVwSP72hafohVt8iSYQAewnnla+IBLk0tqeAo25uOwx5L446I9uR3tnn8bcJ+w0heO4GrMZn1rhVxcziZl0R+3mApNoyKWFoiiwOMw1uz18tjZ4we5rUTvX4wYxgwX8a5cBw+55Frh+uUwiB00CngbSLjutU8Q+X1nkllz4CS0UFT9hnXeDaFmwwSwqTJes1pOzgmBueYHzSuUaM8byr5mEHyK/iTQpC6tiZyUIneZD0Ojtb5PW7AM4e4dFM3DJL8aTUZmcP3P/Nxa39UNEnwdW7JZZYM18WZ8jgT9TxaL8Ut2ZzhyigmfwTdJFvPo8vrVa20Hb4bgiPvh95El9dxT06VMKFlHeaa4E3n3AivQ5zAyQ1SSoSs6Ailyg2mKR+VFFnjJavnJ8gPfoyULOc8Rut7hbVQu4+QAd8eFuCx3yID0CdRT2SeIe4NZ5iEW4Jm0T9C7QpYEOk1GPLwWu/y6XFx6UXU5c2Xp2VrozbG09pihrcKX4lFSfdADFRIjNPI4A/ej8vFQ+Do27DY/xGY03kjYrnfs0qLektEngsONmb5QhSkNl4Oot0hSq8ww4aWwNOXX8MC1kiRb+Oxw5c5/v/rxd96sP563nwLE/fb+VuQx+XSP8cOfR+Ip1JtSLO/+DERQ0H2xcX/AgAA//8iHdat" + return "eJzsWltv47oRfs+vmLe0QFYHfd2HAoGzOQ26KXISdwv0xWDIscWGIlVe7Hp/fcGbrKvjxMq2B1g/Jbp882lmOPNxpE/wgvvPsKH1BYDlVuBn+HXxcAHA0FDNa8uV/Ax/vgAAuFfMCYS10lASyQSXGxBqY2CtVQW/KrURCAuhHCsuANYcBTOfw52fQJIKsx3/s/va/6+Vy0dGDPrfbYAZmgiWi3RZ21bbHkNjuSQes+DSWCIpNheNkThCxP/u1mBLbMOCioeokhJpOLIjBgh8uwehKLHIQMlwiSEVwreHxVUH0pbcRP7ADdSqdiLctOO29CCZNjC0hAtTwJ0EAk8l0cg8XAeNKrnmG6cDtyuotfoXUrviDKjSGk2tJDNgVSCUzoItiQW1k8Yf7cBl41fgjCNC7OODoN5y2txftG7pB6IdjAOZzukchhfc75TunzsSjBCQmxyA/DBUSUu49LnpD3+7Ly5G2WjccCXnY/IY8DKbSbPflcT5jP5TSRw1ObYAtjX9XeX+wwIk2p3SL7Pnvs/3yL1Uxv6+E3lb05X/az4u3vM+liWnZbLt46Nq9L6Vmwkixj2neM3M56kBPpVWQ0k5TXHO0h8R35P5Ids7kD+r/s+q/yFVP6X9PAX/h2T8z1r/s9aH38m1vs+IOMbtOemeNxpKd/cZAbiz24DRnMlEvOGL07xx1BfLfR0SpEZt98WIIeJsidJyGhbBisu1GrHb98ArVq87oOBBdRX1IwyX8uSi4ZLymogVVoSL+bJjWSIESCCMaTQmL6SWL5CBM6ihIi95PWn8t0Nje0/Q9qPS3O5XBgVSq/S8hBt8yPhgaqR8zZHB877NUOkr4Gsgcl/AnfUZL5WFjSOaSIvIYGAg1LdYSpLPY10WQu2Q+QroDEah3fDo+KHnhe9Hk4loTfZvS6YGs51LYZV51mlBK1mcnlyoK27MrG18mULAfa+5u75vGZlImk2IyHhTeFZKIOnTe4XCP0q0JWpQOsS8E47gLo2pExPJWvxCuBObCa75zhWxVvNnZ9GM8h6WitPyu0HNqzEbLHrXj4W11VOiwBym+JG4vkowUvQGMrlkps8tsxhpZ7NTmPLPZAuZiYOHOMYh26/QlooNO/t7O9l4BJIZn/GHMgC3SsP1wx1QIoSJErJf9UypnGDwjAGtjexvjKhF/yaPi/8hVS3wCi43ocMXjFjiqy4W2z8VN80/j07+5lDvL8ecI121igrT4IpbrMyIj4SSmzc6yFXPfvmvIWCCRuu0RBYnnwS+cmO9qwKx1oPGhlHXglPyLEbDmZrL+eJg2a7YTVd9gyxQVs2sFzsq6ZDbI8wyizUXFmds8bcB7yTT8z763zoV5ZjCaRrAhxM4lJUxjZEuWlVoiV9652fkfUIC8qycnY7AsbT0lQb1ivdbXyQ0OHxCR7x76OvTaGMiPImAcX4VI1t5+boiG5R2XoUTZHHA7dNa+irb1mdJeXZltRceA+BWMdYYL6NUacblRoxuW3LtnL8cRdz/y3o0Ru0wow8DjzklWYI8bv81PTZme3YpFIxM6aAXLocmZiDgcfu+aeZO/1tdeBIXN5hGzULF8RO90ih2S6wbT9z3LJ6nADdI2vFOMtXRztCozQ5LaaBKiDTnDFtsHsbkYIneYFM+W7J1SvL6fTcYWmKFn4RvCH9/vLsKtZVLKhzLIwov6LIu9je+ol9NiWKL5penv3z5eru6u/nlWakXM6pXG1eFMW1/2/zuwpvRju9pjvZdpzVK2/CaL5FgEaEbkkd3pr3954dte9ohrlH7ZpujP51InbAftitx/0JqbgqqqtGnGa7Nd8fadBam2qImQkySPhpzxcabLZcWNwNZfkKrS9w88FWaFx8kCZGA0lWwJcKFOKR9n65psVCsv8oO+19jyGZGVXANDLcovMc+rQn1YUetlc6Whsy5hC9yI7gpC7iW+6Dd8q0D+A5WC8Snv+Dfk3QzfkXw+I6m5YdYdYssGQbgIZxXviYe4NLUkgqOsr3pOOyxNO6IaE9+Z5vH3ybsN4zktRO4GpNZ71oRN4eTeUnk5w2WYsOoiKUlsjjAOLw1e708dsboYV470esHM4YB82WcC8fhcx65drhOKQxCB50C3iYyrlvNM1Re75lU9gwoGR00ZZ9xjWdTuMkgIUyarNectoNjYnCO+UHjGjXK86aSjxkkv4I/KQSpa2siB5XoTdbj4Gid3+MGPHOISzd1wyDJn1aTkTl8/zMft/ZHRZMEX+eWXGbJcF2cKY8zUc+j9VLcks0Zroxi8kfQTbL1PLq8XtVK2+G7ITjyfuhNdHkd9+RUCRNa1mGuCd50zo3wOsQJnNwgpUTIio5QqtxgmvJRSZE1XrJ6foL84MdIyXLOY7S+V1gLtfsIGfDtYQEe+y0yAH0S9UTmGeLecIZJuCVoFv0j1K6ABZFegyEPr/Uunx4Xl15EXd58eVq2NmpjPK0tZnir8JVYlHQPxECFxDiNDP7g/bhcPASOvg2L/R+BOZ03Ipb7Pau0qLdE5LngYGOWL0RBauPlINodovQKM2xoCTx9+S0sYI0U+TYeO3yZ4/+/Xvy1B+uv5823MHG/nb8FeVwu/XPs0PeBeCrVhjT7ix8TMRRkX1z8NwAA//9dMcxf" } From 9b192ebe33ae0061735767839ec0d6a3d58669a2 Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Tue, 3 Nov 2020 16:03:03 -0700 Subject: [PATCH 06/14] regenerate -expected.json files --- CHANGELOG.next.asciidoc | 1 + .../module/gcp/audit/config/input.yml | 4 +- .../module/gcp/audit/config/pipeline.js | 64 +- .../audit-log-entries.json.log-expected.json | 208 +- .../module/gcp/firewall/config/input.yml | 4 +- .../module/gcp/firewall/config/pipeline.js | 42 +- .../gcp/firewall/test/rare.log-expected.json | 84 +- .../gcp/firewall/test/test.log-expected.json | 660 ++-- .../module/gcp/vpcflow/config/input.yml | 4 +- .../module/gcp/vpcflow/config/pipeline.js | 42 +- ...pc-flow-log-entries.json.log-expected.json | 2844 ++++++++--------- 11 files changed, 1979 insertions(+), 1978 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 05e9a8e23de4..945dba26351b 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -643,6 +643,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add SSL option to checkpoint module {pull}19560[19560] - Add max_number_of_messages config into s3 input. {pull}21993[21993] - Update Okta documentation for new stateful restarts. {pull}22091[22091] +- Rename googlecloud module to gcp module. {pull}22214[22214] *Heartbeat* diff --git a/x-pack/filebeat/module/gcp/audit/config/input.yml b/x-pack/filebeat/module/gcp/audit/config/input.yml index b5e392ee0b69..ee5fd5acaeb0 100644 --- a/x-pack/filebeat/module/gcp/audit/config/input.yml +++ b/x-pack/filebeat/module/gcp/audit/config/input.yml @@ -27,8 +27,8 @@ publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} processors: - script: lang: javascript - id: googlecloud_audit_script - file: ${path.home}/module/googlecloud/audit/config/pipeline.js + id: gcp_audit_script + file: ${path.home}/module/gcp/audit/config/pipeline.js params: keep_original_message: {{ .keep_original_message }} - add_fields: diff --git a/x-pack/filebeat/module/gcp/audit/config/pipeline.js b/x-pack/filebeat/module/gcp/audit/config/pipeline.js index a24bd6219340..878f2b19b8dd 100644 --- a/x-pack/filebeat/module/gcp/audit/config/pipeline.js +++ b/x-pack/filebeat/module/gcp/audit/config/pipeline.js @@ -79,121 +79,121 @@ function Audit(keep_original_message) { fields: [ { from: "json.@type", - to: "googlecloud.audit.type", + to: "gcp.audit.type", type: "string" }, { from: "json.authenticationInfo.principalEmail", - to: "googlecloud.audit.authentication_info.principal_email", + to: "gcp.audit.authentication_info.principal_email", type: "string" }, { from: "json.authenticationInfo.authoritySelector", - to: "googlecloud.audit.authentication_info.authority_selector", + to: "gcp.audit.authentication_info.authority_selector", type: "string" }, { from: "json.authorizationInfo", - to: "googlecloud.audit.authorization_info" + to: "gcp.audit.authorization_info" // Type is an array of objects. }, { from: "json.methodName", - to: "googlecloud.audit.method_name", + to: "gcp.audit.method_name", type: "string", }, { from: "json.numResponseItems", - to: "googlecloud.audit.num_response_items", + to: "gcp.audit.num_response_items", type: "long" }, { from: "json.request.@type", - to: "googlecloud.audit.request.proto_name", + to: "gcp.audit.request.proto_name", type: "string" }, // The values in the request object will depend on the proto type. // So be very careful about making any assumptions about data shape. { from: "json.request.filter", - to: "googlecloud.audit.request.filter", + to: "gcp.audit.request.filter", type: "string" }, { from: "json.request.name", - to: "googlecloud.audit.request.name", + to: "gcp.audit.request.name", type: "string" }, { from: "json.request.resourceName", - to: "googlecloud.audit.request.resource_name", + to: "gcp.audit.request.resource_name", type: "string" }, { from: "json.requestMetadata.callerIp", - to: "googlecloud.audit.request_metadata.caller_ip", + to: "gcp.audit.request_metadata.caller_ip", type: "ip" }, { from: "json.requestMetadata.callerSuppliedUserAgent", - to: "googlecloud.audit.request_metadata.caller_supplied_user_agent", + to: "gcp.audit.request_metadata.caller_supplied_user_agent", type: "string", }, { from: "json.response.@type", - to: "googlecloud.audit.response.proto_name", + to: "gcp.audit.response.proto_name", type: "string" }, // The values in the response object will depend on the proto type. // So be very careful about making any assumptions about data shape. { from: "json.response.status", - to: "googlecloud.audit.response.status", + to: "gcp.audit.response.status", type: "string" }, { from: "json.response.details.group", - to: "googlecloud.audit.response.details.group", + to: "gcp.audit.response.details.group", type: "string" }, { from: "json.response.details.kind", - to: "googlecloud.audit.response.details.kind", + to: "gcp.audit.response.details.kind", type: "string" }, { from: "json.response.details.name", - to: "googlecloud.audit.response.details.name", + to: "gcp.audit.response.details.name", type: "string" }, { from: "json.response.details.uid", - to: "googlecloud.audit.response.details.uid", + to: "gcp.audit.response.details.uid", type: "string", }, { from: "json.resourceName", - to: "googlecloud.audit.resource_name", + to: "gcp.audit.resource_name", type: "string", }, { from: "json.resourceLocation.currentLocations", - to: "googlecloud.audit.resource_location.current_locations" + to: "gcp.audit.resource_location.current_locations" // Type is a string array. }, { from: "json.serviceName", - to: "googlecloud.audit.service_name", + to: "gcp.audit.service_name", type: "string", }, { from: "json.status.code", - to: "googlecloud.audit.status.code", + to: "gcp.audit.status.code", type: "integer", }, { from: "json.status.message", - to: "googlecloud.audit.status.message", + to: "gcp.audit.status.message", type: "string" }, ], @@ -206,27 +206,27 @@ function Audit(keep_original_message) { var copyFields = new processor.Convert({ fields: [ { - from: "googlecloud.audit.request_metadata.caller_ip", + from: "gcp.audit.request_metadata.caller_ip", to: "source.ip", type: "ip" }, { - from: "googlecloud.audit.authentication_info.principal_email", + from: "gcp.audit.authentication_info.principal_email", to: "user.email", type: "string" }, { - from: "googlecloud.audit.service_name", + from: "gcp.audit.service_name", to: "service.name", type: "string" }, { - from: "googlecloud.audit.request_metadata.caller_supplied_user_agent", + from: "gcp.audit.request_metadata.caller_supplied_user_agent", to: "user_agent.original", type: "string" }, { - from: "googlecloud.audit.method_name", + from: "gcp.audit.method_name", to: "event.action", type: "string" }, @@ -242,7 +242,7 @@ function Audit(keep_original_message) { // Rename nested fields. var renameNestedFields = function(evt) { - var arr = evt.Get("googlecloud.audit.authorization_info"); + var arr = evt.Get("gcp.audit.authorization_info"); if (Array.isArray(arr)) { for (var i = 0; i < arr.length; i++) { if (arr[i].resourceAttributes) { @@ -259,14 +259,14 @@ function Audit(keep_original_message) { evt.Put("event.kind", "event"); // google.rpc.Code value for OK is 0. - if (evt.Get("googlecloud.audit.status.code") === 0) { + if (evt.Get("gcp.audit.status.code") === 0) { evt.Put("event.outcome", "success"); return; } // Try to use authorization_info.granted when there was no status code. - if (evt.Get("googlecloud.audit.status.code") == null) { - var authorization_info = evt.Get("googlecloud.audit.authorization_info"); + if (evt.Get("gcp.audit.status.code") == null) { + var authorization_info = evt.Get("gcp.audit.authorization_info"); if (Array.isArray(authorization_info) && authorization_info.length === 1) { if (authorization_info[0].granted === true) { evt.Put("event.outcome", "success"); diff --git a/x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log-expected.json b/x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log-expected.json index d8efe2892a51..26abbf7ec804 100644 --- a/x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log-expected.json +++ b/x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log-expected.json @@ -3,14 +3,14 @@ "@timestamp": "2019-12-19T00:49:36.086Z", "cloud.project.id": "elastic-beats", "event.action": "GetResourceBillingInfo", - "event.dataset": "googlecloud.audit", + "event.dataset": "gcp.audit", "event.id": "-uihnmjctwo", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.outcome": "success", "fileset.name": "audit", - "googlecloud.audit.authentication_info.principal_email": "xxx@xxx.xxx", - "googlecloud.audit.authorization_info": [ + "gcp.audit.authentication_info.principal_email": "xxx@xxx.xxx", + "gcp.audit.authorization_info": [ { "granted": true, "permission": "resourcemanager.projects.get", @@ -18,18 +18,18 @@ "resource_attributes": {} } ], - "googlecloud.audit.method_name": "GetResourceBillingInfo", - "googlecloud.audit.request.proto_name": "type.googleapis.com/google.internal.cloudbilling.billingaccount.v1.GetResourceBillingInfoRequest", - "googlecloud.audit.request.resource_name": "projects/189716325846", - "googlecloud.audit.request_metadata.caller_ip": "192.168.1.1", - "googlecloud.audit.resource_name": "projects/elastic-beats", - "googlecloud.audit.service_name": "cloudbilling.googleapis.com", - "googlecloud.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", + "gcp.audit.method_name": "GetResourceBillingInfo", + "gcp.audit.request.proto_name": "type.googleapis.com/google.internal.cloudbilling.billingaccount.v1.GetResourceBillingInfoRequest", + "gcp.audit.request.resource_name": "projects/189716325846", + "gcp.audit.request_metadata.caller_ip": "192.168.1.1", + "gcp.audit.resource_name": "projects/elastic-beats", + "gcp.audit.service_name": "cloudbilling.googleapis.com", + "gcp.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", "input.type": "log", "log.logger": "projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access", "log.offset": 0, "service.name": "cloudbilling.googleapis.com", - "service.type": "googlecloud", + "service.type": "gcp", "source.ip": "192.168.1.1", "tags": [ "forwarded" @@ -40,14 +40,14 @@ "@timestamp": "2019-12-19T00:45:51.228Z", "cloud.project.id": "elastic-beats", "event.action": "beta.compute.machineTypes.aggregatedList", - "event.dataset": "googlecloud.audit", + "event.dataset": "gcp.audit", "event.id": "-h6onuze1h7dg", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.outcome": "failure", "fileset.name": "audit", - "googlecloud.audit.authentication_info.principal_email": "xxx@xxx.xxx", - "googlecloud.audit.authorization_info": [ + "gcp.audit.authentication_info.principal_email": "xxx@xxx.xxx", + "gcp.audit.authorization_info": [ { "granted": false, "permission": "compute.machineTypes.list", @@ -58,22 +58,22 @@ } } ], - "googlecloud.audit.method_name": "beta.compute.machineTypes.aggregatedList", - "googlecloud.audit.num_response_items": 71, - "googlecloud.audit.request.proto_name": "type.googleapis.com/compute.machineTypes.aggregatedList", - "googlecloud.audit.request_metadata.caller_ip": "192.168.1.1", - "googlecloud.audit.request_metadata.caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", - "googlecloud.audit.resource_location.current_locations": [ + "gcp.audit.method_name": "beta.compute.machineTypes.aggregatedList", + "gcp.audit.num_response_items": 71, + "gcp.audit.request.proto_name": "type.googleapis.com/compute.machineTypes.aggregatedList", + "gcp.audit.request_metadata.caller_ip": "192.168.1.1", + "gcp.audit.request_metadata.caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", + "gcp.audit.resource_location.current_locations": [ "global" ], - "googlecloud.audit.resource_name": "projects/elastic-beats/global/machineTypes", - "googlecloud.audit.service_name": "compute.googleapis.com", - "googlecloud.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", + "gcp.audit.resource_name": "projects/elastic-beats/global/machineTypes", + "gcp.audit.service_name": "compute.googleapis.com", + "gcp.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", "input.type": "log", "log.logger": "projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access", "log.offset": 945, "service.name": "compute.googleapis.com", - "service.type": "googlecloud", + "service.type": "gcp", "source.ip": "192.168.1.1", "tags": [ "forwarded" @@ -91,14 +91,14 @@ "@timestamp": "2019-12-19T00:44:25.051Z", "cloud.project.id": "elastic-beats", "event.action": "beta.compute.instances.aggregatedList", - "event.dataset": "googlecloud.audit", + "event.dataset": "gcp.audit", "event.id": "yonau2dg2zi", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.outcome": "success", "fileset.name": "audit", - "googlecloud.audit.authentication_info.principal_email": "xxx@xxx.xxx", - "googlecloud.audit.authorization_info": [ + "gcp.audit.authentication_info.principal_email": "xxx@xxx.xxx", + "gcp.audit.authorization_info": [ { "granted": true, "permission": "compute.instances.list", @@ -109,28 +109,28 @@ } } ], - "googlecloud.audit.method_name": "beta.compute.instances.aggregatedList", - "googlecloud.audit.num_response_items": 61, - "googlecloud.audit.request.proto_name": "type.googleapis.com/compute.instances.aggregatedList", - "googlecloud.audit.request_metadata.caller_ip": "192.168.1.1", - "googlecloud.audit.request_metadata.caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", - "googlecloud.audit.resource_location.current_locations": [ + "gcp.audit.method_name": "beta.compute.instances.aggregatedList", + "gcp.audit.num_response_items": 61, + "gcp.audit.request.proto_name": "type.googleapis.com/compute.instances.aggregatedList", + "gcp.audit.request_metadata.caller_ip": "192.168.1.1", + "gcp.audit.request_metadata.caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", + "gcp.audit.resource_location.current_locations": [ "global" ], - "googlecloud.audit.resource_name": "projects/elastic-beats/global/instances", - "googlecloud.audit.response.details.group": "batch", - "googlecloud.audit.response.details.kind": "jobs", - "googlecloud.audit.response.details.name": "gsuite-exporter-1589294700", - "googlecloud.audit.response.details.uid": "2beff34a-945f-11ea-bacf-42010a80007f", - "googlecloud.audit.response.proto_name": "core.k8s.io/v1.Status", - "googlecloud.audit.response.status": "Success", - "googlecloud.audit.service_name": "compute.googleapis.com", - "googlecloud.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", + "gcp.audit.resource_name": "projects/elastic-beats/global/instances", + "gcp.audit.response.details.group": "batch", + "gcp.audit.response.details.kind": "jobs", + "gcp.audit.response.details.name": "gsuite-exporter-1589294700", + "gcp.audit.response.details.uid": "2beff34a-945f-11ea-bacf-42010a80007f", + "gcp.audit.response.proto_name": "core.k8s.io/v1.Status", + "gcp.audit.response.status": "Success", + "gcp.audit.service_name": "compute.googleapis.com", + "gcp.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", "input.type": "log", "log.logger": "projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access", "log.offset": 2252, "service.name": "compute.googleapis.com", - "service.type": "googlecloud", + "service.type": "gcp", "source.ip": "192.168.1.1", "tags": [ "forwarded" @@ -148,14 +148,14 @@ "@timestamp": "2019-12-19T00:44:25.051Z", "cloud.project.id": "elastic-beats", "event.action": "beta.compute.instances.aggregatedList", - "event.dataset": "googlecloud.audit", + "event.dataset": "gcp.audit", "event.id": "yonau3dc2zi", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.outcome": "failure", "fileset.name": "audit", - "googlecloud.audit.authentication_info.principal_email": "xxx@xxx.xxx", - "googlecloud.audit.authorization_info": [ + "gcp.audit.authentication_info.principal_email": "xxx@xxx.xxx", + "gcp.audit.authorization_info": [ { "permission": "compute.instances.list", "resource_attributes": { @@ -165,24 +165,24 @@ } } ], - "googlecloud.audit.method_name": "beta.compute.instances.aggregatedList", - "googlecloud.audit.num_response_items": 61, - "googlecloud.audit.request.proto_name": "type.googleapis.com/compute.instances.aggregatedList", - "googlecloud.audit.request_metadata.caller_ip": "192.168.1.1", - "googlecloud.audit.request_metadata.caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", - "googlecloud.audit.resource_location.current_locations": [ + "gcp.audit.method_name": "beta.compute.instances.aggregatedList", + "gcp.audit.num_response_items": 61, + "gcp.audit.request.proto_name": "type.googleapis.com/compute.instances.aggregatedList", + "gcp.audit.request_metadata.caller_ip": "192.168.1.1", + "gcp.audit.request_metadata.caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", + "gcp.audit.resource_location.current_locations": [ "global" ], - "googlecloud.audit.resource_name": "projects/elastic-beats/global/instances", - "googlecloud.audit.service_name": "compute.googleapis.com", - "googlecloud.audit.status.code": 7, - "googlecloud.audit.status.message": "PERMISSION_DENIED", - "googlecloud.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", + "gcp.audit.resource_name": "projects/elastic-beats/global/instances", + "gcp.audit.service_name": "compute.googleapis.com", + "gcp.audit.status.code": 7, + "gcp.audit.status.message": "PERMISSION_DENIED", + "gcp.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", "input.type": "log", "log.logger": "projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access", "log.offset": 3776, "service.name": "compute.googleapis.com", - "service.type": "googlecloud", + "service.type": "gcp", "source.ip": "192.168.1.1", "tags": [ "forwarded" @@ -200,35 +200,35 @@ "@timestamp": "2020-08-05T21:07:30.974Z", "cloud.project.id": "elastic-siem", "event.action": "io.k8s.authorization.v1beta1.subjectaccessreviews.create", - "event.dataset": "googlecloud.audit", + "event.dataset": "gcp.audit", "event.id": "87efd529-6349-45d2-b905-fc607e6c5d3b", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.outcome": "success", "fileset.name": "audit", - "googlecloud.audit.authentication_info.principal_email": "system:serviceaccount:cert-manager:cert-manager-webhook", - "googlecloud.audit.authorization_info": [ + "gcp.audit.authentication_info.principal_email": "system:serviceaccount:cert-manager:cert-manager-webhook", + "gcp.audit.authorization_info": [ { "granted": true, "permission": "io.k8s.authorization.v1beta1.subjectaccessreviews.create", "resource": "authorization.k8s.io/v1beta1/subjectaccessreviews" } ], - "googlecloud.audit.method_name": "io.k8s.authorization.v1beta1.subjectaccessreviews.create", - "googlecloud.audit.request.proto_name": "authorization.k8s.io/v1beta1.SubjectAccessReview", - "googlecloud.audit.request_metadata.caller_ip": "10.11.12.13", - "googlecloud.audit.request_metadata.caller_supplied_user_agent": "webhook/v0.0.0 (linux/amd64) kubernetes/$Format", - "googlecloud.audit.resource_name": "authorization.k8s.io/v1beta1/subjectaccessreviews", - "googlecloud.audit.response.proto_name": "authorization.k8s.io/v1beta1.SubjectAccessReview", - "googlecloud.audit.response.status": "map[allowed:true reason:RBAC: allowed by ClusterRoleBinding \"system:discovery\" of ClusterRole \"system:discovery\" to Group \"system:authenticated\"]", - "googlecloud.audit.service_name": "k8s.io", - "googlecloud.audit.status.code": 0, - "googlecloud.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", + "gcp.audit.method_name": "io.k8s.authorization.v1beta1.subjectaccessreviews.create", + "gcp.audit.request.proto_name": "authorization.k8s.io/v1beta1.SubjectAccessReview", + "gcp.audit.request_metadata.caller_ip": "10.11.12.13", + "gcp.audit.request_metadata.caller_supplied_user_agent": "webhook/v0.0.0 (linux/amd64) kubernetes/$Format", + "gcp.audit.resource_name": "authorization.k8s.io/v1beta1/subjectaccessreviews", + "gcp.audit.response.proto_name": "authorization.k8s.io/v1beta1.SubjectAccessReview", + "gcp.audit.response.status": "map[allowed:true reason:RBAC: allowed by ClusterRoleBinding \"system:discovery\" of ClusterRole \"system:discovery\" to Group \"system:authenticated\"]", + "gcp.audit.service_name": "k8s.io", + "gcp.audit.status.code": 0, + "gcp.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", "input.type": "log", "log.logger": "projects/foo/logs/cloudaudit.googleapis.com%2Fdata_access", "log.offset": 5100, "service.name": "k8s.io", - "service.type": "googlecloud", + "service.type": "gcp", "source.ip": "10.11.12.13", "tags": [ "forwarded" @@ -243,14 +243,14 @@ "@timestamp": "2020-08-05T21:59:26.456Z", "cloud.project.id": "foo", "event.action": "v1.compute.images.insert", - "event.dataset": "googlecloud.audit", + "event.dataset": "gcp.audit", "event.id": "v2spcwdzmc2", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.outcome": "success", "fileset.name": "audit", - "googlecloud.audit.authentication_info.principal_email": "user@mycompany.com", - "googlecloud.audit.authorization_info": [ + "gcp.audit.authentication_info.principal_email": "user@mycompany.com", + "gcp.audit.authorization_info": [ { "granted": true, "permission": "compute.images.create", @@ -261,24 +261,24 @@ } } ], - "googlecloud.audit.method_name": "v1.compute.images.insert", - "googlecloud.audit.request.name": "windows-server-2016-v20200805", - "googlecloud.audit.request.proto_name": "type.googleapis.com/compute.images.insert", - "googlecloud.audit.request_metadata.caller_ip": "1.2.3.4", - "googlecloud.audit.request_metadata.caller_supplied_user_agent": "google-cloud-sdk gcloud/290.0.1 command/gcloud.compute.images.create invocation-id/032752ad0fa44b4ea951951d2deef6a3 environment/None environment-version/None interactive/True from-script/False python/2.7.17 term/xterm-256color (Macintosh; Intel Mac OS X 19.6.0),gzip(gfe)", - "googlecloud.audit.resource_location.current_locations": [ + "gcp.audit.method_name": "v1.compute.images.insert", + "gcp.audit.request.name": "windows-server-2016-v20200805", + "gcp.audit.request.proto_name": "type.googleapis.com/compute.images.insert", + "gcp.audit.request_metadata.caller_ip": "1.2.3.4", + "gcp.audit.request_metadata.caller_supplied_user_agent": "google-cloud-sdk gcloud/290.0.1 command/gcloud.compute.images.create invocation-id/032752ad0fa44b4ea951951d2deef6a3 environment/None environment-version/None interactive/True from-script/False python/2.7.17 term/xterm-256color (Macintosh; Intel Mac OS X 19.6.0),gzip(gfe)", + "gcp.audit.resource_location.current_locations": [ "eu" ], - "googlecloud.audit.resource_name": "projects/foo/global/images/windows-server-2016-v20200805", - "googlecloud.audit.response.proto_name": "type.googleapis.com/operation", - "googlecloud.audit.response.status": "RUNNING", - "googlecloud.audit.service_name": "compute.googleapis.com", - "googlecloud.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", + "gcp.audit.resource_name": "projects/foo/global/images/windows-server-2016-v20200805", + "gcp.audit.response.proto_name": "type.googleapis.com/operation", + "gcp.audit.response.status": "RUNNING", + "gcp.audit.service_name": "compute.googleapis.com", + "gcp.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", "input.type": "log", "log.logger": "projects/foo/logs/cloudaudit.googleapis.com%2Factivity", "log.offset": 7530, "service.name": "compute.googleapis.com", - "service.type": "googlecloud", + "service.type": "gcp", "source.geo.city_name": "Moscow", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "RU", @@ -304,25 +304,25 @@ "cloud.instance.id": "590261181", "cloud.project.id": "foo", "event.action": "beta.compute.instances.stop", - "event.dataset": "googlecloud.audit", + "event.dataset": "gcp.audit", "event.id": "-c7ctxmd2zab", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.outcome": "unknown", "fileset.name": "audit", - "googlecloud.audit.authentication_info.principal_email": "user@mycompany.com", - "googlecloud.audit.method_name": "beta.compute.instances.stop", - "googlecloud.audit.request.proto_name": "type.googleapis.com/compute.instances.stop", - "googlecloud.audit.request_metadata.caller_ip": "2.3.4.5", - "googlecloud.audit.request_metadata.caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0,gzip(gfe),gzip(gfe)", - "googlecloud.audit.resource_name": "projects/foo/zones/us-central1-a/instances/win10-test", - "googlecloud.audit.service_name": "compute.googleapis.com", - "googlecloud.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", + "gcp.audit.authentication_info.principal_email": "user@mycompany.com", + "gcp.audit.method_name": "beta.compute.instances.stop", + "gcp.audit.request.proto_name": "type.googleapis.com/compute.instances.stop", + "gcp.audit.request_metadata.caller_ip": "2.3.4.5", + "gcp.audit.request_metadata.caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0,gzip(gfe),gzip(gfe)", + "gcp.audit.resource_name": "projects/foo/zones/us-central1-a/instances/win10-test", + "gcp.audit.service_name": "compute.googleapis.com", + "gcp.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", "input.type": "log", "log.logger": "projects/foo/logs/cloudaudit.googleapis.com%2Factivity", "log.offset": 9946, "service.name": "compute.googleapis.com", - "service.type": "googlecloud", + "service.type": "gcp", "source.as.number": 3215, "source.as.organization.name": "Orange", "source.geo.city_name": "Clermont-Ferrand", diff --git a/x-pack/filebeat/module/gcp/firewall/config/input.yml b/x-pack/filebeat/module/gcp/firewall/config/input.yml index 39648636c59e..988c2001a72c 100644 --- a/x-pack/filebeat/module/gcp/firewall/config/input.yml +++ b/x-pack/filebeat/module/gcp/firewall/config/input.yml @@ -27,11 +27,11 @@ publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} processors: - script: lang: javascript - id: googlecloud_firewall_script + id: gcp_firewall_script params: debug: {{ .debug }} keep_original_message: {{ .keep_original_message }} - file: ${path.home}/module/googlecloud/firewall/config/pipeline.js + file: ${path.home}/module/gcp/firewall/config/pipeline.js - add_fields: target: '' fields: diff --git a/x-pack/filebeat/module/gcp/firewall/config/pipeline.js b/x-pack/filebeat/module/gcp/firewall/config/pipeline.js index ef184bc8620f..7a5ba750376f 100644 --- a/x-pack/filebeat/module/gcp/firewall/config/pipeline.js +++ b/x-pack/filebeat/module/gcp/firewall/config/pipeline.js @@ -224,12 +224,12 @@ function FirewallProcessor(keep_original_message, debug) { {from: "json.src_location.region", to: "source.geo.region_name"}, {from: "json.src_location.city", to: "source.geo.city_name"}, - {from: "json.dest_instance", to: "googlecloud.destination.instance"}, - {from: "json.dest_vpc", to: "googlecloud.destination.vpc"}, - {from: "json.src_instance", to: "googlecloud.source.instance"}, - {from: "json.src_vpc", to: "googlecloud.source.vpc"}, + {from: "json.dest_instance", to: "gcp.destination.instance"}, + {from: "json.dest_vpc", to: "gcp.destination.vpc"}, + {from: "json.src_instance", to: "gcp.source.instance"}, + {from: "json.src_vpc", to: "gcp.source.vpc"}, {from: "json.rule_details.reference", to: "rule.name"}, - {from: "json", to: "googlecloud.firewall"}, + {from: "json", to: "gcp.firewall"}, ], mode: "rename", ignore_missing: true, @@ -238,10 +238,10 @@ function FirewallProcessor(keep_original_message, debug) { // Delete emtpy object's whose fields have been renamed leaving them childless. builder.Add("dropEmptyObjects", function (evt) { - evt.Delete("googlecloud.firewall.connection"); - evt.Delete("googlecloud.firewall.dest_location"); - evt.Delete("googlecloud.firewall.disposition"); - evt.Delete("googlecloud.firewall.src_location"); + evt.Delete("gcp.firewall.connection"); + evt.Delete("gcp.firewall.dest_location"); + evt.Delete("gcp.firewall.disposition"); + evt.Delete("gcp.firewall.src_location"); }); // Copy the source/destination.address to source/destination.ip if they are @@ -260,22 +260,22 @@ function FirewallProcessor(keep_original_message, debug) { }, EGRESS: new processor.Convert({ fields: [ - {from: "googlecloud.source.instance.project_id", to: "cloud.project.id"}, - {from: "googlecloud.source.instance.vm_name", to: "cloud.instance.name"}, - {from: "googlecloud.source.instance.region", to: "cloud.region"}, - {from: "googlecloud.source.instance.zone", to: "cloud.availability_zone"}, - {from: "googlecloud.source.vpc.subnetwork_name", to: "network.name"} + {from: "gcp.source.instance.project_id", to: "cloud.project.id"}, + {from: "gcp.source.instance.vm_name", to: "cloud.instance.name"}, + {from: "gcp.source.instance.region", to: "cloud.region"}, + {from: "gcp.source.instance.zone", to: "cloud.availability_zone"}, + {from: "gcp.source.vpc.subnetwork_name", to: "network.name"} ], ignore_missing: true }), INGRESS: new processor.Convert({ fields: [ - {from: "googlecloud.destination.instance.project_id", to: "cloud.project.id"}, - {from: "googlecloud.destination.instance.vm_name", to: "cloud.instance.name"}, - {from: "googlecloud.destination.instance.region", to: "cloud.region"}, - {from: "googlecloud.destination.instance.zone", to: "cloud.availability_zone"}, - {from: "googlecloud.destination.vpc.subnetwork_name", to: "network.name"}, + {from: "gcp.destination.instance.project_id", to: "cloud.project.id"}, + {from: "gcp.destination.instance.vm_name", to: "cloud.instance.name"}, + {from: "gcp.destination.instance.region", to: "cloud.region"}, + {from: "gcp.destination.instance.zone", to: "cloud.availability_zone"}, + {from: "gcp.destination.vpc.subnetwork_name", to: "network.name"}, ], ignore_missing: true }) @@ -288,8 +288,8 @@ function FirewallProcessor(keep_original_message, debug) { })); builder.Add("setInternalDirection", function(event) { - var srcInstance = event.Get("googlecloud.source.instance"); - var destInstance = event.Get("googlecloud.destination.instance"); + var srcInstance = event.Get("gcp.source.instance"); + var destInstance = event.Get("gcp.destination.instance"); if (srcInstance && destInstance) { event.Put("network.direction", "internal"); } diff --git a/x-pack/filebeat/module/gcp/firewall/test/rare.log-expected.json b/x-pack/filebeat/module/gcp/firewall/test/rare.log-expected.json index fb34db024222..28a67d649f95 100644 --- a/x-pack/filebeat/module/gcp/firewall/test/rare.log-expected.json +++ b/x-pack/filebeat/module/gcp/firewall/test/rare.log-expected.json @@ -7,24 +7,24 @@ "destination.port": 80, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1dobeotg13df9f5", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "local-test", - "googlecloud.destination.instance.region": "us-central1", - "googlecloud.destination.instance.zone": "us-central1-a", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "mysubnet", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "local-test", + "gcp.destination.instance.region": "us-central1", + "gcp.destination.instance.zone": "us-central1-a", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "mysubnet", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -33,19 +33,19 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], - "googlecloud.source.instance.project_id": "remote-beats", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "remote-beats", - "googlecloud.source.vpc.subnetwork_name": "mysubnet", - "googlecloud.source.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "remote-beats", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "remote-beats", + "gcp.source.vpc.subnetwork_name": "mysubnet", + "gcp.source.vpc.vpc_name": "default", "input.type": "log", "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", "log.offset": 0, @@ -57,7 +57,7 @@ "10.128.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.142.0.10", "source.domain": "test-es", "source.ip": "10.142.0.10", @@ -74,24 +74,24 @@ "destination.port": 57794, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1dobeotg13df9f7", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "remote-beats", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "remote-beats", - "googlecloud.destination.vpc.subnetwork_name": "mysubnet", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.direction": "EGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "remote-beats", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "remote-beats", + "gcp.destination.vpc.subnetwork_name": "mysubnet", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.direction": "EGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -100,19 +100,19 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], - "googlecloud.source.instance.project_id": "local-test", - "googlecloud.source.instance.region": "us-central1", - "googlecloud.source.instance.zone": "us-central1-a", - "googlecloud.source.vpc.project_id": "test-beats", - "googlecloud.source.vpc.subnetwork_name": "mysubnet", - "googlecloud.source.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "local-test", + "gcp.source.instance.region": "us-central1", + "gcp.source.instance.zone": "us-central1-a", + "gcp.source.vpc.project_id": "test-beats", + "gcp.source.vpc.subnetwork_name": "mysubnet", + "gcp.source.vpc.vpc_name": "default", "input.type": "log", "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", "log.offset": 1153, @@ -124,7 +124,7 @@ "10.128.0.10" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.142.0.16", "source.domain": "local-adrian-test", "source.ip": "10.142.0.16", diff --git a/x-pack/filebeat/module/gcp/firewall/test/test.log-expected.json b/x-pack/filebeat/module/gcp/firewall/test/test.log-expected.json index 73f9e79c29aa..eeba0d7268c3 100644 --- a/x-pack/filebeat/module/gcp/firewall/test/test.log-expected.json +++ b/x-pack/filebeat/module/gcp/firewall/test/test.log-expected.json @@ -13,35 +13,35 @@ "destination.port": 53, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "4zuj4nfn4llkb", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" ], "fileset.name": "firewall", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.destination_range": [ + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.destination_range": [ "8.8.8.0/24" ], - "googlecloud.firewall.rule_details.direction": "EGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.firewall.rule_details.direction": "EGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "ALL" } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], - "googlecloud.source.instance.project_id": "test-beats", - "googlecloud.source.instance.region": "us-central1", - "googlecloud.source.instance.zone": "us-central1-a", - "googlecloud.source.vpc.project_id": "test-beats", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "test-beats", + "gcp.source.instance.region": "us-central1", + "gcp.source.instance.zone": "us-central1-a", + "gcp.source.vpc.project_id": "test-beats", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", "input.type": "log", "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", "log.offset": 0, @@ -56,7 +56,7 @@ "8.8.8.8" ], "rule.name": "network:default/firewall:adrian-test-1", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.128.0.16", "source.domain": "adrian-test", "source.ip": "10.128.0.16", @@ -73,24 +73,24 @@ "destination.port": 3389, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1f21ciqfpfssuo", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "allowed" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "windows-isolated", - "googlecloud.destination.vpc.vpc_name": "windows-isolated", - "googlecloud.firewall.rule_details.action": "ALLOW", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "windows-isolated", + "gcp.destination.vpc.vpc_name": "windows-isolated", + "gcp.firewall.rule_details.action": "ALLOW", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -98,11 +98,11 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "allow-rdp" ], "input.type": "log", @@ -119,7 +119,7 @@ "10.42.0.2" ], "rule.name": "network:windows-isolated/firewall:windows-isolated-allow-rdp", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.126", "source.geo.continent_name": "Asia", "source.geo.country_name": "omn", @@ -137,24 +137,24 @@ "destination.port": 8080, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "8vcfeailjd", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-central1", - "googlecloud.destination.instance.zone": "us-central1-a", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-central1", + "gcp.destination.instance.zone": "us-central1-a", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -163,11 +163,11 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], "input.type": "log", @@ -184,7 +184,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.219", "source.geo.city_name": "Krasnodar", "source.geo.continent_name": "Europe", @@ -204,24 +204,24 @@ "destination.port": 80, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1bqgmw9feiabij", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-central1", - "googlecloud.destination.instance.zone": "us-central1-a", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-central1", + "gcp.destination.instance.zone": "us-central1-a", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -230,11 +230,11 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], "input.type": "log", @@ -251,7 +251,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.14", "source.geo.continent_name": "Europe", "source.geo.country_name": "deu", @@ -269,24 +269,24 @@ "destination.port": 80, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1jrxaqbfe48bir", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-central1", - "googlecloud.destination.instance.zone": "us-central1-a", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-central1", + "gcp.destination.instance.zone": "us-central1-a", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -295,11 +295,11 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], "input.type": "log", @@ -316,7 +316,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.14", "source.geo.continent_name": "Europe", "source.geo.country_name": "deu", @@ -334,24 +334,24 @@ "destination.port": 8080, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1fw7drlfe2ty27", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-central1", - "googlecloud.destination.instance.zone": "us-central1-a", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-central1", + "gcp.destination.instance.zone": "us-central1-a", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -360,11 +360,11 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], "input.type": "log", @@ -381,7 +381,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.151", "source.geo.city_name": "Berdychiv", "source.geo.continent_name": "Europe", @@ -401,24 +401,24 @@ "destination.port": 8080, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1yre751fekaxzs", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-central1", - "googlecloud.destination.instance.zone": "us-central1-a", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-central1", + "gcp.destination.instance.zone": "us-central1-a", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -427,11 +427,11 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], "input.type": "log", @@ -448,7 +448,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.241", "source.geo.city_name": "Vicenza", "source.geo.continent_name": "Europe", @@ -468,24 +468,24 @@ "destination.port": 80, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "5kanfzfiqepkh", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-central1", - "googlecloud.destination.instance.zone": "us-central1-a", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-central1", + "gcp.destination.instance.zone": "us-central1-a", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -494,11 +494,11 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], "input.type": "log", @@ -515,7 +515,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.114", "source.geo.city_name": "Tula", "source.geo.continent_name": "Europe", @@ -535,24 +535,24 @@ "destination.port": 80, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "59z0t8fiow9vg", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-central1", - "googlecloud.destination.instance.zone": "us-central1-a", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-central1", + "gcp.destination.instance.zone": "us-central1-a", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -561,11 +561,11 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], "input.type": "log", @@ -582,7 +582,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.251", "source.geo.city_name": "Stavropol", "source.geo.continent_name": "Europe", @@ -602,24 +602,24 @@ "destination.port": 80, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1y7e4yzff816cq", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-central1", - "googlecloud.destination.instance.zone": "us-central1-a", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-central1", + "gcp.destination.instance.zone": "us-central1-a", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -628,11 +628,11 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], "input.type": "log", @@ -649,7 +649,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.189", "source.geo.city_name": "Viol\u00e8s", "source.geo.continent_name": "Europe", @@ -669,24 +669,24 @@ "destination.port": 80, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "lx5jlsfggpr0q", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-central1", - "googlecloud.destination.instance.zone": "us-central1-a", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-central1", + "gcp.destination.instance.zone": "us-central1-a", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -695,11 +695,11 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], "input.type": "log", @@ -716,7 +716,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.189", "source.geo.city_name": "Viol\u00e8s", "source.geo.continent_name": "Europe", @@ -736,24 +736,24 @@ "destination.port": 8080, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "18ynfbufer19m1", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-central1", - "googlecloud.destination.instance.zone": "us-central1-a", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-central1", + "gcp.destination.instance.zone": "us-central1-a", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -762,11 +762,11 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], "input.type": "log", @@ -783,7 +783,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.200", "source.geo.city_name": "\u0130zmir", "source.geo.continent_name": "Asia", @@ -809,35 +809,35 @@ "destination.port": 80, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "tzddthfsr6fv5", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" ], "fileset.name": "firewall", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.destination_range": [ + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.destination_range": [ "8.8.8.0/24" ], - "googlecloud.firewall.rule_details.direction": "EGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.firewall.rule_details.direction": "EGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "ALL" } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], - "googlecloud.source.instance.project_id": "test-beats", - "googlecloud.source.instance.region": "us-central1", - "googlecloud.source.instance.zone": "us-central1-a", - "googlecloud.source.vpc.project_id": "test-beats", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "test-beats", + "gcp.source.instance.region": "us-central1", + "gcp.source.instance.zone": "us-central1-a", + "gcp.source.vpc.project_id": "test-beats", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", "input.type": "log", "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", "log.offset": 12444, @@ -852,7 +852,7 @@ "8.8.8.8" ], "rule.name": "network:default/firewall:adrian-test-1", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.28.0.16", "source.domain": "adrian-test", "source.ip": "10.28.0.16", @@ -875,35 +875,35 @@ "destination.port": 80, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1k2b7kefsnhzq7", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" ], "fileset.name": "firewall", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.destination_range": [ + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.destination_range": [ "8.8.8.0/24" ], - "googlecloud.firewall.rule_details.direction": "EGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.firewall.rule_details.direction": "EGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "ALL" } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], - "googlecloud.source.instance.project_id": "test-beats", - "googlecloud.source.instance.region": "us-central1", - "googlecloud.source.instance.zone": "us-central1-a", - "googlecloud.source.vpc.project_id": "test-beats", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "test-beats", + "gcp.source.instance.region": "us-central1", + "gcp.source.instance.zone": "us-central1-a", + "gcp.source.vpc.project_id": "test-beats", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", "input.type": "log", "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", "log.offset": 13425, @@ -918,7 +918,7 @@ "8.8.8.8" ], "rule.name": "network:default/firewall:adrian-test-1", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.28.0.16", "source.domain": "adrian-test", "source.ip": "10.28.0.16", @@ -935,24 +935,24 @@ "destination.port": 9200, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1sdfuwxfk8hq1c", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "allowed" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "ALLOW", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "ALLOW", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -960,19 +960,19 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "allow9200" ], - "googlecloud.source.instance.project_id": "test-beats", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "test-beats", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "test-beats", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "test-beats", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", "input.type": "log", "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", "log.offset": 14407, @@ -987,7 +987,7 @@ "10.42.0.10" ], "rule.name": "network:default/firewall:allow9200", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.114", "source.domain": "test-kibana", "source.geo.continent_name": "America", @@ -1006,24 +1006,24 @@ "destination.port": 9200, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1sdfuwxfk8hq1b", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "allowed" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "ALLOW", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "ALLOW", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -1031,19 +1031,19 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "allow9200" ], - "googlecloud.source.instance.project_id": "test-beats", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "test-beats", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "test-beats", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "test-beats", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", "input.type": "log", "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", "log.offset": 15594, @@ -1058,7 +1058,7 @@ "10.42.0.10" ], "rule.name": "network:default/firewall:allow9200", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.114", "source.domain": "test-kibana", "source.geo.continent_name": "America", @@ -1077,24 +1077,24 @@ "destination.port": 3389, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "yot1ojetjdiw", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "allowed" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "windows-isolated", - "googlecloud.destination.vpc.vpc_name": "windows-isolated", - "googlecloud.firewall.rule_details.action": "ALLOW", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "windows-isolated", + "gcp.destination.vpc.vpc_name": "windows-isolated", + "gcp.firewall.rule_details.action": "ALLOW", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -1102,11 +1102,11 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "allow-rdp" ], "input.type": "log", @@ -1123,7 +1123,7 @@ "10.42.0.2" ], "rule.name": "network:windows-isolated/firewall:windows-isolated-allow-rdp", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.7", "source.geo.city_name": "Almelo", "source.geo.continent_name": "Europe", @@ -1143,24 +1143,24 @@ "destination.port": 9200, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "5a27u1g22jks9e", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "allowed" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "ALLOW", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "ALLOW", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -1168,19 +1168,19 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "allow9200" ], - "googlecloud.source.instance.project_id": "test-beats", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "test-beats", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "test-beats", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "test-beats", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", "input.type": "log", "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", "log.offset": 17858, @@ -1195,7 +1195,7 @@ "10.42.0.10" ], "rule.name": "network:default/firewall:allow9200", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.114", "source.domain": "test-kibana", "source.geo.continent_name": "America", @@ -1214,24 +1214,24 @@ "destination.port": 9200, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "5a27u1g22jks8t", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "allowed" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "ALLOW", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "ALLOW", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -1239,19 +1239,19 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "allow9200" ], - "googlecloud.source.instance.project_id": "test-beats", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "test-beats", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "test-beats", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "test-beats", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", "input.type": "log", "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", "log.offset": 19045, @@ -1266,7 +1266,7 @@ "10.42.0.10" ], "rule.name": "network:default/firewall:allow9200", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.114", "source.domain": "test-kibana", "source.geo.continent_name": "America", @@ -1285,24 +1285,24 @@ "destination.port": 80, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1dobeotg13df9f5", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-central1", - "googlecloud.destination.instance.zone": "us-central1-a", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-central1", + "gcp.destination.instance.zone": "us-central1-a", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -1311,19 +1311,19 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], - "googlecloud.source.instance.project_id": "test-beats", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "test-beats", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "test-beats", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "test-beats", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", "input.type": "log", "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", "log.offset": 20231, @@ -1338,7 +1338,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.42.0.10", "source.domain": "test-es", "source.ip": "10.42.0.10", diff --git a/x-pack/filebeat/module/gcp/vpcflow/config/input.yml b/x-pack/filebeat/module/gcp/vpcflow/config/input.yml index f19761956877..3e68fddb5d50 100644 --- a/x-pack/filebeat/module/gcp/vpcflow/config/input.yml +++ b/x-pack/filebeat/module/gcp/vpcflow/config/input.yml @@ -27,8 +27,8 @@ publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} processors: - script: lang: javascript - id: googlecloud_vpcflow_script - file: ${path.home}/module/googlecloud/vpcflow/config/pipeline.js + id: gcp_vpcflow_script + file: ${path.home}/module/gcp/vpcflow/config/pipeline.js params: keep_original_message: {{ .keep_original_message }} - add_fields: diff --git a/x-pack/filebeat/module/gcp/vpcflow/config/pipeline.js b/x-pack/filebeat/module/gcp/vpcflow/config/pipeline.js index dd7e3e0ea7ed..f751f1b490f4 100644 --- a/x-pack/filebeat/module/gcp/vpcflow/config/pipeline.js +++ b/x-pack/filebeat/module/gcp/vpcflow/config/pipeline.js @@ -96,13 +96,13 @@ function VPCFlow(keep_original_message) { {from: "json.src_location.region", to: "source.geo.region_name"}, {from: "json.src_location.city", to: "source.geo.city_name"}, - {from: "json.dest_instance", to: "googlecloud.destination.instance"}, - {from: "json.dest_vpc", to: "googlecloud.destination.vpc"}, - {from: "json.src_instance", to: "googlecloud.source.instance"}, - {from: "json.src_vpc", to: "googlecloud.source.vpc"}, + {from: "json.dest_instance", to: "gcp.destination.instance"}, + {from: "json.dest_vpc", to: "gcp.destination.vpc"}, + {from: "json.src_instance", to: "gcp.source.instance"}, + {from: "json.src_vpc", to: "gcp.source.vpc"}, {from: "json.rtt_msec", to: "json.rtt.ms", type: "long"}, - {from: "json", to: "googlecloud.vpcflow"}, + {from: "json", to: "gcp.vpcflow"}, ], mode: "rename", ignore_missing: true, @@ -110,9 +110,9 @@ function VPCFlow(keep_original_message) { // Delete emtpy object's whose fields have been renamed leaving them childless. var dropEmptyObjects = function (evt) { - evt.Delete("googlecloud.vpcflow.connection"); - evt.Delete("googlecloud.vpcflow.dest_location"); - evt.Delete("googlecloud.vpcflow.src_location"); + evt.Delete("gcp.vpcflow.connection"); + evt.Delete("gcp.vpcflow.dest_location"); + evt.Delete("gcp.vpcflow.src_location"); }; // Copy the source/destination.address to source/destination.ip if they are @@ -127,22 +127,22 @@ function VPCFlow(keep_original_message) { var setCloudFromDestInstance = new processor.Convert({ fields: [ - {from: "googlecloud.destination.instance.project_id", to: "cloud.project.id"}, - {from: "googlecloud.destination.instance.vm_name", to: "cloud.instance.name"}, - {from: "googlecloud.destination.instance.region", to: "cloud.region"}, - {from: "googlecloud.destination.instance.zone", to: "cloud.availability_zone"}, - {from: "googlecloud.destination.vpc.subnetwork_name", to: "network.name"}, + {from: "gcp.destination.instance.project_id", to: "cloud.project.id"}, + {from: "gcp.destination.instance.vm_name", to: "cloud.instance.name"}, + {from: "gcp.destination.instance.region", to: "cloud.region"}, + {from: "gcp.destination.instance.zone", to: "cloud.availability_zone"}, + {from: "gcp.destination.vpc.subnetwork_name", to: "network.name"}, ], ignore_missing: true, }); var setCloudFromSrcInstance = new processor.Convert({ fields: [ - {from: "googlecloud.source.instance.project_id", to: "cloud.project.id"}, - {from: "googlecloud.source.instance.vm_name", to: "cloud.instance.name"}, - {from: "googlecloud.source.instance.region", to: "cloud.region"}, - {from: "googlecloud.source.instance.zone", to: "cloud.availability_zone"}, - {from: "googlecloud.source.vpc.subnetwork_name", to: "network.name"}, + {from: "gcp.source.instance.project_id", to: "cloud.project.id"}, + {from: "gcp.source.instance.vm_name", to: "cloud.instance.name"}, + {from: "gcp.source.instance.region", to: "cloud.region"}, + {from: "gcp.source.instance.zone", to: "cloud.availability_zone"}, + {from: "gcp.source.vpc.subnetwork_name", to: "network.name"}, ], ignore_missing: true, }); @@ -150,7 +150,7 @@ function VPCFlow(keep_original_message) { // Set the cloud metadata fields based on the instance that reported the // event. var setCloudMetadata = function(evt) { - var reporter = evt.Get("googlecloud.vpcflow.reporter"); + var reporter = evt.Get("gcp.vpcflow.reporter"); if (reporter === "DEST") { setCloudFromDestInstance.Run(evt); @@ -190,8 +190,8 @@ function VPCFlow(keep_original_message) { }; var setNetworkDirection = function(event) { - var srcInstance = event.Get("googlecloud.source.instance"); - var destInstance = event.Get("googlecloud.destination.instance"); + var srcInstance = event.Get("gcp.source.instance"); + var destInstance = event.Get("gcp.destination.instance"); var direction = "unknown"; if (srcInstance && destInstance) { diff --git a/x-pack/filebeat/module/gcp/vpcflow/test/vpc-flow-log-entries.json.log-expected.json b/x-pack/filebeat/module/gcp/vpcflow/test/vpc-flow-log-entries.json.log-expected.json index 9a71b1c35a61..da74fec40d64 100644 --- a/x-pack/filebeat/module/gcp/vpcflow/test/vpc-flow-log-entries.json.log-expected.json +++ b/x-pack/filebeat/module/gcp/vpcflow/test/vpc-flow-log-entries.json.log-expected.json @@ -11,22 +11,22 @@ "destination.ip": "203.0.113.12", "destination.port": 33478, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:45:37.301953198Z", "event.id": "ut8lbrffooxyw", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:45:37.186193305Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 0, @@ -42,7 +42,7 @@ "10.87.40.76", "203.0.113.12" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1776, "source.domain": "kibana", @@ -63,28 +63,28 @@ "destination.ip": "10.87.40.76", "destination.port": 33970, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:51.821302149Z", "event.id": "ut8lbrffooxzb", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.466657665Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 1, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 934, @@ -100,7 +100,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 173663, @@ -127,28 +127,28 @@ "destination.ip": "203.0.113.134", "destination.port": 33576, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:51.821143836Z", "event.id": "ut8lbrffooxze", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:20.510622432Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 201, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 201, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 2084, @@ -164,7 +164,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 155707, "source.domain": "elasticsearch", @@ -189,21 +189,21 @@ "destination.ip": "192.0.2.23", "destination.port": 59679, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:40:46.031032701Z", "event.id": "ut8lbrffooxyz", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:45.860349247Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 3237, @@ -219,7 +219,7 @@ "10.139.99.242", "192.0.2.23" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 0, "source.domain": "elasticsearch", @@ -242,22 +242,22 @@ "destination.ip": "192.0.2.117", "destination.port": 50646, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:40:37.048196137Z", "event.id": "ut8lbrffooxz6", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:36.895188084Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 4210, @@ -273,7 +273,7 @@ "10.87.40.76", "192.0.2.117" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1784, "source.domain": "kibana", @@ -294,22 +294,22 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:40:37.048196137Z", "event.id": "ut8lbrffooxzf", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:36.895188084Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 5143, @@ -325,7 +325,7 @@ "192.0.2.117", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.117", "source.as.number": 15169, "source.bytes": 1464, @@ -348,28 +348,28 @@ "destination.ip": "10.87.40.76", "destination.port": 33692, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565287007Z", "event.id": "ut8lbrffooxz1", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.500498059Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 1, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 6078, @@ -385,7 +385,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 186151, @@ -412,28 +412,28 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:51.821308944Z", "event.id": "ut8lbrffooxyp", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.469099728Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 3, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 3, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 7229, @@ -449,7 +449,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 15169, "source.domain": "kibana", @@ -470,28 +470,28 @@ "destination.ip": "10.87.40.76", "destination.port": 33554, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565311154Z", "event.id": "ut8lbrffooxzd", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.500506974Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 1, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 8378, @@ -507,7 +507,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 250864, @@ -531,28 +531,28 @@ "destination.ip": "10.87.40.76", "destination.port": 33880, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:51.821308944Z", "event.id": "ut8lbrffooxz8", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.469099728Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 3, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 3, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 9529, @@ -568,7 +568,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 167939, @@ -592,21 +592,21 @@ "destination.ip": "10.139.99.242", "destination.port": 22, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:40:46.031032701Z", "event.id": "ut8lbrffooxyt", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:45.860349247Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 10679, @@ -622,7 +622,7 @@ "192.0.2.23", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.23", "source.as.number": 49505, "source.bytes": 0, @@ -647,28 +647,28 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:51.821056075Z", "event.id": "ut8lbrffooxz5", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:20.510622432Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 201, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 201, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 11654, @@ -684,7 +684,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 11773, @@ -708,28 +708,28 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.393910944Z", "event.id": "ut8lbrffooxza", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:01.074897435Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 192, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 192, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 12806, @@ -745,7 +745,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 65699, @@ -772,28 +772,28 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565287007Z", "event.id": "ut8lbrffooxyq", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.500498059Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 1, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 13959, @@ -809,7 +809,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 66029, "source.domain": "kibana", @@ -833,28 +833,28 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565272745Z", "event.id": "ut8lbrffooxz2", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.150720950Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 1, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 15109, @@ -870,7 +870,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 65154, "source.domain": "kibana", @@ -894,28 +894,28 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:51.821302149Z", "event.id": "ut8lbrffooxyo", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.466657665Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 1, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 16259, @@ -931,7 +931,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 13643, "source.domain": "kibana", @@ -952,22 +952,22 @@ "destination.ip": "10.49.136.133", "destination.port": 46864, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:29.432367659Z", "event.id": "ut8lbrffooxzc", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:17.343890802Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 17408, @@ -983,7 +983,7 @@ "203.0.113.93", "10.49.136.133" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.93", "source.bytes": 34509840, "source.ip": "203.0.113.93", @@ -1003,22 +1003,22 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:48:39.076420731Z", "event.id": "ut8lbrffooxz7", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:48:38.961050187Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 18297, @@ -1034,7 +1034,7 @@ "203.0.113.12", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.12", "source.as.number": 15169, "source.bytes": 1467, @@ -1060,28 +1060,28 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565311154Z", "event.id": "ut8lbrffooxyu", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.500506974Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 1, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 19233, @@ -1097,7 +1097,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 63671, "source.domain": "kibana", @@ -1122,22 +1122,22 @@ "destination.ip": "203.0.113.58", "destination.port": 65320, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.220714119Z", "event.id": "ut8lbrffooxyv", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:00.560917237Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 220, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 220, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 20383, @@ -1153,7 +1153,7 @@ "10.139.99.242", "203.0.113.58" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 51075, "source.domain": "elasticsearch", @@ -1177,28 +1177,28 @@ "destination.ip": "203.0.113.134", "destination.port": 33562, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.393910944Z", "event.id": "ut8lbrffooxz0", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:01.074897435Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 192, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 192, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 21370, @@ -1214,7 +1214,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 197840, "source.domain": "elasticsearch", @@ -1234,22 +1234,22 @@ "destination.ip": "203.0.113.93", "destination.port": 9243, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:58.716492806Z", "event.id": "ut8lbrffooxys", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:17.306085222Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 22524, @@ -1265,7 +1265,7 @@ "10.49.136.133", "203.0.113.93" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.49.136.133", "source.bytes": 173805495, "source.domain": "simianhacker-demo", @@ -1286,22 +1286,22 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:45:37.301953198Z", "event.id": "ut8lbrffooxyx", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:45:37.186193305Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 23412, @@ -1317,7 +1317,7 @@ "203.0.113.12", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.12", "source.as.number": 15169, "source.bytes": 1468, @@ -1343,28 +1343,28 @@ "destination.ip": "203.0.113.134", "destination.port": 33548, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.393651211Z", "event.id": "ut8lbrffooxz4", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:05.147252064Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 50, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 50, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 24348, @@ -1380,7 +1380,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 159704, "source.domain": "elasticsearch", @@ -1401,22 +1401,22 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.220714119Z", "event.id": "ut8lbrffooxz3", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:00.560917237Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 220, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 220, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 25501, @@ -1432,7 +1432,7 @@ "203.0.113.58", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.58", "source.as.number": 33652, "source.bytes": 70775, @@ -1457,28 +1457,28 @@ "destination.ip": "10.87.40.76", "destination.port": 33542, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565272745Z", "event.id": "ut8lbrffooxz9", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.150720950Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 1, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 26490, @@ -1494,7 +1494,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 281147, @@ -1518,28 +1518,28 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:48.537763242Z", "event.id": "ut8lbrffooxyr", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:05.147252064Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 50, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 50, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 27641, @@ -1555,7 +1555,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 63590, @@ -1581,22 +1581,22 @@ "destination.ip": "203.0.113.12", "destination.port": 34836, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:48:39.076420731Z", "event.id": "ut8lbrffooxyy", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:48:38.961050187Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 28793, @@ -1612,7 +1612,7 @@ "10.87.40.76", "203.0.113.12" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1780, "source.domain": "kibana", @@ -1633,22 +1633,22 @@ "destination.ip": "10.139.99.242", "destination.port": 22, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:40:52.361155668Z", "event.id": "1ulp77rfdvho4g", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:46.541094678Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 233, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 233, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 29727, @@ -1664,7 +1664,7 @@ "192.0.2.165", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.165", "source.as.number": 45899, "source.bytes": 1239, @@ -1692,28 +1692,28 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:55.213244028Z", "event.id": "1ulp77rfdvho5r", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:06.075811571Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 2, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 2, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 30719, @@ -1729,7 +1729,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 63853, "source.domain": "kibana", @@ -1750,22 +1750,22 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:46:20.745658276Z", "event.id": "1ulp77rfdvho5k", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:46:20.634435179Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 31870, @@ -1781,7 +1781,7 @@ "198.51.100.107", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.107", "source.as.number": 15169, "source.bytes": 1458, @@ -1807,28 +1807,28 @@ "destination.ip": "203.0.113.134", "destination.port": 33534, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.597088427Z", "event.id": "1ulp77rfdvho55", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:06.075942176Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 311, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 311, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 32809, @@ -1844,7 +1844,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 252397, "source.domain": "elasticsearch", @@ -1868,28 +1868,28 @@ "destination.ip": "203.0.113.134", "destination.port": 33694, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565117754Z", "event.id": "1ulp77rfdvho60", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:05.566551903Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 216, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 216, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 33964, @@ -1905,7 +1905,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 205787, "source.domain": "elasticsearch", @@ -1930,22 +1930,22 @@ "destination.ip": "203.0.113.58", "destination.port": 65263, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.220748025Z", "event.id": "1ulp77rfdvho49", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:01.270990648Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 87, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 87, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 35119, @@ -1961,7 +1961,7 @@ "10.139.99.242", "203.0.113.58" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 106409, "source.domain": "elasticsearch", @@ -1982,28 +1982,28 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.597088427Z", "event.id": "1ulp77rfdvho4t", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:06.075942176Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 311, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 311, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 36107, @@ -2019,7 +2019,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 61242, @@ -2046,28 +2046,28 @@ "destination.ip": "203.0.113.101", "destination.port": 49680, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:55.705469925Z", "event.id": "1ulp77rfdvho68", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.711043814Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "windows-isolated", - "googlecloud.destination.vpc.vpc_name": "windows-isolated", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 113, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "windows-isolated", + "gcp.destination.vpc.vpc_name": "windows-isolated", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 113, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 37261, @@ -2083,7 +2083,7 @@ "10.139.99.242", "203.0.113.101" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 248826, "source.domain": "elasticsearch", @@ -2106,22 +2106,22 @@ "destination.ip": "192.0.2.117", "destination.port": 33862, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:46:11.779780615Z", "event.id": "1ulp77rfdvho5n", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:46:11.655143526Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 38440, @@ -2137,7 +2137,7 @@ "10.87.40.76", "192.0.2.117" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1777, "source.domain": "kibana", @@ -2162,22 +2162,22 @@ "destination.ip": "203.0.113.58", "destination.port": 65321, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.312105537Z", "event.id": "1ulp77rfdvho5l", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.843986502Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 219, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 219, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 39374, @@ -2193,7 +2193,7 @@ "10.139.99.242", "203.0.113.58" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 116845, "source.domain": "elasticsearch", @@ -2214,28 +2214,28 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.461087350Z", "event.id": "1ulp77rfdvho65", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:24.790136141Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 0, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 0, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 40363, @@ -2251,7 +2251,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 4614, @@ -2278,28 +2278,28 @@ "destination.ip": "192.0.2.177", "destination.port": 60112, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:18.224268993Z", "event.id": "1ulp77rfdvho4b", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:14.031541248Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-central1", - "googlecloud.destination.instance.zone": "us-central1-a", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-central1", + "gcp.destination.instance.zone": "us-central1-a", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 41513, @@ -2315,7 +2315,7 @@ "10.139.99.242", "192.0.2.177" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 50379, "source.domain": "elasticsearch", @@ -2336,28 +2336,28 @@ "destination.ip": "10.87.40.76", "destination.port": 33552, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:55.213244028Z", "event.id": "1ulp77rfdvho4m", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:06.075811571Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 2, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 2, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 42677, @@ -2373,7 +2373,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 200417, @@ -2400,28 +2400,28 @@ "destination.ip": "203.0.113.134", "destination.port": 33524, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.461087350Z", "event.id": "1ulp77rfdvho5t", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:24.790136141Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 0, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 0, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 43829, @@ -2437,7 +2437,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 30233, "source.domain": "elasticsearch", @@ -2458,28 +2458,28 @@ "destination.ip": "10.87.40.76", "destination.port": 33548, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565451051Z", "event.id": "1ulp77rfdvho50", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:05.147072949Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 1, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 44980, @@ -2495,7 +2495,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 160693, @@ -2519,28 +2519,28 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565117754Z", "event.id": "1ulp77rfdvho63", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:05.566551903Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 216, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 216, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 46132, @@ -2556,7 +2556,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 59903, @@ -2582,22 +2582,22 @@ "destination.ip": "198.51.100.107", "destination.port": 33924, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:46:20.745658276Z", "event.id": "1ulp77rfdvho4r", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:46:20.634545217Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 47286, @@ -2613,7 +2613,7 @@ "10.87.40.76", "198.51.100.107" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1780, "source.domain": "kibana", @@ -2638,22 +2638,22 @@ "destination.ip": "203.0.113.58", "destination.port": 65271, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:55.318940798Z", "event.id": "1ulp77rfdvho4i", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:00.155378070Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 89, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 89, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 48223, @@ -2669,7 +2669,7 @@ "10.139.99.242", "203.0.113.58" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 129335, "source.domain": "elasticsearch", @@ -2690,22 +2690,22 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:46:11.779780615Z", "event.id": "1ulp77rfdvho5v", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:46:11.655143526Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 49211, @@ -2721,7 +2721,7 @@ "192.0.2.117", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.117", "source.as.number": 15169, "source.bytes": 1464, @@ -2744,22 +2744,22 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.312105537Z", "event.id": "1ulp77rfdvho5i", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.843986502Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 219, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 219, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 50147, @@ -2775,7 +2775,7 @@ "203.0.113.58", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.58", "source.as.number": 33652, "source.bytes": 75477, @@ -2804,22 +2804,22 @@ "destination.ip": "203.0.113.58", "destination.port": 65316, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.220838853Z", "event.id": "1ulp77rfdvho5c", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:00.565831992Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 86, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 86, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 51137, @@ -2835,7 +2835,7 @@ "10.139.99.242", "203.0.113.58" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 102119, "source.domain": "elasticsearch", @@ -2856,28 +2856,28 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:55.705469925Z", "event.id": "1ulp77rfdvho5p", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.711043814Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "windows-isolated", - "googlecloud.source.vpc.vpc_name": "windows-isolated", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 113, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "windows-isolated", + "gcp.source.vpc.vpc_name": "windows-isolated", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 113, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 52125, @@ -2893,7 +2893,7 @@ "203.0.113.101", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.101", "source.as.number": 15169, "source.bytes": 1541638, @@ -2917,28 +2917,28 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:18.224268993Z", "event.id": "1ulp77rfdvho4y", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:14.031541248Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-central1", - "googlecloud.source.instance.zone": "us-central1-a", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-central1", + "gcp.source.instance.zone": "us-central1-a", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 53305, @@ -2954,7 +2954,7 @@ "192.0.2.177", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.177", "source.as.number": 15169, "source.bytes": 755901, @@ -2981,28 +2981,28 @@ "destination.ip": "203.0.113.134", "destination.port": 33558, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.394676451Z", "event.id": "1ulp77rfdvho4o", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:58.492572765Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 144, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 144, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 54470, @@ -3018,7 +3018,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 248715, "source.domain": "elasticsearch", @@ -3039,22 +3039,22 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.220838853Z", "event.id": "1ulp77rfdvho5g", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:00.565831992Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 86, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 86, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 55625, @@ -3070,7 +3070,7 @@ "203.0.113.58", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.58", "source.as.number": 33652, "source.bytes": 69757, @@ -3095,22 +3095,22 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.220748025Z", "event.id": "1ulp77rfdvho59", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:01.270990648Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 87, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 87, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 56614, @@ -3126,7 +3126,7 @@ "203.0.113.58", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.58", "source.as.number": 33652, "source.bytes": 69440, @@ -3151,22 +3151,22 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:40:20.569744903Z", "event.id": "1ulp77rfdvho57", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:20.454046087Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 57603, @@ -3182,7 +3182,7 @@ "192.0.2.117", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.117", "source.as.number": 15169, "source.bytes": 1457, @@ -3207,22 +3207,22 @@ "destination.ip": "192.0.2.117", "destination.port": 50438, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:40:20.569744903Z", "event.id": "1ulp77rfdvho5e", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:20.454046087Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 58539, @@ -3238,7 +3238,7 @@ "10.87.40.76", "192.0.2.117" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1784, "source.domain": "kibana", @@ -3263,22 +3263,22 @@ "destination.ip": "192.0.2.165", "destination.port": 59623, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:40:52.361155668Z", "event.id": "1ulp77rfdvho4d", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:46.541094678Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 233, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 233, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 59473, @@ -3294,7 +3294,7 @@ "10.139.99.242", "192.0.2.165" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 2395, "source.domain": "elasticsearch", @@ -3315,28 +3315,28 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:48.538257098Z", "event.id": "1ulp77rfdvho5y", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:58.492572765Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 144, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 144, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 60463, @@ -3352,7 +3352,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 60335, @@ -3379,28 +3379,28 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565451051Z", "event.id": "1ulp77rfdvho6a", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:05.147072949Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 1, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 61617, @@ -3416,7 +3416,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 65565, "source.domain": "kibana", @@ -3437,22 +3437,22 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:55.318940798Z", "event.id": "1ulp77rfdvho4v", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:00.155378070Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 89, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 89, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 62768, @@ -3468,7 +3468,7 @@ "203.0.113.58", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.58", "source.as.number": 33652, "source.bytes": 70174, @@ -3493,22 +3493,22 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:46:51.355687385Z", "event.id": "bnj3cofh3cdk1", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:46:51.237256499Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 63757, @@ -3524,7 +3524,7 @@ "203.0.113.12", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.12", "source.as.number": 15169, "source.bytes": 1461, @@ -3547,22 +3547,22 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:45:51.090104692Z", "event.id": "bnj3cofh3cdjx", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:45:50.954948790Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 64693, @@ -3578,7 +3578,7 @@ "198.51.100.107", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.107", "source.as.number": 15169, "source.bytes": 1460, @@ -3601,28 +3601,28 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565131125Z", "event.id": "bnj3cofh3cdju", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:02.143837873Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 224, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 224, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 65631, @@ -3638,7 +3638,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 66736, @@ -3664,22 +3664,22 @@ "destination.ip": "198.51.100.107", "destination.port": 33602, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:45:51.090104692Z", "event.id": "bnj3cofh3cdjz", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:45:50.954948790Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 66784, @@ -3695,7 +3695,7 @@ "10.87.40.76", "198.51.100.107" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1776, "source.domain": "kibana", @@ -3716,22 +3716,22 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:42:40.888804332Z", "event.id": "bnj3cofh3cdkk", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:42:40.779893091Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 67720, @@ -3747,7 +3747,7 @@ "203.0.113.27", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.27", "source.as.number": 15169, "source.bytes": 1464, @@ -3770,28 +3770,28 @@ "destination.ip": "10.87.40.76", "destination.port": 33534, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.597279654Z", "event.id": "bnj3cofh3cdk0", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:06.075756033Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 2, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 2, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 68656, @@ -3807,7 +3807,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 259510, @@ -3833,22 +3833,22 @@ "destination.ip": "203.0.113.27", "destination.port": 52260, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:42:11.183868408Z", "event.id": "bnj3cofh3cdk8", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:42:11.063146265Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 69807, @@ -3864,7 +3864,7 @@ "10.87.40.76", "203.0.113.27" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1781, "source.domain": "kibana", @@ -3888,28 +3888,28 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565300944Z", "event.id": "bnj3cofh3cdkp", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:00.140119099Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 1, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 70741, @@ -3925,7 +3925,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 65069, "source.domain": "kibana", @@ -3949,28 +3949,28 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565335113Z", "event.id": "bnj3cofh3cdkc", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.500498059Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 15, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 15, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 71891, @@ -3986,7 +3986,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 60530, "source.domain": "kibana", @@ -4007,28 +4007,28 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:51.821047175Z", "event.id": "bnj3cofh3cdkm", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.469473010Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 230, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 230, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 73042, @@ -4044,7 +4044,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 11384, @@ -4071,28 +4071,28 @@ "destination.ip": "203.0.113.134", "destination.port": 33554, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565131125Z", "event.id": "bnj3cofh3cdjy", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:02.143837873Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 224, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 224, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 74194, @@ -4108,7 +4108,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 272063, "source.domain": "elasticsearch", @@ -4131,22 +4131,22 @@ "destination.ip": "203.0.113.27", "destination.port": 53706, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:43:50.822333871Z", "event.id": "bnj3cofh3cdjv", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:43:50.703302550Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 43, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 43, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 75348, @@ -4162,7 +4162,7 @@ "10.87.40.76", "203.0.113.27" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1791, "source.domain": "kibana", @@ -4183,28 +4183,28 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:51.789039435Z", "event.id": "bnj3cofh3cdkh", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.458515996Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 253, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 253, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 76282, @@ -4220,7 +4220,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 18295, @@ -4244,22 +4244,22 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:44:40.243022993Z", "event.id": "bnj3cofh3cdkg", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:44:40.125336665Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 77435, @@ -4275,7 +4275,7 @@ "198.51.100.107", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.107", "source.as.number": 15169, "source.bytes": 1467, @@ -4298,28 +4298,28 @@ "destination.ip": "10.87.40.76", "destination.port": 33556, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565335113Z", "event.id": "bnj3cofh3cdk7", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.500498059Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 15, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 15, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 78373, @@ -4335,7 +4335,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 165290, @@ -4359,22 +4359,22 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:43:50.822333871Z", "event.id": "bnj3cofh3cdk9", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:43:50.703302550Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 43, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 43, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 79525, @@ -4390,7 +4390,7 @@ "203.0.113.27", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.27", "source.as.number": 15169, "source.bytes": 1458, @@ -4413,22 +4413,22 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:42:11.183868408Z", "event.id": "bnj3cofh3cdkj", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:42:11.063146265Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 80461, @@ -4444,7 +4444,7 @@ "203.0.113.27", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.27", "source.as.number": 15169, "source.bytes": 1464, @@ -4469,22 +4469,22 @@ "destination.ip": "203.0.113.27", "destination.port": 34090, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:46:37.827345444Z", "event.id": "bnj3cofh3cdki", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:46:37.712749588Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 81397, @@ -4500,7 +4500,7 @@ "10.87.40.76", "203.0.113.27" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1780, "source.domain": "kibana", @@ -4523,22 +4523,22 @@ "destination.ip": "203.0.113.12", "destination.port": 34178, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:46:51.355687385Z", "event.id": "bnj3cofh3cdkd", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:46:51.237256499Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 82331, @@ -4554,7 +4554,7 @@ "10.87.40.76", "203.0.113.12" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1780, "source.domain": "kibana", @@ -4577,22 +4577,22 @@ "destination.ip": "198.51.100.107", "destination.port": 33064, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:44:40.243022993Z", "event.id": "bnj3cofh3cdjw", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:44:40.125336665Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 83265, @@ -4608,7 +4608,7 @@ "10.87.40.76", "198.51.100.107" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1776, "source.domain": "kibana", @@ -4629,22 +4629,22 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:48:50.757255245Z", "event.id": "bnj3cofh3cdk3", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:48:50.642206049Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 84201, @@ -4660,7 +4660,7 @@ "198.51.100.107", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.107", "source.as.number": 15169, "source.bytes": 1461, @@ -4685,22 +4685,22 @@ "destination.ip": "203.0.113.12", "destination.port": 58216, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:36.982303071Z", "event.id": "bnj3cofh3cdkb", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:49:36.865198297Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 85139, @@ -4716,7 +4716,7 @@ "10.87.40.76", "203.0.113.12" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1781, "source.domain": "kibana", @@ -4740,28 +4740,28 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.597279654Z", "event.id": "bnj3cofh3cdk4", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:06.075756033Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 2, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 2, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 86073, @@ -4777,7 +4777,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 60222, "source.domain": "kibana", @@ -4801,28 +4801,28 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565335113Z", "event.id": "bnj3cofh3cdkf", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.500418290Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 16, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 16, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 87223, @@ -4838,7 +4838,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 61810, "source.domain": "kibana", @@ -4859,22 +4859,22 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:36.982303071Z", "event.id": "bnj3cofh3cdkl", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:49:36.865198297Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 88374, @@ -4890,7 +4890,7 @@ "203.0.113.12", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.12", "source.as.number": 15169, "source.bytes": 1467, @@ -4913,28 +4913,28 @@ "destination.ip": "10.87.40.76", "destination.port": 33510, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565335113Z", "event.id": "bnj3cofh3cdk2", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.500418290Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 16, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 16, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 89310, @@ -4950,7 +4950,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 136558, @@ -4976,22 +4976,22 @@ "destination.ip": "198.51.100.107", "destination.port": 34906, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:48:50.757255245Z", "event.id": "bnj3cofh3cdko", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:48:50.642206049Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 90462, @@ -5007,7 +5007,7 @@ "10.87.40.76", "198.51.100.107" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1781, "source.domain": "kibana", @@ -5030,22 +5030,22 @@ "destination.ip": "203.0.113.27", "destination.port": 52454, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:42:40.888804332Z", "event.id": "bnj3cofh3cdke", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:42:40.779893091Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 91398, @@ -5061,7 +5061,7 @@ "10.87.40.76", "203.0.113.27" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1781, "source.domain": "kibana", @@ -5082,22 +5082,22 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:46:37.827345444Z", "event.id": "bnj3cofh3cdka", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:46:37.712749588Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 92332, @@ -5113,7 +5113,7 @@ "203.0.113.27", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.27", "source.as.number": 15169, "source.bytes": 1467, @@ -5136,28 +5136,28 @@ "destination.ip": "10.87.40.76", "destination.port": 33530, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565300944Z", "event.id": "bnj3cofh3cdkn", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:00.140119099Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 1, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 93268, @@ -5173,7 +5173,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 170396, @@ -5200,28 +5200,28 @@ "destination.ip": "203.0.113.134", "destination.port": 33570, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:51.821129119Z", "event.id": "bnj3cofh3cdk5", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.469473010Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 230, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 230, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 94419, @@ -5237,7 +5237,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 171610, "source.domain": "elasticsearch", @@ -5261,28 +5261,28 @@ "destination.ip": "203.0.113.134", "destination.port": 33858, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:37.933164456Z", "event.id": "bnj3cofh3cdk6", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.458515996Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 253, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 253, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 95572, @@ -5298,7 +5298,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 15186, "source.domain": "elasticsearch", @@ -5322,28 +5322,28 @@ "destination.ip": "203.0.113.134", "destination.port": 33590, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565116665Z", "event.id": "y4wffpfk2ero3", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:05.147151100Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 109, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 109, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 96724, @@ -5359,7 +5359,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 208416, "source.domain": "elasticsearch", @@ -5383,28 +5383,28 @@ "destination.ip": "192.0.2.177", "destination.port": 60108, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:54.108975753Z", "event.id": "y4wffpfk2eroh", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:00.762958327Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-central1", - "googlecloud.destination.instance.zone": "us-central1-a", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-central1", + "gcp.destination.instance.zone": "us-central1-a", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 97878, @@ -5420,7 +5420,7 @@ "10.139.99.242", "192.0.2.177" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 90977, "source.domain": "elasticsearch", @@ -5444,28 +5444,28 @@ "destination.ip": "203.0.113.134", "destination.port": 33536, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565156020Z", "event.id": "y4wffpfk2erom", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.150481417Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 194, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 194, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 99041, @@ -5481,7 +5481,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 187301, "source.domain": "elasticsearch", @@ -5502,28 +5502,28 @@ "destination.ip": "10.87.40.76", "destination.port": 33560, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565287007Z", "event.id": "y4wffpfk2ero9", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:06.075859688Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 11, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 11, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 100195, @@ -5539,7 +5539,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 139106, @@ -5563,28 +5563,28 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:54.108975753Z", "event.id": "y4wffpfk2erog", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:00.762958327Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-central1", - "googlecloud.source.instance.zone": "us-central1-a", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-central1", + "gcp.source.instance.zone": "us-central1-a", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 101347, @@ -5600,7 +5600,7 @@ "192.0.2.177", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.177", "source.as.number": 15169, "source.bytes": 1733360, @@ -5627,28 +5627,28 @@ "destination.ip": "203.0.113.134", "destination.port": 33874, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:37.933099658Z", "event.id": "y4wffpfk2ero7", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:20.513551480Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 142, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 142, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 102512, @@ -5664,7 +5664,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 149157, "source.domain": "elasticsearch", @@ -5685,28 +5685,28 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:37.965119632Z", "event.id": "y4wffpfk2eroe", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.480430427Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 201, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 201, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 103665, @@ -5722,7 +5722,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 11108, @@ -5746,28 +5746,28 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565116665Z", "event.id": "y4wffpfk2eroa", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:05.147151100Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 109, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 109, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 104817, @@ -5783,7 +5783,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 67337, From 581b276ec168851d7e9b3bd30e43156145d2d875 Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Fri, 6 Nov 2020 18:35:54 -0700 Subject: [PATCH 07/14] remove pipeline files from googlecloud module directory --- filebeat/docs/fields.asciidoc | 135 ++++++- ...cloud-audit.png => filebeat-gcp-audit.png} | Bin filebeat/docs/modules/gcp.asciidoc | 22 +- x-pack/filebeat/filebeat.reference.yml | 17 +- .../filebeat/module/gcp/_meta/docs.asciidoc | 22 +- x-pack/filebeat/module/gcp/_meta/fields.yml | 165 ++++++--- x-pack/filebeat/module/gcp/fields.go | 2 +- .../module/googlecloud/_meta/config.yml | 15 +- .../googlecloud/audit/config/pipeline.js | 315 ----------------- .../googlecloud/firewall/config/pipeline.js | 331 ------------------ .../googlecloud/vpcflow/config/pipeline.js | 259 -------------- .../modules.d/googlecloud.yml.disabled | 15 +- 12 files changed, 282 insertions(+), 1016 deletions(-) rename filebeat/docs/images/{filebeat-googlecloud-audit.png => filebeat-gcp-audit.png} (100%) delete mode 100644 x-pack/filebeat/module/googlecloud/audit/config/pipeline.js delete mode 100644 x-pack/filebeat/module/googlecloud/firewall/config/pipeline.js delete mode 100644 x-pack/filebeat/module/googlecloud/vpcflow/config/pipeline.js diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 9436eda700a7..f700963e0469 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -68452,12 +68452,127 @@ type: integer -- [[exported-fields-gcp]] -== GCP fields +== Google Cloud Platform (GCP) fields Module for handling logs from Google Cloud. +[float] +=== googlecloud + +Aliases for backward compatibility with old googlecloud fields + + + +*`googlecloud.destination.instance.project_id`*:: ++ +-- +type: alias + +alias to: gcp.destination.instance.project_id + +-- + +*`googlecloud.destination.instance.region`*:: ++ +-- +type: alias + +alias to: gcp.destination.instance.region + +-- + +*`googlecloud.destination.instance.zone`*:: ++ +-- +type: alias + +alias to: gcp.destination.instance.zone + +-- + +*`googlecloud.destination.vpc.project_id`*:: ++ +-- +type: alias + +alias to: gcp.destination.vpc.project_id + +-- + +*`googlecloud.destination.vpc.vpc_name`*:: ++ +-- +type: alias + +alias to: gcp.destination.vpc.vpc_name + +-- + +*`googlecloud.destination.vpc.subnetwork_name`*:: ++ +-- +type: alias + +alias to: gcp.destination.vpc.subnetwork_name + +-- + +*`googlecloud.source.instance.project_id`*:: ++ +-- +type: alias + +alias to: gcp.source.instance.project_id + +-- + +*`googlecloud.source.instance.region`*:: ++ +-- +type: alias + +alias to: gcp.source.instance.region + +-- + +*`googlecloud.source.instance.zone`*:: ++ +-- +type: alias + +alias to: gcp.source.instance.zone + +-- + +*`googlecloud.source.vpc.project_id`*:: ++ +-- +type: alias + +alias to: gcp.source.vpc.project_id + +-- + +*`googlecloud.source.vpc.vpc_name`*:: ++ +-- +type: alias + +alias to: gcp.source.vpc.vpc_name + +-- + +*`googlecloud.source.vpc.subnetwork_name`*:: ++ +-- +type: alias + +alias to: gcp.source.vpc.subnetwork_name + +-- + [float] === gcp @@ -68509,7 +68624,7 @@ If the destination of the connection was a VM located on the same VPC, this fiel -*`gcp.destination.vpc.project_id`*:: +*`gcp.destination.instance.destination.vpc.project_id`*:: + -- ID of the project containing the VM. @@ -68519,7 +68634,7 @@ type: keyword -- -*`gcp.destination.vpc.vpc_name`*:: +*`gcp.destination.instance.destination.vpc.vpc_name`*:: + -- VPC on which the VM is operating. @@ -68529,7 +68644,7 @@ type: keyword -- -*`gcp.destination.vpc.subnetwork_name`*:: +*`gcp.destination.instance.destination.vpc.subnetwork_name`*:: + -- Subnetwork on which the VM is operating. @@ -68546,7 +68661,7 @@ If the source of the connection was a VM located on the same VPC, this field is -*`gcp.source.instance.project_id`*:: +*`gcp.destination.instance.source.instance.project_id`*:: + -- ID of the project containing the VM. @@ -68556,7 +68671,7 @@ type: keyword -- -*`gcp.source.instance.region`*:: +*`gcp.destination.instance.source.instance.region`*:: + -- Region of the VM. @@ -68566,7 +68681,7 @@ type: keyword -- -*`gcp.source.instance.zone`*:: +*`gcp.destination.instance.source.instance.zone`*:: + -- Zone of the VM. @@ -68583,7 +68698,7 @@ If the source of the connection was a VM located on the same VPC, this field is -*`gcp.source.vpc.project_id`*:: +*`gcp.destination.instance.source.vpc.project_id`*:: + -- ID of the project containing the VM. @@ -68593,7 +68708,7 @@ type: keyword -- -*`gcp.source.vpc.vpc_name`*:: +*`gcp.destination.instance.source.vpc.vpc_name`*:: + -- VPC on which the VM is operating. @@ -68603,7 +68718,7 @@ type: keyword -- -*`gcp.source.vpc.subnetwork_name`*:: +*`gcp.destination.instance.source.vpc.subnetwork_name`*:: + -- Subnetwork on which the VM is operating. diff --git a/filebeat/docs/images/filebeat-googlecloud-audit.png b/filebeat/docs/images/filebeat-gcp-audit.png similarity index 100% rename from filebeat/docs/images/filebeat-googlecloud-audit.png rename to filebeat/docs/images/filebeat-gcp-audit.png diff --git a/filebeat/docs/modules/gcp.asciidoc b/filebeat/docs/modules/gcp.asciidoc index d5e1aad50997..ee700d812813 100644 --- a/filebeat/docs/modules/gcp.asciidoc +++ b/filebeat/docs/modules/gcp.asciidoc @@ -5,7 +5,7 @@ This file is generated! See scripts/docs_collector.py [[filebeat-module-gcp]] [role="xpack"] -:modulename: googlecloud +:modulename: gcp :has-dashboards: false == Google Cloud module @@ -29,18 +29,18 @@ include::../include/config-option-intro.asciidoc[] ==== `audit` fileset settings [role="screenshot"] -image::./images/filebeat-googlecloud-audit.png[] +image::./images/filebeat-gcp-audit.png[] Example config: [source,yaml] ---- -- module: googlecloud +- module: gcp audit: enabled: true var.project_id: my-gcp-project-id - var.topic: googlecloud-vpc-audit - var.subscription_name: filebeat-googlecloud-audit-sub + var.topic: gcp-vpc-audit + var.subscription_name: filebeat-gcp-audit-sub var.credentials_file: ${path.config}/gcp-service-account-xyz.json var.keep_original_message: false ---- @@ -80,12 +80,12 @@ Example config: [source,yaml] ---- -- module: googlecloud +- module: gcp vpcflow: enabled: true var.project_id: my-gcp-project-id - var.topic: googlecloud-vpc-flowlogs - var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub + var.topic: gcp-vpc-flowlogs + var.subscription_name: filebeat-gcp-vpc-flowlogs-sub var.credentials_file: ${path.config}/gcp-service-account-xyz.json var.keep_original_message: false ---- @@ -125,12 +125,12 @@ Example config: [source,yaml] ---- -- module: googlecloud +- module: gcp firewall: enabled: true var.project_id: my-gcp-project-id - var.topic: googlecloud-vpc-firewall - var.subscription_name: filebeat-googlecloud-vpc-firewall-sub + var.topic: gcp-vpc-firewall + var.subscription_name: filebeat-gcp-vpc-firewall-sub var.credentials_file: ${path.config}/gcp-service-account-xyz.json var.keep_original_message: false ---- diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index ff3a538dd667..3596e84def3f 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -813,7 +813,7 @@ filebeat.modules: # "+02:00" for GMT+02:00 # var.tz_offset: local -#--------------------------------- GCP Module --------------------------------- +#--------------------- Google Cloud Platform (GCP) Module --------------------- - module: gcp vpcflow: enabled: true @@ -870,7 +870,8 @@ filebeat.modules: var.credentials_file: ${path.config}/gcp-service-account-xyz.json #----------------------------- Googlecloud Module ----------------------------- -- module: googlecloud +# googlecloud module is deprecated, please use gcp instead +- module: gcp vpcflow: enabled: true @@ -879,11 +880,11 @@ filebeat.modules: # Google Pub/Sub topic containing VPC flow logs. Stackdriver must be # configured to use this topic as a sink for VPC flow logs. - var.topic: googlecloud-vpc-flowlogs + var.topic: gcp-vpc-flowlogs # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub + var.subscription_name: filebeat-gcp-vpc-flowlogs-sub # Credentials file for the service account with authorization to read from # the subscription. @@ -897,11 +898,11 @@ filebeat.modules: # Google Pub/Sub topic containing firewall logs. Stackdriver must be # configured to use this topic as a sink for firewall logs. - var.topic: googlecloud-vpc-firewall + var.topic: gcp-vpc-firewall # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-firewall-sub + var.subscription_name: filebeat-gcp-firewall-sub # Credentials file for the service account with authorization to read from # the subscription. @@ -915,11 +916,11 @@ filebeat.modules: # Google Pub/Sub topic containing firewall logs. Stackdriver must be # configured to use this topic as a sink for firewall logs. - var.topic: googlecloud-vpc-audit + var.topic: gcp-vpc-audit # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-audit + var.subscription_name: filebeat-gcp-audit # Credentials file for the service account with authorization to read from # the subscription. diff --git a/x-pack/filebeat/module/gcp/_meta/docs.asciidoc b/x-pack/filebeat/module/gcp/_meta/docs.asciidoc index adda332e62f1..17f989377f9b 100644 --- a/x-pack/filebeat/module/gcp/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/gcp/_meta/docs.asciidoc @@ -1,6 +1,6 @@ [role="xpack"] -:modulename: googlecloud +:modulename: gcp :has-dashboards: false == Google Cloud module @@ -24,18 +24,18 @@ include::../include/config-option-intro.asciidoc[] ==== `audit` fileset settings [role="screenshot"] -image::./images/filebeat-googlecloud-audit.png[] +image::./images/filebeat-gcp-audit.png[] Example config: [source,yaml] ---- -- module: googlecloud +- module: gcp audit: enabled: true var.project_id: my-gcp-project-id - var.topic: googlecloud-vpc-audit - var.subscription_name: filebeat-googlecloud-audit-sub + var.topic: gcp-vpc-audit + var.subscription_name: filebeat-gcp-audit-sub var.credentials_file: ${path.config}/gcp-service-account-xyz.json var.keep_original_message: false ---- @@ -75,12 +75,12 @@ Example config: [source,yaml] ---- -- module: googlecloud +- module: gcp vpcflow: enabled: true var.project_id: my-gcp-project-id - var.topic: googlecloud-vpc-flowlogs - var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub + var.topic: gcp-vpc-flowlogs + var.subscription_name: filebeat-gcp-vpc-flowlogs-sub var.credentials_file: ${path.config}/gcp-service-account-xyz.json var.keep_original_message: false ---- @@ -120,12 +120,12 @@ Example config: [source,yaml] ---- -- module: googlecloud +- module: gcp firewall: enabled: true var.project_id: my-gcp-project-id - var.topic: googlecloud-vpc-firewall - var.subscription_name: filebeat-googlecloud-vpc-firewall-sub + var.topic: gcp-vpc-firewall + var.subscription_name: filebeat-gcp-vpc-firewall-sub var.credentials_file: ${path.config}/gcp-service-account-xyz.json var.keep_original_message: false ---- diff --git a/x-pack/filebeat/module/gcp/_meta/fields.yml b/x-pack/filebeat/module/gcp/_meta/fields.yml index 3e2753f09b2a..9932eb26c501 100644 --- a/x-pack/filebeat/module/gcp/_meta/fields.yml +++ b/x-pack/filebeat/module/gcp/_meta/fields.yml @@ -1,8 +1,61 @@ - key: gcp - title: GCP + title: Google Cloud Platform (GCP) description: > Module for handling logs from Google Cloud. fields: + - name: googlecloud + type: group + description: > + Aliases for backward compatibility with old googlecloud fields + fields: + - name: destination.instance.project_id + type: alias + path: gcp.destination.instance.project_id + migration: true + - name: destination.instance.region + type: alias + path: gcp.destination.instance.region + migration: true + - name: destination.instance.zone + type: alias + path: gcp.destination.instance.zone + migration: true + - name: destination.vpc.project_id + type: alias + path: gcp.destination.vpc.project_id + migration: true + - name: destination.vpc.vpc_name + type: alias + path: gcp.destination.vpc.vpc_name + migration: true + - name: destination.vpc.subnetwork_name + type: alias + path: gcp.destination.vpc.subnetwork_name + migration: true + - name: source.instance.project_id + type: alias + path: gcp.source.instance.project_id + migration: true + - name: source.instance.region + type: alias + path: gcp.source.instance.region + migration: true + - name: source.instance.zone + type: alias + path: gcp.source.instance.zone + migration: true + - name: source.vpc.project_id + type: alias + path: gcp.source.vpc.project_id + migration: true + - name: source.vpc.vpc_name + type: alias + path: gcp.source.vpc.vpc_name + migration: true + - name: source.vpc.subnetwork_name + type: alias + path: gcp.source.vpc.subnetwork_name + migration: true - name: gcp type: group description: > @@ -31,69 +84,69 @@ description: > Zone of the VM. - - name: destination.vpc - type: group - description: > - If the destination of the connection was a VM located on the same VPC, - this field is populated with VPC network details. In a Shared VPC - configuration, project_id corresponds to that of the host project. - fields: - - name: project_id - type: keyword + - name: destination.vpc + type: group description: > - ID of the project containing the VM. + If the destination of the connection was a VM located on the same VPC, + this field is populated with VPC network details. In a Shared VPC + configuration, project_id corresponds to that of the host project. + fields: + - name: project_id + type: keyword + description: > + ID of the project containing the VM. - - name: vpc_name - type: keyword - description: > - VPC on which the VM is operating. + - name: vpc_name + type: keyword + description: > + VPC on which the VM is operating. - - name: subnetwork_name - type: keyword - description: > - Subnetwork on which the VM is operating. + - name: subnetwork_name + type: keyword + description: > + Subnetwork on which the VM is operating. - - name: source.instance - type: group - description: > - If the source of the connection was a VM located on the same VPC, this - field is populated with VM instance details. In a Shared VPC - configuration, project_id corresponds to the project that owns the - instance, usually the service project. - fields: - - name: project_id - type: keyword + - name: source.instance + type: group description: > - ID of the project containing the VM. + If the source of the connection was a VM located on the same VPC, this + field is populated with VM instance details. In a Shared VPC + configuration, project_id corresponds to the project that owns the + instance, usually the service project. + fields: + - name: project_id + type: keyword + description: > + ID of the project containing the VM. - - name: region - type: keyword - description: > - Region of the VM. + - name: region + type: keyword + description: > + Region of the VM. - - name: zone - type: keyword - description: > - Zone of the VM. + - name: zone + type: keyword + description: > + Zone of the VM. - - name: source.vpc - type: group - description: > - If the source of the connection was a VM located on the same VPC, this - field is populated with VPC network details. In a Shared VPC - configuration, project_id corresponds to that of the host project. - fields: - - name: project_id - type: keyword + - name: source.vpc + type: group description: > - ID of the project containing the VM. + If the source of the connection was a VM located on the same VPC, this + field is populated with VPC network details. In a Shared VPC + configuration, project_id corresponds to that of the host project. + fields: + - name: project_id + type: keyword + description: > + ID of the project containing the VM. - - name: vpc_name - type: keyword - description: > - VPC on which the VM is operating. + - name: vpc_name + type: keyword + description: > + VPC on which the VM is operating. - - name: subnetwork_name - type: keyword - description: > - Subnetwork on which the VM is operating. + - name: subnetwork_name + type: keyword + description: > + Subnetwork on which the VM is operating. diff --git a/x-pack/filebeat/module/gcp/fields.go b/x-pack/filebeat/module/gcp/fields.go index 4a5d9dcf88c0..1d5b3955227d 100644 --- a/x-pack/filebeat/module/gcp/fields.go +++ b/x-pack/filebeat/module/gcp/fields.go @@ -19,5 +19,5 @@ func init() { // AssetGcp returns asset data. // This is the base64 encoded gzipped contents of module/gcp. func AssetGcp() string { - return "eJzsWltv47oRfs+vmLe0QFYHfd2HAoGzOQ26KXISdwv0xWDIscWGIlVe7Hp/fcGbrKvjxMq2B1g/Jbp882lmOPNxpE/wgvvPsKH1BYDlVuBn+HXxcAHA0FDNa8uV/Ax/vgAAuFfMCYS10lASyQSXGxBqY2CtVQW/KrURCAuhHCsuANYcBTOfw52fQJIKsx3/s/va/6+Vy0dGDPrfbYAZmgiWi3RZ21bbHkNjuSQes+DSWCIpNheNkThCxP/u1mBLbMOCioeokhJpOLIjBgh8uwehKLHIQMlwiSEVwreHxVUH0pbcRP7ADdSqdiLctOO29CCZNjC0hAtTwJ0EAk8l0cg8XAeNKrnmG6cDtyuotfoXUrviDKjSGk2tJDNgVSCUzoItiQW1k8Yf7cBl41fgjCNC7OODoN5y2txftG7pB6IdjAOZzukchhfc75TunzsSjBCQmxyA/DBUSUu49LnpD3+7Ly5G2WjccCXnY/IY8DKbSbPflcT5jP5TSRw1ObYAtjX9XeX+wwIk2p3SL7Pnvs/3yL1Uxv6+E3lb05X/az4u3vM+liWnZbLt46Nq9L6Vmwkixj2neM3M56kBPpVWQ0k5TXHO0h8R35P5Ids7kD+r/s+q/yFVP6X9PAX/h2T8z1r/s9aH38m1vs+IOMbtOemeNxpKd/cZAbiz24DRnMlEvOGL07xx1BfLfR0SpEZt98WIIeJsidJyGhbBisu1GrHb98ArVq87oOBBdRX1IwyX8uSi4ZLymogVVoSL+bJjWSIESCCMaTQmL6SWL5CBM6ihIi95PWn8t0Nje0/Q9qPS3O5XBgVSq/S8hBt8yPhgaqR8zZHB877NUOkr4Gsgcl/AnfUZL5WFjSOaSIvIYGAg1LdYSpLPY10WQu2Q+QroDEah3fDo+KHnhe9Hk4loTfZvS6YGs51LYZV51mlBK1mcnlyoK27MrG18mULAfa+5u75vGZlImk2IyHhTeFZKIOnTe4XCP0q0JWpQOsS8E47gLo2pExPJWvxCuBObCa75zhWxVvNnZ9GM8h6WitPyu0HNqzEbLHrXj4W11VOiwBym+JG4vkowUvQGMrlkps8tsxhpZ7NTmPLPZAuZiYOHOMYh26/QlooNO/t7O9l4BJIZn/GHMgC3SsP1wx1QIoSJErJf9UypnGDwjAGtjexvjKhF/yaPi/8hVS3wCi43ocMXjFjiqy4W2z8VN80/j07+5lDvL8ecI121igrT4IpbrMyIj4SSmzc6yFXPfvmvIWCCRuu0RBYnnwS+cmO9qwKx1oPGhlHXglPyLEbDmZrL+eJg2a7YTVd9gyxQVs2sFzsq6ZDbI8wyizUXFmds8bcB7yTT8z763zoV5ZjCaRrAhxM4lJUxjZEuWlVoiV9652fkfUIC8qycnY7AsbT0lQb1ivdbXyQ0OHxCR7x76OvTaGMiPImAcX4VI1t5+boiG5R2XoUTZHHA7dNa+irb1mdJeXZltRceA+BWMdYYL6NUacblRoxuW3LtnL8cRdz/y3o0Ru0wow8DjzklWYI8bv81PTZme3YpFIxM6aAXLocmZiDgcfu+aeZO/1tdeBIXN5hGzULF8RO90ih2S6wbT9z3LJ6nADdI2vFOMtXRztCozQ5LaaBKiDTnDFtsHsbkYIneYFM+W7J1SvL6fTcYWmKFn4RvCH9/vLsKtZVLKhzLIwov6LIu9je+ol9NiWKL5penv3z5eru6u/nlWakXM6pXG1eFMW1/2/zuwpvRju9pjvZdpzVK2/CaL5FgEaEbkkd3pr3954dte9ohrlH7ZpujP51InbAftitx/0JqbgqqqtGnGa7Nd8fadBam2qImQkySPhpzxcabLZcWNwNZfkKrS9w88FWaFx8kCZGA0lWwJcKFOKR9n65psVCsv8oO+19jyGZGVXANDLcovMc+rQn1YUetlc6Whsy5hC9yI7gpC7iW+6Dd8q0D+A5WC8Snv+Dfk3QzfkXw+I6m5YdYdYssGQbgIZxXviYe4NLUkgqOsr3pOOyxNO6IaE9+Z5vH3ybsN4zktRO4GpNZ71oRN4eTeUnk5w2WYsOoiKUlsjjAOLw1e708dsboYV470esHM4YB82WcC8fhcx65drhOKQxCB50C3iYyrlvNM1Re75lU9gwoGR00ZZ9xjWdTuMkgIUyarNectoNjYnCO+UHjGjXK86aSjxkkv4I/KQSpa2siB5XoTdbj4Gid3+MGPHOISzd1wyDJn1aTkTl8/zMft/ZHRZMEX+eWXGbJcF2cKY8zUc+j9VLcks0Zroxi8kfQTbL1PLq8XtVK2+G7ITjyfuhNdHkd9+RUCRNa1mGuCd50zo3wOsQJnNwgpUTIio5QqtxgmvJRSZE1XrJ6foL84MdIyXLOY7S+V1gLtfsIGfDtYQEe+y0yAH0S9UTmGeLecIZJuCVoFv0j1K6ABZFegyEPr/Uunx4Xl15EXd58eVq2NmpjPK0tZnir8JVYlHQPxECFxDiNDP7g/bhcPASOvg2L/R+BOZ03Ipb7Pau0qLdE5LngYGOWL0RBauPlINodovQKM2xoCTx9+S0sYI0U+TYeO3yZ4/+/Xvy1B+uv5823MHG/nb8FeVwu/XPs0PeBeCrVhjT7ix8TMRRkX1z8NwAA//9dMcxf" + return "eJzsWltv47gVfs+vOG+zC2S06Os8FAicyTbopMgmbgr0xaCpY4sNRaokZdfz6wveZFk3W5Yy7QKbt8jSdz7y3L5D6TO84+ELbGlxA2CY4fgFfpVyyxEWXJYpPHNiNlLl8NOvi+efbwBS1FSxwjApvsCfbwAAnmRacoSNVJARkXImtsDlVsNGyfwELrkB2DDkqf7invwMguT4BbbuHmpvcdcBzKGw15Usi3Clw7D9u+OMaNTO+prQ9z1RKVCZF8SwNePMHGDPTAaSp3UzgUaAqXOq80pRGyaItZkwoQ0RFJNCyX8hNSuWVvdHvsSSqV0tiMnc7iaXI+Vsq4hfpVElXsZJ4ZZJMZVPC+UqLt+lwKlMGhhjeOwKOt1FvSBjmewKurK/TODRATGWhS7XAs1eqvepZPqRznHSslQUJ6bRRSBjmYxOnrMAYxmMTJkzj19o/epEOff8CPtXpMfw0yNsX58UF4F0Man6HS3G9rkH16LaLdV12uSKPtZab53EABH797gBk2EdFqS/RKUQSN2VPdFA4O0JuKTEYApSuFs0yRHenhe3J5AmY9rzB6ahkEXJ3UOueb89QaQNKRrCuE7gUQCB14woTC3cCRqVYsO2pXfALRzDFKhUCnUhRarBSEco/AomIwbkXmh79QQuGr+FUpeE84NfCKodo9XzSe2RpiPqzujMmaMb3vGwl6r524AznEPuowPiYqgUhjBhtZi9/PaU3HSyadWuiUxeHF5k02u2UbImGv2nFHjWZKOVdVpv5sAFtj8gF+BsPjwvIJSdy/IBxuWEzQO/hkxq0xXg0BPkcEmgwxlvX7DrcFXQ19l1NI8ZuVkPWb9njGaBi/WjLNDuv9gOEOtvKTPye62MjKHZo19mTiWPfk0Wuaxpwc7WVWD+zgLXdBf43SdfZ9eZidmZDgTDXWgmEhd1pKOO/L1m0B996I8+9GP6UJMdKVNmpswwcaCS6nSecsAnUxV0xlgkYg3fXLYrg/uxPBQugApU5pB0GCKlyVAYRl3irJjYyA677aIxaPXuBBQsqMq9RoaTW4cnGiYoKwhfYU4Yn0/XLzMEBwkkTRVqHROttheYQqlRQU7eY74p/HeJ2jRWUN9HqZg5rDRypEaqeQlX+BDxQRdI2YZhCutDnaFUt8A2QMQhgUdjI15IA9uSKCIMYgodYwExodSEPfc1nXO5x9RWzVKjHx4qHif70NiF74PBRJQih3HBVGHWY8llmWUdElqK5PLgQpUzrWcdUpfBBcz2qMe7p5qRnqDZOo90T+xrKTmSJr0zFP6RoclQgVTO5yfucNulMHRxItIaP+fuwKaHa3xyRYxRbF0abHb0q/WFi+8KNWZjNHhZY676ixe47RAf7Cpne4qlaA1EcsFMk1tk0dnaZqbQtz+9LWQmDhZiiEO0n6PJZNru8td2sm4PBDM24o9lAB6kgrvnR6CEc+3lZ7Pq6UyWPIU1OrQ6sn3QoybNhywu/ofkBcdb+OTf/CUpMcRWXUx2f0ruq39eSvFbierwqWtzRJmvvCrVuGIGc92xR1yK7cgNKvO1Tf8NOExQaEolMPUnvAS+MW3sVjlitYX6hlEUnFGy5p3uDM1lujhY1it21VVHyAJpZJd2nFK56yrpGNsdzCKLDeMGZ2zxDw7vItPzLv1vJxVlSOFUDeDDCRzLSpfGCDetcjTEpt70iHwKSEDWsjT9HhgKS1tpUK1Ys/V5Qq3LF3TEx+emPvU2etwTCOjSZjGmKytfV2SLwsyrcJwsdrhNWktbZev6LCjPU1lthUcLuFaMFfrbKJUqZWLLO8eWWDvnL0ce9/+yHnVRO76HcAclc0qyADls/5we67I9uxRyRvp00DsTbRMzELC4zb2pzqv+t7rwIi5lx8nVDFRKduGuVIrdEFN2B+41yfPq4FpB291J+jraBI1aTVhSAZWchzNSN2Izd1QPhqgtVuWzJlv7JK+du0HTDHP8zG1D+PvL462rrUxQXqbxiMIKuqiL7YNn9KvOkO9Q//L6l6/fHlaP97+spXzXnXq12ip3xNscm68uvBFteKYZ7LulUihMxWu+QIKFh65IDk6mjfnzw8aeuosLVLbZRu/3B9KJ24/jip9fSMF0QmXeuZp2bl7ta32SmHKHinDeS3rQ5zLtbrZMGNy2ZPkFrS5ws8C34bz4KEmIABRlDjvCS+eHMPepgiYLmTaz7Dj/ak22M6qCO0hxh9zu2OcNodbtqJRU0VKbORPwVWw501kCd+LgtFt8tAV/glUDseHP2fcg3bTNCObf79T2wVfdJEqGFrhz562tiUe4cGpJOUNRHzqOM5bCPeH1k9/ZzuMfAvaII3lVclx1yayrMuL++GNMibheZ8k3jJwYmmHqDzCOb9zOl8eTY3R3XtvT61tnDC3mS38u7A+f45HrCdc+hUFoq1PAOJFxV2uervLanQllT4MUfoP67KdM4WQK9xHEuUmRzYbRunO0d87QPijcoML2Jw2jeLxEkPgZwEUuCF1bEdGqRKOs+4OjTXwH7PD00S+noesOkuzPstczx++a5uNW/1iql+B5bmHLDGnnxUR5HIlaHrUX6oZsJ2ylF5M/gm6QrdPosmJVSGXa74Zg4P3QKLqs8DM5lVy7lnU81wRrOsaGex1ScuwdkEIgREVHKJVl6zTlo4IiarxgdXqA/OBlhGCZsozatwwbLvcfIQPenhdgscfIALRB1BCZE8S9ZikG4RagU78/XO4TWBBhNRgy91rv0+vL4pMVUZ/uv74ua4NaF09jkhneKnwjBgU9ANGQI9GlwhR+svu4XDw7jrYN88PPkJYqDiKG2ZlVGFQ7wuO5YGswizciJ4W2chDNHlFYhekGWgKvX39zCayQItv5a8eveez/d4u/NmDt/az6VsbP2/FbkJfl0q5jj7YP+J9CbQhnf/4jpBQ5OSQ3/w0AAP//u6oHZg==" } diff --git a/x-pack/filebeat/module/googlecloud/_meta/config.yml b/x-pack/filebeat/module/googlecloud/_meta/config.yml index 7ca54bd84c06..2c535fb4664d 100644 --- a/x-pack/filebeat/module/googlecloud/_meta/config.yml +++ b/x-pack/filebeat/module/googlecloud/_meta/config.yml @@ -1,4 +1,5 @@ -- module: googlecloud +# googlecloud module is deprecated, please use gcp instead +- module: gcp vpcflow: enabled: true @@ -7,11 +8,11 @@ # Google Pub/Sub topic containing VPC flow logs. Stackdriver must be # configured to use this topic as a sink for VPC flow logs. - var.topic: googlecloud-vpc-flowlogs + var.topic: gcp-vpc-flowlogs # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub + var.subscription_name: filebeat-gcp-vpc-flowlogs-sub # Credentials file for the service account with authorization to read from # the subscription. @@ -25,11 +26,11 @@ # Google Pub/Sub topic containing firewall logs. Stackdriver must be # configured to use this topic as a sink for firewall logs. - var.topic: googlecloud-vpc-firewall + var.topic: gcp-vpc-firewall # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-firewall-sub + var.subscription_name: filebeat-gcp-firewall-sub # Credentials file for the service account with authorization to read from # the subscription. @@ -43,11 +44,11 @@ # Google Pub/Sub topic containing firewall logs. Stackdriver must be # configured to use this topic as a sink for firewall logs. - var.topic: googlecloud-vpc-audit + var.topic: gcp-vpc-audit # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-audit + var.subscription_name: filebeat-gcp-audit # Credentials file for the service account with authorization to read from # the subscription. diff --git a/x-pack/filebeat/module/googlecloud/audit/config/pipeline.js b/x-pack/filebeat/module/googlecloud/audit/config/pipeline.js deleted file mode 100644 index a24bd6219340..000000000000 --- a/x-pack/filebeat/module/googlecloud/audit/config/pipeline.js +++ /dev/null @@ -1,315 +0,0 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. - -function Audit(keep_original_message) { - var processor = require("processor"); - - // The pub/sub input writes the Stackdriver LogEntry object into the message - // field. The message needs decoded as JSON. - var decodeJson = new processor.DecodeJSONFields({ - fields: ["message"], - target: "json", - }); - - // Set @timetamp the LogEntry's timestamp. - var parseTimestamp = new processor.Timestamp({ - field: "json.timestamp", - timezone: "UTC", - layouts: ["2006-01-02T15:04:05.999999999Z07:00"], - tests: ["2019-06-14T03:50:10.845445834Z"], - ignore_missing: true, - }); - - var saveOriginalMessage = function(evt) {}; - if (keep_original_message) { - saveOriginalMessage = new processor.Convert({ - fields: [ - {from: "message", to: "event.original"} - ], - mode: "rename" - }); - } - - var dropPubSubFields = function(evt) { - evt.Delete("message"); - }; - - var saveMetadata = new processor.Convert({ - fields: [ - {from: "json.logName", to: "log.logger"}, - {from: "json.insertId", to: "event.id"}, - ], - ignore_missing: true - }); - - // Use the monitored resource type's labels to set the cloud metadata. - // The labels can vary based on the resource.type. - // https://cloud.google.com/logging/docs/reference/v2/rest/v2/MonitoredResource - var setCloudMetadata = new processor.Convert({ - fields: [ - { - from: "json.resource.labels.project_id", - to: "cloud.project.id", - type: "string" - }, - { - from: "json.resource.labels.instance_id", - to: "cloud.instance.id", - type: "string" - } - ], - ignore_missing: true, - fail_on_error: false, - }); - - // The log includes a protoPayload field. - // https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry - var convertLogEntry = new processor.Convert({ - fields: [ - {from: "json.protoPayload", to: "json"}, - ], - mode: "rename", - }); - - // The LogEntry's protoPayload is moved to the json field. The protoPayload - // contains the structured audit log fields. - // https://cloud.google.com/logging/docs/reference/audit/auditlog/rest/Shared.Types/AuditLog - var convertProtoPayload = new processor.Convert({ - fields: [ - { - from: "json.@type", - to: "googlecloud.audit.type", - type: "string" - }, - { - from: "json.authenticationInfo.principalEmail", - to: "googlecloud.audit.authentication_info.principal_email", - type: "string" - }, - { - from: "json.authenticationInfo.authoritySelector", - to: "googlecloud.audit.authentication_info.authority_selector", - type: "string" - }, - { - from: "json.authorizationInfo", - to: "googlecloud.audit.authorization_info" - // Type is an array of objects. - }, - { - from: "json.methodName", - to: "googlecloud.audit.method_name", - type: "string", - }, - { - from: "json.numResponseItems", - to: "googlecloud.audit.num_response_items", - type: "long" - }, - { - from: "json.request.@type", - to: "googlecloud.audit.request.proto_name", - type: "string" - }, - // The values in the request object will depend on the proto type. - // So be very careful about making any assumptions about data shape. - { - from: "json.request.filter", - to: "googlecloud.audit.request.filter", - type: "string" - }, - { - from: "json.request.name", - to: "googlecloud.audit.request.name", - type: "string" - }, - { - from: "json.request.resourceName", - to: "googlecloud.audit.request.resource_name", - type: "string" - }, - { - from: "json.requestMetadata.callerIp", - to: "googlecloud.audit.request_metadata.caller_ip", - type: "ip" - }, - { - from: "json.requestMetadata.callerSuppliedUserAgent", - to: "googlecloud.audit.request_metadata.caller_supplied_user_agent", - type: "string", - }, - { - from: "json.response.@type", - to: "googlecloud.audit.response.proto_name", - type: "string" - }, - // The values in the response object will depend on the proto type. - // So be very careful about making any assumptions about data shape. - { - from: "json.response.status", - to: "googlecloud.audit.response.status", - type: "string" - }, - { - from: "json.response.details.group", - to: "googlecloud.audit.response.details.group", - type: "string" - }, - { - from: "json.response.details.kind", - to: "googlecloud.audit.response.details.kind", - type: "string" - }, - { - from: "json.response.details.name", - to: "googlecloud.audit.response.details.name", - type: "string" - }, - { - from: "json.response.details.uid", - to: "googlecloud.audit.response.details.uid", - type: "string", - }, - { - from: "json.resourceName", - to: "googlecloud.audit.resource_name", - type: "string", - }, - { - from: "json.resourceLocation.currentLocations", - to: "googlecloud.audit.resource_location.current_locations" - // Type is a string array. - }, - { - from: "json.serviceName", - to: "googlecloud.audit.service_name", - type: "string", - }, - { - from: "json.status.code", - to: "googlecloud.audit.status.code", - type: "integer", - }, - { - from: "json.status.message", - to: "googlecloud.audit.status.message", - type: "string" - }, - ], - mode: "rename", - ignore_missing: true, - fail_on_error: false, - }); - - // Copy some fields - var copyFields = new processor.Convert({ - fields: [ - { - from: "googlecloud.audit.request_metadata.caller_ip", - to: "source.ip", - type: "ip" - }, - { - from: "googlecloud.audit.authentication_info.principal_email", - to: "user.email", - type: "string" - }, - { - from: "googlecloud.audit.service_name", - to: "service.name", - type: "string" - }, - { - from: "googlecloud.audit.request_metadata.caller_supplied_user_agent", - to: "user_agent.original", - type: "string" - }, - { - from: "googlecloud.audit.method_name", - to: "event.action", - type: "string" - }, - ], - ignore_missing: true, - fail_on_error: false, - }); - - // Drop extra fields - var dropExtraFields = function(evt) { - evt.Delete("json"); - }; - - // Rename nested fields. - var renameNestedFields = function(evt) { - var arr = evt.Get("googlecloud.audit.authorization_info"); - if (Array.isArray(arr)) { - for (var i = 0; i < arr.length; i++) { - if (arr[i].resourceAttributes) { - // Convert to snake_case. - arr[i].resource_attributes = arr[i].resourceAttributes; - delete arr[i].resourceAttributes; - } - } - } - }; - - // Set ECS categorization fields. - var setECSCategorization = function(evt) { - evt.Put("event.kind", "event"); - - // google.rpc.Code value for OK is 0. - if (evt.Get("googlecloud.audit.status.code") === 0) { - evt.Put("event.outcome", "success"); - return; - } - - // Try to use authorization_info.granted when there was no status code. - if (evt.Get("googlecloud.audit.status.code") == null) { - var authorization_info = evt.Get("googlecloud.audit.authorization_info"); - if (Array.isArray(authorization_info) && authorization_info.length === 1) { - if (authorization_info[0].granted === true) { - evt.Put("event.outcome", "success"); - } else if (authorization_info[0].granted === false) { - evt.Put("event.outcome", "failure"); - } - return - } - - evt.Put("event.outcome", "unknown"); - return; - } - - evt.Put("event.outcome", "failure"); - }; - - var pipeline = new processor.Chain() - .Add(decodeJson) - .Add(parseTimestamp) - .Add(saveOriginalMessage) - .Add(dropPubSubFields) - .Add(saveMetadata) - .Add(setCloudMetadata) - .Add(convertLogEntry) - .Add(convertProtoPayload) - .Add(copyFields) - .Add(dropExtraFields) - .Add(renameNestedFields) - .Add(setECSCategorization) - .Build(); - - return { - process: pipeline.Run, - }; -} - -var audit; - -// Register params from configuration. -function register(params) { - audit = new Audit(params.keep_original_message); -} - -function process(evt) { - return audit.process(evt); -} diff --git a/x-pack/filebeat/module/googlecloud/firewall/config/pipeline.js b/x-pack/filebeat/module/googlecloud/firewall/config/pipeline.js deleted file mode 100644 index b059233ad4f1..000000000000 --- a/x-pack/filebeat/module/googlecloud/firewall/config/pipeline.js +++ /dev/null @@ -1,331 +0,0 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. - -var processor = require("processor"); -var console = require("console"); - -// makeMapper({from:field, to:field, default:value mappings:{orig: new, [...]}}) -// -// Processor that sets _to_ field from a mapping of _from_ field's value. -function makeMapper(options) { - return function (evt) { - var key = evt.Get(options.from); - var value = options.default; - if (key in options.mappings) { - value = options.mappings[key]; - } - if (value != null) { - evt.Put(options.to, value); - } - }; -} - -// makeConditional({condition:expr, result1:processor|expr, [...]}) -// -// Processor that selects which processor to run depending on the result of -// evaluating a _condition_. Result can be boolean (if-else equivalent) or any -// other value (switch equivalent). Unspecified values are a no-op. -function makeConditional(options) { - return function (evt) { - var branch = options[options.condition(evt)] || function(evt){}; - return (typeof branch === "function" ? branch : branch.Run)(evt); - }; -} - -// logEvent(msg) -// -// Processor that logs the current value of evt to console.debug. -function makeLogEvent(msg) { - return function (evt) { - console.debug(msg + " :" + JSON.stringify(evt, null, 4)); - }; -} - -// PipelineBuilder to aid debugging of pipelines during development. -function PipelineBuilder(pipelineName, debug) { - this.pipeline = new processor.Chain(); - this.add = function (processor) { - this.pipeline = this.pipeline.Add(processor); - }; - this.Add = function (name, processor) { - this.add(processor); - if (debug) { - this.add(makeLogEvent("after " + pipelineName + "/" + name)); - } - }; - this.Build = function () { - if (debug) { - this.add(makeLogEvent(pipelineName + "processing done")); - } - return this.pipeline.Build(); - }; - if (debug) { - this.add(makeLogEvent(pipelineName + ": begin processing event")); - } -} - -function FirewallProcessor(keep_original_message, debug) { - var builder = new PipelineBuilder("firewall", debug); - - // The pub/sub input writes the Stackdriver LogEntry object into the message - // field. The message needs decoded as JSON. - builder.Add("decodeJson", new processor.DecodeJSONFields({ - fields: ["message"], - target: "json" - })); - - // Set @timestamp to the LogEntry's timestamp. - builder.Add("parseTimestamp", new processor.Timestamp({ - field: "json.timestamp", - timezone: "UTC", - layouts: ["2006-01-02T15:04:05.999999999Z07:00"], - tests: ["2019-06-14T03:50:10.845445834Z"], - ignore_missing: true - })); - - if (keep_original_message) { - builder.Add("saveOriginalMessage", new processor.Convert({ - fields: [ - {from: "message", to: "event.original"} - ], - mode: "rename" - })); - } - - builder.Add("dropPubSubFields", function(evt) { - evt.Delete("message"); - evt.Delete("labels"); - }); - - builder.Add("categorizeEvent", new processor.AddFields({ - target: "event", - fields: { - kind: "event", - category: "network", - type: "connection", - action: "firewall-rule" - }, - })); - - builder.Add("saveMetadata", new processor.Convert({ - fields: [ - {from: "json.logName", to: "log.logger"}, - {from: "json.resource.labels.subnetwork_name", to: "network.name"}, - {from: "json.insertId", to: "event.id"} - ], - ignore_missing: true - })); - - // Firewall logs are structured so the LogEntry includes a jsonPayload field. - // https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry - // The LogEntry's jsonPayload is moved to the json field. The jsonPayload - // contains the structured VPC flow log fields. - builder.Add("convertLogEntry", new processor.Convert({ - fields: [ - {from: "json.jsonPayload", to: "json"}, - ], - mode: "rename" - })); - - builder.Add("addType", function(evt) { - var disp = evt.Get("json.disposition"); - if (disp != null) { - evt.AppendTo("event.type", disp.toLowerCase()); - } - }); - - builder.Add("addDirection", makeMapper({ - from: "json.rule_details.direction", - to: "network.direction", - mappings: { - INGRESS: "inbound", - EGRESS: "outbound" - }, - default: "unknown" - })); - - builder.Add("conditionalRename", makeConditional({ - condition: function(evt) { - return evt.Get("json.rule_details.direction"); - }, - EGRESS: processor.Convert({ - fields: [ - {from: "json.vpc", to: "json.src_vpc"}, - {from: "json.instance", to: "json.src_instance"}, - {from: "json.location", to: "json.src_location"}, - {from: "json.remote_vpc", to: "json.dest_vpc"}, - {from: "json.remote_instance", to: "json.dest_instance"}, - {from: "json.remote_location", to: "json.dest_location"} - ], - mode: "rename", - fail_on_error: false, - ignore_missing: true - }), - - INGRESS: processor.Convert({ - fields: [ - {from: "json.vpc", to: "json.dest_vpc"}, - {from: "json.instance", to: "json.dest_instance"}, - {from: "json.location", to: "json.dest_location"}, - {from: "json.remote_vpc", to: "json.src_vpc"}, - {from: "json.remote_instance", to: "json.src_instance"}, - {from: "json.remote_location", to: "json.src_location"} - ], - mode: "rename", - fail_on_error: false, - ignore_missing: true - }) - })); - - // Set network.iana_number from connection.protocol, converting it to long - // and ignoring the failure if it's not numeric. - builder.Add("ianaNumber", new processor.Convert({ - fields: [{ - from: "json.connection.protocol", - to: "network.iana_number", - type: "long" - }], - fail_on_error: false - })); - - // Set network.transport from iana_number. GCP Firewall only supports - // logging of tcp and udp connections, added icmp just in case as it's the - // other protocol supported by firewall rules. - builder.Add("transportFromIANA", makeMapper({ - from: "network.iana_number", - to: "network.transport", - mappings: { - 1: "icmp", - 6: "tcp", - 17: "udp" - } - })); - - builder.Add("convertJsonPayload", new processor.Convert({ - fields: [ - {from: "json.connection.dest_ip", to: "destination.address"}, - {from: "json.connection.dest_port", to: "destination.port", type: "long"}, - {from: "json.connection.src_ip", to: "source.address"}, - {from: "json.connection.src_port", to: "source.port", type: "long"}, - - {from: "json.src_instance.vm_name", to: "source.domain"}, - {from: "json.dest_instance.vm_name", to: "destination.domain"}, - - {from: "json.dest_location.asn", to: "destination.as.number", type: "long"}, - {from: "json.dest_location.continent", to: "destination.geo.continent_name"}, - {from: "json.dest_location.country", to: "destination.geo.country_name"}, - {from: "json.dest_location.region", to: "destination.geo.region_name"}, - {from: "json.dest_location.city", to: "destination.geo.city_name"}, - - {from: "json.src_location.asn", to: "source.as.number", type: "long"}, - {from: "json.src_location.continent", to: "source.geo.continent_name"}, - {from: "json.src_location.country", to: "source.geo.country_name"}, - {from: "json.src_location.region", to: "source.geo.region_name"}, - {from: "json.src_location.city", to: "source.geo.city_name"}, - - {from: "json.dest_instance", to: "googlecloud.destination.instance"}, - {from: "json.dest_vpc", to: "googlecloud.destination.vpc"}, - {from: "json.src_instance", to: "googlecloud.source.instance"}, - {from: "json.src_vpc", to: "googlecloud.source.vpc"}, - {from: "json.rule_details.reference", to: "rule.name"}, - {from: "json", to: "googlecloud.firewall"}, - ], - mode: "rename", - ignore_missing: true, - fail_on_error: false - })); - - // Delete emtpy object's whose fields have been renamed leaving them childless. - builder.Add("dropEmptyObjects", function (evt) { - evt.Delete("googlecloud.firewall.connection"); - evt.Delete("googlecloud.firewall.dest_location"); - evt.Delete("googlecloud.firewall.disposition"); - evt.Delete("googlecloud.firewall.src_location"); - }); - - // Copy the source/destination.address to source/destination.ip if they are - // valid IP addresses. - builder.Add("copyAddressFields", new processor.Convert({ - fields: [ - {from: "source.address", to: "source.ip", type: "ip"}, - {from: "destination.address", to: "destination.ip", type: "ip"} - ], - fail_on_error: false - })); - - builder.Add("setCloudMetadata", makeConditional({ - condition: function (evt) { - return evt.Get("json.rule_details.direction"); - }, - EGRESS: new processor.Convert({ - fields: [ - {from: "googlecloud.source.instance.project_id", to: "cloud.project.id"}, - {from: "googlecloud.source.instance.vm_name", to: "cloud.instance.name"}, - {from: "googlecloud.source.instance.region", to: "cloud.region"}, - {from: "googlecloud.source.instance.zone", to: "cloud.availability_zone"}, - {from: "googlecloud.source.vpc.subnetwork_name", to: "network.name"} - ], - ignore_missing: true - }), - - INGRESS: new processor.Convert({ - fields: [ - {from: "googlecloud.destination.instance.project_id", to: "cloud.project.id"}, - {from: "googlecloud.destination.instance.vm_name", to: "cloud.instance.name"}, - {from: "googlecloud.destination.instance.region", to: "cloud.region"}, - {from: "googlecloud.destination.instance.zone", to: "cloud.availability_zone"}, - {from: "googlecloud.destination.vpc.subnetwork_name", to: "network.name"}, - ], - ignore_missing: true - }) - })); - - builder.Add("communityId", new processor.CommunityID({ - fields: { - transport: "network.iana_number" - } - })); - - builder.Add("setInternalDirection", function(event) { - var srcInstance = event.Get("googlecloud.source.instance"); - var destInstance = event.Get("googlecloud.destination.instance"); - if (srcInstance && destInstance) { - event.Put("network.direction", "internal"); - } - }); - - builder.Add("setNetworkType", function(event) { - var ip = event.Get("source.ip"); - if (!ip) { - return; - } - - if (ip.indexOf(".") !== -1) { - event.Put("network.type", "ipv4"); - } else { - event.Put("network.type", "ipv6"); - } - }); - - builder.Add("setRelatedIP", function(event) { - event.AppendTo("related.ip", event.Get("source.ip")); - event.AppendTo("related.ip", event.Get("destination.ip")); - }); - - var chain = builder.Build(); - return { - process: chain.Run - }; -} - -var firewall; - -// Register params from configuration. -function register(params) { - firewall = new FirewallProcessor(params.keep_original_message, params.debug); -} - -function process(evt) { - return firewall.process(evt); -} diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/config/pipeline.js b/x-pack/filebeat/module/googlecloud/vpcflow/config/pipeline.js deleted file mode 100644 index dd7e3e0ea7ed..000000000000 --- a/x-pack/filebeat/module/googlecloud/vpcflow/config/pipeline.js +++ /dev/null @@ -1,259 +0,0 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. - -function VPCFlow(keep_original_message) { - var processor = require("processor"); - - // The pub/sub input writes the Stackdriver LogEntry object into the message - // field. The message needs decoded as JSON. - var decodeJson = new processor.DecodeJSONFields({ - fields: ["message"], - target: "json", - }); - - // Set @timetamp the LogEntry's timestamp. - var parseTimestamp = new processor.Timestamp({ - field: "json.timestamp", - timezone: "UTC", - layouts: ["2006-01-02T15:04:05.999999999Z07:00"], - tests: ["2019-06-14T03:50:10.845445834Z"], - ignore_missing: true, - }); - - var saveOriginalMessage = function(evt) {}; - if (keep_original_message) { - saveOriginalMessage = new processor.Convert({ - fields: [ - {from: "message", to: "event.original"} - ], - mode: "rename" - }); - } - - var dropPubSubFields = function(evt) { - evt.Delete("message"); - evt.Delete("labels"); - }; - - var categorizeEvent = new processor.AddFields({ - target: "event", - fields: { - kind: "event", - category: "network", - type: "connection", - }, - }); - - - var saveMetadata = new processor.Convert({ - fields: [ - {from: "json.logName", to: "log.logger"}, - {from: "json.insertId", to: "event.id"}, - ], - ignore_missing: true - }); - - // Use the LogEntry object's timestamp. VPC flow logs are structured so the - // LogEntry includes a jsonPayload field. - // https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry - var convertLogEntry = new processor.Convert({ - fields: [ - {from: "json.jsonPayload", to: "json"}, - ], - mode: "rename", - }); - - // The LogEntry's jsonPayload is moved to the json field. The jsonPayload - // contains the structured VPC flow log fields. - // https://cloud.google.com/vpc/docs/using-flow-logs#record_format - var convertJsonPayload = new processor.Convert({ - fields: [ - {from: "json.connection.dest_ip", to: "destination.address"}, - {from: "json.connection.dest_port", to: "destination.port", type: "long"}, - {from: "json.connection.protocol", to: "network.iana_number", type: "string"}, - {from: "json.connection.src_ip", to: "source.address"}, - {from: "json.connection.src_port", to: "source.port", type: "long"}, - - {from: "json.src_instance.vm_name", to: "source.domain"}, - {from: "json.dest_instance.vm_name", to: "destination.domain"}, - - {from: "json.bytes_sent", to: "source.bytes", type: "long"}, - {from: "json.packets_sent", to: "source.packets", type: "long"}, - - {from: "json.start_time", to: "event.start"}, - {from: "json.end_time", to: "event.end"}, - - {from: "json.dest_location.asn", to: "destination.as.number", type: "long"}, - {from: "json.dest_location.continent", to: "destination.geo.continent_name"}, - {from: "json.dest_location.country", to: "destination.geo.country_name"}, - {from: "json.dest_location.region", to: "destination.geo.region_name"}, - {from: "json.dest_location.city", to: "destination.geo.city_name"}, - - {from: "json.src_location.asn", to: "source.as.number", type: "long"}, - {from: "json.src_location.continent", to: "source.geo.continent_name"}, - {from: "json.src_location.country", to: "source.geo.country_name"}, - {from: "json.src_location.region", to: "source.geo.region_name"}, - {from: "json.src_location.city", to: "source.geo.city_name"}, - - {from: "json.dest_instance", to: "googlecloud.destination.instance"}, - {from: "json.dest_vpc", to: "googlecloud.destination.vpc"}, - {from: "json.src_instance", to: "googlecloud.source.instance"}, - {from: "json.src_vpc", to: "googlecloud.source.vpc"}, - - {from: "json.rtt_msec", to: "json.rtt.ms", type: "long"}, - {from: "json", to: "googlecloud.vpcflow"}, - ], - mode: "rename", - ignore_missing: true, - }); - - // Delete emtpy object's whose fields have been renamed leaving them childless. - var dropEmptyObjects = function (evt) { - evt.Delete("googlecloud.vpcflow.connection"); - evt.Delete("googlecloud.vpcflow.dest_location"); - evt.Delete("googlecloud.vpcflow.src_location"); - }; - - // Copy the source/destination.address to source/destination.ip if they are - // valid IP addresses. - var copyAddressFields = new processor.Convert({ - fields: [ - {from: "source.address", to: "source.ip", type: "ip"}, - {from: "destination.address", to: "destination.ip", type: "ip"}, - ], - fail_on_error: false, - }); - - var setCloudFromDestInstance = new processor.Convert({ - fields: [ - {from: "googlecloud.destination.instance.project_id", to: "cloud.project.id"}, - {from: "googlecloud.destination.instance.vm_name", to: "cloud.instance.name"}, - {from: "googlecloud.destination.instance.region", to: "cloud.region"}, - {from: "googlecloud.destination.instance.zone", to: "cloud.availability_zone"}, - {from: "googlecloud.destination.vpc.subnetwork_name", to: "network.name"}, - ], - ignore_missing: true, - }); - - var setCloudFromSrcInstance = new processor.Convert({ - fields: [ - {from: "googlecloud.source.instance.project_id", to: "cloud.project.id"}, - {from: "googlecloud.source.instance.vm_name", to: "cloud.instance.name"}, - {from: "googlecloud.source.instance.region", to: "cloud.region"}, - {from: "googlecloud.source.instance.zone", to: "cloud.availability_zone"}, - {from: "googlecloud.source.vpc.subnetwork_name", to: "network.name"}, - ], - ignore_missing: true, - }); - - // Set the cloud metadata fields based on the instance that reported the - // event. - var setCloudMetadata = function(evt) { - var reporter = evt.Get("googlecloud.vpcflow.reporter"); - - if (reporter === "DEST") { - setCloudFromDestInstance.Run(evt); - } else if (reporter === "SRC") { - setCloudFromSrcInstance.Run(evt); - } - }; - - var communityId = new processor.CommunityID({ - fields: { - transport: "network.iana_number", - } - }); - - // VPC flows are unidirectional so we only have to worry about copy the - // source.bytes/packets over to network.bytes/packets. - var setNetworkBytesPackets = new processor.Convert({ - fields: [ - {from: "source.bytes", to: "network.bytes"}, - {from: "source.packets", to: "network.packets"}, - ], - ignore_missing: true, - }); - - // VPC flow logs are reported for TCP and UDP traffic only so handle these - // protocols' IANA numbers. - var setNetworkTransport = function(event) { - var ianaNumber = event.Get("network.iana_number"); - switch (ianaNumber) { - case "6": - event.Put("network.transport", "tcp"); - break; - case "17": - event.Put("network.transport", "udp"); - break; - } - }; - - var setNetworkDirection = function(event) { - var srcInstance = event.Get("googlecloud.source.instance"); - var destInstance = event.Get("googlecloud.destination.instance"); - var direction = "unknown"; - - if (srcInstance && destInstance) { - direction = "internal"; - } else if (srcInstance) { - direction = "outbound"; - } else if (destInstance) { - direction = "inbound"; - } - event.Put("network.direction", direction); - }; - - var setNetworkType = function(event) { - var ip = event.Get("source.ip"); - if (!ip) { - return; - } - - if (ip.indexOf(".") !== -1) { - event.Put("network.type", "ipv4"); - } else { - event.Put("network.type", "ipv6"); - } - }; - - var setRelatedIP = function(event) { - event.AppendTo("related.ip", event.Get("source.ip")); - event.AppendTo("related.ip", event.Get("destination.ip")); - }; - - var pipeline = new processor.Chain() - .Add(decodeJson) - .Add(parseTimestamp) - .Add(saveOriginalMessage) - .Add(dropPubSubFields) - .Add(categorizeEvent) - .Add(saveMetadata) - .Add(convertLogEntry) - .Add(convertJsonPayload) - .Add(dropEmptyObjects) - .Add(copyAddressFields) - .Add(setCloudMetadata) - .Add(communityId) - .Add(setNetworkBytesPackets) - .Add(setNetworkTransport) - .Add(setNetworkDirection) - .Add(setNetworkType) - .Add(setRelatedIP) - .Build(); - - return { - process: pipeline.Run, - }; -} - -var vpcflow; - -// Register params from configuration. -function register(params) { - vpcflow = new VPCFlow(params.keep_original_message); -} - -function process(evt) { - return vpcflow.process(evt); -} diff --git a/x-pack/filebeat/modules.d/googlecloud.yml.disabled b/x-pack/filebeat/modules.d/googlecloud.yml.disabled index 9bf81802677a..6f3e6b53e21d 100644 --- a/x-pack/filebeat/modules.d/googlecloud.yml.disabled +++ b/x-pack/filebeat/modules.d/googlecloud.yml.disabled @@ -1,7 +1,8 @@ # Module: googlecloud # Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-googlecloud.html -- module: googlecloud +# googlecloud module is deprecated, please use gcp instead +- module: gcp vpcflow: enabled: true @@ -10,11 +11,11 @@ # Google Pub/Sub topic containing VPC flow logs. Stackdriver must be # configured to use this topic as a sink for VPC flow logs. - var.topic: googlecloud-vpc-flowlogs + var.topic: gcp-vpc-flowlogs # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub + var.subscription_name: filebeat-gcp-vpc-flowlogs-sub # Credentials file for the service account with authorization to read from # the subscription. @@ -28,11 +29,11 @@ # Google Pub/Sub topic containing firewall logs. Stackdriver must be # configured to use this topic as a sink for firewall logs. - var.topic: googlecloud-vpc-firewall + var.topic: gcp-vpc-firewall # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-firewall-sub + var.subscription_name: filebeat-gcp-firewall-sub # Credentials file for the service account with authorization to read from # the subscription. @@ -46,11 +47,11 @@ # Google Pub/Sub topic containing firewall logs. Stackdriver must be # configured to use this topic as a sink for firewall logs. - var.topic: googlecloud-vpc-audit + var.topic: gcp-vpc-audit # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-audit + var.subscription_name: filebeat-gcp-audit # Credentials file for the service account with authorization to read from # the subscription. From fb1c560d3febe69bac0ef930e3fca331ec4ee711 Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Sun, 8 Nov 2020 16:15:06 -0700 Subject: [PATCH 08/14] update fields.yml --- filebeat/docs/fields.asciidoc | 18 ++-- x-pack/filebeat/module/gcp/_meta/fields.yml | 110 ++++++++++---------- x-pack/filebeat/module/gcp/fields.go | 2 +- 3 files changed, 65 insertions(+), 65 deletions(-) diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index f700963e0469..ce3185b73265 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -68624,7 +68624,7 @@ If the destination of the connection was a VM located on the same VPC, this fiel -*`gcp.destination.instance.destination.vpc.project_id`*:: +*`gcp.destination.vpc.project_id`*:: + -- ID of the project containing the VM. @@ -68634,7 +68634,7 @@ type: keyword -- -*`gcp.destination.instance.destination.vpc.vpc_name`*:: +*`gcp.destination.vpc.vpc_name`*:: + -- VPC on which the VM is operating. @@ -68644,7 +68644,7 @@ type: keyword -- -*`gcp.destination.instance.destination.vpc.subnetwork_name`*:: +*`gcp.destination.vpc.subnetwork_name`*:: + -- Subnetwork on which the VM is operating. @@ -68661,7 +68661,7 @@ If the source of the connection was a VM located on the same VPC, this field is -*`gcp.destination.instance.source.instance.project_id`*:: +*`gcp.source.instance.project_id`*:: + -- ID of the project containing the VM. @@ -68671,7 +68671,7 @@ type: keyword -- -*`gcp.destination.instance.source.instance.region`*:: +*`gcp.source.instance.region`*:: + -- Region of the VM. @@ -68681,7 +68681,7 @@ type: keyword -- -*`gcp.destination.instance.source.instance.zone`*:: +*`gcp.source.instance.zone`*:: + -- Zone of the VM. @@ -68698,7 +68698,7 @@ If the source of the connection was a VM located on the same VPC, this field is -*`gcp.destination.instance.source.vpc.project_id`*:: +*`gcp.source.vpc.project_id`*:: + -- ID of the project containing the VM. @@ -68708,7 +68708,7 @@ type: keyword -- -*`gcp.destination.instance.source.vpc.vpc_name`*:: +*`gcp.source.vpc.vpc_name`*:: + -- VPC on which the VM is operating. @@ -68718,7 +68718,7 @@ type: keyword -- -*`gcp.destination.instance.source.vpc.subnetwork_name`*:: +*`gcp.source.vpc.subnetwork_name`*:: + -- Subnetwork on which the VM is operating. diff --git a/x-pack/filebeat/module/gcp/_meta/fields.yml b/x-pack/filebeat/module/gcp/_meta/fields.yml index 9932eb26c501..4523faf4bf20 100644 --- a/x-pack/filebeat/module/gcp/_meta/fields.yml +++ b/x-pack/filebeat/module/gcp/_meta/fields.yml @@ -84,69 +84,69 @@ description: > Zone of the VM. - - name: destination.vpc - type: group + - name: destination.vpc + type: group + description: > + If the destination of the connection was a VM located on the same VPC, + this field is populated with VPC network details. In a Shared VPC + configuration, project_id corresponds to that of the host project. + fields: + - name: project_id + type: keyword description: > - If the destination of the connection was a VM located on the same VPC, - this field is populated with VPC network details. In a Shared VPC - configuration, project_id corresponds to that of the host project. - fields: - - name: project_id - type: keyword - description: > - ID of the project containing the VM. + ID of the project containing the VM. - - name: vpc_name - type: keyword - description: > - VPC on which the VM is operating. + - name: vpc_name + type: keyword + description: > + VPC on which the VM is operating. - - name: subnetwork_name - type: keyword - description: > - Subnetwork on which the VM is operating. + - name: subnetwork_name + type: keyword + description: > + Subnetwork on which the VM is operating. - - name: source.instance - type: group + - name: source.instance + type: group + description: > + If the source of the connection was a VM located on the same VPC, this + field is populated with VM instance details. In a Shared VPC + configuration, project_id corresponds to the project that owns the + instance, usually the service project. + fields: + - name: project_id + type: keyword description: > - If the source of the connection was a VM located on the same VPC, this - field is populated with VM instance details. In a Shared VPC - configuration, project_id corresponds to the project that owns the - instance, usually the service project. - fields: - - name: project_id - type: keyword - description: > - ID of the project containing the VM. + ID of the project containing the VM. - - name: region - type: keyword - description: > - Region of the VM. + - name: region + type: keyword + description: > + Region of the VM. - - name: zone - type: keyword - description: > - Zone of the VM. + - name: zone + type: keyword + description: > + Zone of the VM. - - name: source.vpc - type: group + - name: source.vpc + type: group + description: > + If the source of the connection was a VM located on the same VPC, this + field is populated with VPC network details. In a Shared VPC + configuration, project_id corresponds to that of the host project. + fields: + - name: project_id + type: keyword description: > - If the source of the connection was a VM located on the same VPC, this - field is populated with VPC network details. In a Shared VPC - configuration, project_id corresponds to that of the host project. - fields: - - name: project_id - type: keyword - description: > - ID of the project containing the VM. + ID of the project containing the VM. - - name: vpc_name - type: keyword - description: > - VPC on which the VM is operating. + - name: vpc_name + type: keyword + description: > + VPC on which the VM is operating. - - name: subnetwork_name - type: keyword - description: > - Subnetwork on which the VM is operating. + - name: subnetwork_name + type: keyword + description: > + Subnetwork on which the VM is operating. diff --git a/x-pack/filebeat/module/gcp/fields.go b/x-pack/filebeat/module/gcp/fields.go index 1d5b3955227d..7395b207f5e9 100644 --- a/x-pack/filebeat/module/gcp/fields.go +++ b/x-pack/filebeat/module/gcp/fields.go @@ -19,5 +19,5 @@ func init() { // AssetGcp returns asset data. // This is the base64 encoded gzipped contents of module/gcp. func AssetGcp() string { - return "eJzsWltv47gVfs+vOG+zC2S06Os8FAicyTbopMgmbgr0xaCpY4sNRaokZdfz6wveZFk3W5Yy7QKbt8jSdz7y3L5D6TO84+ELbGlxA2CY4fgFfpVyyxEWXJYpPHNiNlLl8NOvi+efbwBS1FSxwjApvsCfbwAAnmRacoSNVJARkXImtsDlVsNGyfwELrkB2DDkqf7invwMguT4BbbuHmpvcdcBzKGw15Usi3Clw7D9u+OMaNTO+prQ9z1RKVCZF8SwNePMHGDPTAaSp3UzgUaAqXOq80pRGyaItZkwoQ0RFJNCyX8hNSuWVvdHvsSSqV0tiMnc7iaXI+Vsq4hfpVElXsZJ4ZZJMZVPC+UqLt+lwKlMGhhjeOwKOt1FvSBjmewKurK/TODRATGWhS7XAs1eqvepZPqRznHSslQUJ6bRRSBjmYxOnrMAYxmMTJkzj19o/epEOff8CPtXpMfw0yNsX58UF4F0Man6HS3G9rkH16LaLdV12uSKPtZab53EABH797gBk2EdFqS/RKUQSN2VPdFA4O0JuKTEYApSuFs0yRHenhe3J5AmY9rzB6ahkEXJ3UOueb89QaQNKRrCuE7gUQCB14woTC3cCRqVYsO2pXfALRzDFKhUCnUhRarBSEco/AomIwbkXmh79QQuGr+FUpeE84NfCKodo9XzSe2RpiPqzujMmaMb3vGwl6r524AznEPuowPiYqgUhjBhtZi9/PaU3HSyadWuiUxeHF5k02u2UbImGv2nFHjWZKOVdVpv5sAFtj8gF+BsPjwvIJSdy/IBxuWEzQO/hkxq0xXg0BPkcEmgwxlvX7DrcFXQ19l1NI8ZuVkPWb9njGaBi/WjLNDuv9gOEOtvKTPye62MjKHZo19mTiWPfk0Wuaxpwc7WVWD+zgLXdBf43SdfZ9eZidmZDgTDXWgmEhd1pKOO/L1m0B996I8+9GP6UJMdKVNmpswwcaCS6nSecsAnUxV0xlgkYg3fXLYrg/uxPBQugApU5pB0GCKlyVAYRl3irJjYyA677aIxaPXuBBQsqMq9RoaTW4cnGiYoKwhfYU4Yn0/XLzMEBwkkTRVqHROttheYQqlRQU7eY74p/HeJ2jRWUN9HqZg5rDRypEaqeQlX+BDxQRdI2YZhCutDnaFUt8A2QMQhgUdjI15IA9uSKCIMYgodYwExodSEPfc1nXO5x9RWzVKjHx4qHif70NiF74PBRJQih3HBVGHWY8llmWUdElqK5PLgQpUzrWcdUpfBBcz2qMe7p5qRnqDZOo90T+xrKTmSJr0zFP6RoclQgVTO5yfucNulMHRxItIaP+fuwKaHa3xyRYxRbF0abHb0q/WFi+8KNWZjNHhZY676ixe47RAf7Cpne4qlaA1EcsFMk1tk0dnaZqbQtz+9LWQmDhZiiEO0n6PJZNru8td2sm4PBDM24o9lAB6kgrvnR6CEc+3lZ7Pq6UyWPIU1OrQ6sn3QoybNhywu/ofkBcdb+OTf/CUpMcRWXUx2f0ruq39eSvFbierwqWtzRJmvvCrVuGIGc92xR1yK7cgNKvO1Tf8NOExQaEolMPUnvAS+MW3sVjlitYX6hlEUnFGy5p3uDM1lujhY1it21VVHyAJpZJd2nFK56yrpGNsdzCKLDeMGZ2zxDw7vItPzLv1vJxVlSOFUDeDDCRzLSpfGCDetcjTEpt70iHwKSEDWsjT9HhgKS1tpUK1Ys/V5Qq3LF3TEx+emPvU2etwTCOjSZjGmKytfV2SLwsyrcJwsdrhNWktbZev6LCjPU1lthUcLuFaMFfrbKJUqZWLLO8eWWDvnL0ce9/+yHnVRO76HcAclc0qyADls/5we67I9uxRyRvp00DsTbRMzELC4zb2pzqv+t7rwIi5lx8nVDFRKduGuVIrdEFN2B+41yfPq4FpB291J+jraBI1aTVhSAZWchzNSN2Izd1QPhqgtVuWzJlv7JK+du0HTDHP8zG1D+PvL462rrUxQXqbxiMIKuqiL7YNn9KvOkO9Q//L6l6/fHlaP97+spXzXnXq12ip3xNscm68uvBFteKYZ7LulUihMxWu+QIKFh65IDk6mjfnzw8aeuosLVLbZRu/3B9KJ24/jip9fSMF0QmXeuZp2bl7ta32SmHKHinDeS3rQ5zLtbrZMGNy2ZPkFrS5ws8C34bz4KEmIABRlDjvCS+eHMPepgiYLmTaz7Dj/ak22M6qCO0hxh9zu2OcNodbtqJRU0VKbORPwVWw501kCd+LgtFt8tAV/glUDseHP2fcg3bTNCObf79T2wVfdJEqGFrhz562tiUe4cGpJOUNRHzqOM5bCPeH1k9/ZzuMfAvaII3lVclx1yayrMuL++GNMibheZ8k3jJwYmmHqDzCOb9zOl8eTY3R3XtvT61tnDC3mS38u7A+f45HrCdc+hUFoq1PAOJFxV2uervLanQllT4MUfoP67KdM4WQK9xHEuUmRzYbRunO0d87QPijcoML2Jw2jeLxEkPgZwEUuCF1bEdGqRKOs+4OjTXwH7PD00S+noesOkuzPstczx++a5uNW/1iql+B5bmHLDGnnxUR5HIlaHrUX6oZsJ2ylF5M/gm6QrdPosmJVSGXa74Zg4P3QKLqs8DM5lVy7lnU81wRrOsaGex1ScuwdkEIgREVHKJVl6zTlo4IiarxgdXqA/OBlhGCZsozatwwbLvcfIQPenhdgscfIALRB1BCZE8S9ZikG4RagU78/XO4TWBBhNRgy91rv0+vL4pMVUZ/uv74ua4NaF09jkhneKnwjBgU9ANGQI9GlwhR+svu4XDw7jrYN88PPkJYqDiKG2ZlVGFQ7wuO5YGswizciJ4W2chDNHlFYhekGWgKvX39zCayQItv5a8eveez/d4u/NmDt/az6VsbP2/FbkJfl0q5jj7YP+J9CbQhnf/4jpBQ5OSQ3/w0AAP//u6oHZg==" + return "eJzsWk1v5LgRvftX1G12AY8Wuc4hgNEeb4ysA6/dcYBcGmyyWmJMkQpJdafn1wckRbU++0vyJgOMb1ZLrx6rilWPJX2Gd9x/gZQWNwCWW4Ff4FelUoGwEKpk8CyI3Sidw0+/Lp5/vgFgaKjmheVKfoE/3wAAPClWCoSN0pARyQSXKQiVGtholbfgkhuADUfBzBf/5GeQJMcvkPp7qLvFXwew+8Jd16osqisDht3fneDEoPHW14S+74hmQFVeEMvXXHC7hx23GSjBmmYqGhVMk1OTF0NjuSTOZsKlsURSTAqt/oXUrjir7498iSPTuFoQm3nvJucj5TzVJKzS6hLP46Qx5UpO5dNDuYrLNyVxKpMOxiU8tgWdHqJRkEuZbAu6cr9M4DEAcSkLU64l2p3S71PJjCOd4mRUqSlO3EZngVzK5OLNcxLgUgYXbpkTj59p/eqNcur5C+xfsT2OP32B7es3xVkgQ0zqfkeLS/vcg29R/ZbqO21yRR/rrbdJ4ggR9/e4AZthExZUuESVlEj9lR0xQODtCYSixCIDJf0thuQIb8+L2xakzbgJ/IEbKFRRCv+Qb95vTxBpA0NLuDAJPEog8JoRjczBtdCokhueliEAt3BIU6BKazSFksyAVZ5Q9SvYjFhQO2nc1RZcNH4LpSmJEPuwENRbTuvnk8Yj3UA0gzG4Zw5heMf9Tunub0eC4QNyHwMQF0OVtIRLp8Xc5ben5GaQTa92TWTy4vEim1GznZI10eg/lcRBkyMN8bvK/ecFVCVm9tx3+R64Z8rY7zuRB5rBRC7O8y6WGadZZdvFRxXofCvTESLjLWEin9ca+FxaI3pjhvQPiNdkvs/2FuSPqv+j6n9I1T/otO8l43/U+h+13v+dXeu7jEjJuJ2S7vGgoXT7nOGBW6cNGMyZSMQZvjnPG0d9sdwXPkEK1HafDBgipc1QWk79JlhxuVEDdrseOGH1rgUKDlTnQT9CfyuPbhouKS+IWGFOuJgvO5YZgocEwphGY+JGavgCGZQGNeTkPe4njf8u0djOCpp+VJrb/cqgQGqVnpdwjQ8RH0yBlG84MljvmwyVvgW+ASL3CTxal/FSWUhLoom0iAx6Bnx9C6Wk8nmoy0KoHTJXAUuDQWjXPFp+6Hjh29FkIlqT/WXJVGM2c8nvMse62tBKJucnF+qcGzNrG19WIeCu1zzePTWMjCRN6iMy3BTWSgkkXXonKPwjQ5uhBqV9zFvh8O7SWHViIlmDnw93xWaEa3xyRazVfF1aNIO8+6XivPyuUeNujAaTzv1DYW30lCAw+yl+JK4nCQaKzkAkV5npcossBtrZ7BTG/DPaQmbi4CCOcYj2c7SZYv3Ofm0nG45AZcZl/KEMwIPScPf8CJQIYYKE7FY9k6lSMFijR2siuwcDatJ9yOHif0heCLyFT+GNWMKIJa7qYrL9U3Jf//NSyt9L1PtPQ86RZb4KCtPgilvMzYCPhJLphQ4q87Xb/hvwmKDRlloiC5NPAr9xY52rPLHGQkPDKArBKVmLwXBWzWW6OFg2K3bdVS+QBcqqmfViSyUdcnuAWWSx4cLijC3+weOdZXrepf+tVVGOKZy6AXw4gUNZGdIY1U2rHC1xW296Rj5VSEDWqrTjETiWlq7SoF7xbusLhHqXz+iIj89dfRpsjISnImBKt4uRrZx8XZEUpZ1X4XhZ7HG7tJauyjb1WaU827LaCY8ecKMYawy3Uao04zIVg8eWWDvnL0cB9/+yHg1RO8zo/cBjTklWQR63f0qPDdmeXQp5I2M66J3LvokZCDjcrm/qudP/VheexaXsTaNmoVLyM71SK3ZLbDmcuNdsnlcP10va4U4y1tEmaNT6hKU0UCVENef0R2zux+RgiU6xLp8N2Tomed25GwzNMMfPwjWEv7883vrayiUVJYsjCifooi52D57QryZDsUXzy+tfvv72sHq8/2Wt1LsZ1Ku1q/yYtntsvrrwRrTjZ5qjfbfUGqWtec2XSLAI0DXJoyfTzvnzw449zRAXqF2zjdEfT6RW2A/HlXB+IQU3CVX54Gr6e/PqWJvWxlRb1ESIUdJHY67YcLPl0mLak+VntLqKmwO+rebFB0lCJKAsc9gSUfo4VOc+XdBkoVh3lx3Ov8aQdEZVcAcMtyicxz5vCHVhR62Vjpb6zLmErzIV3GQJ3Mm9127x0R58C6sB4tJf8G+VdDNuR/Dwjqbhh1B1kygZeuA+nLeuJh7gqqklFRxl89BxOGNp3BHRnPzONo9/qLAvGMnrUuBqSGZdtSPuDz/GLRHX6y2FhpETSzNkYYBxeGt2ujy2xuh+XjvS63szhh7zZZgLh+FzHLm2uI4pDEJ7nQIuExl3jebpK6/zTFX2DCgZHDRmn3GNkyncRxAfJk02G06bwTEhOMf8oHGDGuW0qeRLBImv4M8KQdW1NZG9SnSR9TA42sT3uB7PHOLSTl0/SHI/q9HIHL7/mY9b86OiUYKnuVUus6S/LybK40jU8Wi8FLckneDKICb/CLqVbJ1GlxerQmnbfzcER94PXUSXF+FMTpUwvmUd5prgTMfc8K9DSoGjB6QqEaKiI5SqsjdN+aikiBqvsjo9Qf7gZVTJMmUZje8VNkLtPkIGvD0vwGFfIgPQJVFHZE4Q94YzrIRbBc2Cf4TaJbAg0mkw5P613qfXl8UnJ6I+3X99XTYOakM8rU1meKvwG7Eo6R6IgRyJKTUy+Mn5cbl49hxdGxb7n4GVOh5ELHdnVmlRb4mIc8HewSzeiIIUxslBtDtE6RSmP9ASeP36u9/AGinybbh2+DLH/X+3+GsH1t3P629hwnk7fgvysly6dezQ9YHwU1Ubqtlf+JiIoSD75Oa/AQAA//9tnOpX" } From de9a95344a53cb2875797e81b6e44ffda3b06c44 Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Mon, 9 Nov 2020 08:45:46 -0700 Subject: [PATCH 09/14] remove docs/modules/googlecloud.asciidoc --- filebeat/docs/modules/googlecloud.asciidoc | 174 ------------------ x-pack/filebeat/module/gcp/audit/manifest.yml | 2 +- .../filebeat/module/gcp/firewall/manifest.yml | 2 +- .../filebeat/module/gcp/vpcflow/manifest.yml | 2 +- 4 files changed, 3 insertions(+), 177 deletions(-) delete mode 100644 filebeat/docs/modules/googlecloud.asciidoc diff --git a/filebeat/docs/modules/googlecloud.asciidoc b/filebeat/docs/modules/googlecloud.asciidoc deleted file mode 100644 index bc0e62e93b85..000000000000 --- a/filebeat/docs/modules/googlecloud.asciidoc +++ /dev/null @@ -1,174 +0,0 @@ -//// -This file is generated! See scripts/docs_collector.py -//// - -[[filebeat-module-googlecloud]] -[role="xpack"] - -:modulename: googlecloud -:has-dashboards: false - -== Google Cloud module - - -This is a module for Google Cloud logs. It supports reading audit, VPC flow, -and firewall logs that have been exported from Stackdriver to a -Google Pub/Sub topic sink. - -include::../include/what-happens.asciidoc[] - -include::../include/gs-link.asciidoc[] - -include::../include/configuring-intro.asciidoc[] - -:fileset_ex: audit - -include::../include/config-option-intro.asciidoc[] - -[float] -==== `audit` fileset settings - -[role="screenshot"] -image::./images/filebeat-googlecloud-audit.png[] - -Example config: - -[source,yaml] ----- -- module: googlecloud - audit: - enabled: true - var.project_id: my-gcp-project-id - var.topic: googlecloud-vpc-audit - var.subscription_name: filebeat-googlecloud-audit-sub - var.credentials_file: ${path.config}/gcp-service-account-xyz.json - var.keep_original_message: false ----- - -include::../include/var-paths.asciidoc[] - -*`var.project_id`*:: - -Google Cloud project ID. - -*`var.topic`*:: - -Google Cloud Pub/Sub topic name. - -*`var.subscription_name`*:: - -Google Cloud Pub/Sub topic subscription name. If the subscription does not -exist it will be created. - -*`var.credentials_file`*:: - -Path to a JSON file containing the credentials and key used to subscribe. - -*`var.keep_original_message`*:: - -Flag to control whether the original message is stored in the `log.original` -field. Defaults to `false`, meaning the original message is not saved. - -:fileset_ex!: - -:fileset_ex: vpcflow - -[float] -==== `vpcflow` fileset settings - -Example config: - -[source,yaml] ----- -- module: googlecloud - vpcflow: - enabled: true - var.project_id: my-gcp-project-id - var.topic: googlecloud-vpc-flowlogs - var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub - var.credentials_file: ${path.config}/gcp-service-account-xyz.json - var.keep_original_message: false ----- - -include::../include/var-paths.asciidoc[] - -*`var.project_id`*:: - -Google Cloud project ID. - -*`var.topic`*:: - -Google Cloud Pub/Sub topic name. - -*`var.subscription_name`*:: - -Google Cloud Pub/Sub topic subscription name. If the subscription does not -exist it will be created. - -*`var.credentials_file`*:: - -Path to a JSON file containing the credentials and key used to subscribe. - -*`var.keep_original_message`*:: - -Flag to control whether the original message is stored in the `log.original` -field. Defaults to `false`, meaning the original message is not saved. - -:fileset_ex!: - -:fileset_ex: firewall - -[float] -==== `firewall` fileset settings - -Example config: - -[source,yaml] ----- -- module: googlecloud - firewall: - enabled: true - var.project_id: my-gcp-project-id - var.topic: googlecloud-vpc-firewall - var.subscription_name: filebeat-googlecloud-vpc-firewall-sub - var.credentials_file: ${path.config}/gcp-service-account-xyz.json - var.keep_original_message: false ----- - -include::../include/var-paths.asciidoc[] - -*`var.project_id`*:: - -Google Cloud project ID. - -*`var.topic`*:: - -Google Cloud Pub/Sub topic name. - -*`var.subscription_name`*:: - -Google Cloud Pub/Sub topic subscription name. If the subscription does not -exist it will be created. - -*`var.credentials_file`*:: - -Path to a JSON file containing the credentials and key used to subscribe. - -*`var.keep_original_message`*:: - -Flag to control whether the original message is stored in the `log.original` -field. Defaults to `false`, meaning the original message is not saved. - -:has-dashboards!: - -:fileset_ex!: - -:modulename!: - - -[float] -=== Fields - -For a description of each field in the module, see the -<> section. - diff --git a/x-pack/filebeat/module/gcp/audit/manifest.yml b/x-pack/filebeat/module/gcp/audit/manifest.yml index cacba81ad711..15950fd85a11 100644 --- a/x-pack/filebeat/module/gcp/audit/manifest.yml +++ b/x-pack/filebeat/module/gcp/audit/manifest.yml @@ -8,7 +8,7 @@ var: - name: topic default: stackdriver-audit - name: subscription_name - default: filebeat-googlecloud-audit + default: filebeat-gcp-audit - name: credentials_file - name: credentials_json - name: keep_original_message diff --git a/x-pack/filebeat/module/gcp/firewall/manifest.yml b/x-pack/filebeat/module/gcp/firewall/manifest.yml index 6563173197f4..72c182147abb 100644 --- a/x-pack/filebeat/module/gcp/firewall/manifest.yml +++ b/x-pack/filebeat/module/gcp/firewall/manifest.yml @@ -8,7 +8,7 @@ var: - name: topic default: stackdriver-firewall - name: subscription_name - default: filebeat-googlecloud-firewall + default: filebeat-gcp-firewall - name: credentials_file - name: credentials_json - name: debug diff --git a/x-pack/filebeat/module/gcp/vpcflow/manifest.yml b/x-pack/filebeat/module/gcp/vpcflow/manifest.yml index 3ddb0800223a..71048699be9a 100644 --- a/x-pack/filebeat/module/gcp/vpcflow/manifest.yml +++ b/x-pack/filebeat/module/gcp/vpcflow/manifest.yml @@ -8,7 +8,7 @@ var: - name: topic default: stackdriver-vpcflow - name: subscription_name - default: filebeat-googlecloud-vpcflow + default: filebeat-gcp-vpcflow - name: credentials_file - name: credentials_json - name: keep_original_message From e203b548b03f0aef8eb9d631a04a2939b6d8ce1b Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Tue, 10 Nov 2020 17:43:43 -0700 Subject: [PATCH 10/14] change field name back to googlecloud --- filebeat/docs/fields.asciidoc | 211 +- x-pack/filebeat/module/gcp/_meta/fields.yml | 53 - .../module/gcp/audit/config/pipeline.js | 64 +- .../audit-log-entries.json.log-expected.json | 166 +- x-pack/filebeat/module/gcp/fields.go | 2 +- .../module/gcp/firewall/config/pipeline.js | 44 +- .../gcp/firewall/test/rare.log-expected.json | 72 +- .../gcp/firewall/test/test.log-expected.json | 540 ++-- .../module/gcp/vpcflow/config/pipeline.js | 42 +- ...pc-flow-log-entries.json.log-expected.json | 2244 ++++++++--------- 10 files changed, 1635 insertions(+), 1803 deletions(-) diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index ce3185b73265..14ed69323931 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -68461,121 +68461,6 @@ Module for handling logs from Google Cloud. [float] === googlecloud -Aliases for backward compatibility with old googlecloud fields - - - -*`googlecloud.destination.instance.project_id`*:: -+ --- -type: alias - -alias to: gcp.destination.instance.project_id - --- - -*`googlecloud.destination.instance.region`*:: -+ --- -type: alias - -alias to: gcp.destination.instance.region - --- - -*`googlecloud.destination.instance.zone`*:: -+ --- -type: alias - -alias to: gcp.destination.instance.zone - --- - -*`googlecloud.destination.vpc.project_id`*:: -+ --- -type: alias - -alias to: gcp.destination.vpc.project_id - --- - -*`googlecloud.destination.vpc.vpc_name`*:: -+ --- -type: alias - -alias to: gcp.destination.vpc.vpc_name - --- - -*`googlecloud.destination.vpc.subnetwork_name`*:: -+ --- -type: alias - -alias to: gcp.destination.vpc.subnetwork_name - --- - -*`googlecloud.source.instance.project_id`*:: -+ --- -type: alias - -alias to: gcp.source.instance.project_id - --- - -*`googlecloud.source.instance.region`*:: -+ --- -type: alias - -alias to: gcp.source.instance.region - --- - -*`googlecloud.source.instance.zone`*:: -+ --- -type: alias - -alias to: gcp.source.instance.zone - --- - -*`googlecloud.source.vpc.project_id`*:: -+ --- -type: alias - -alias to: gcp.source.vpc.project_id - --- - -*`googlecloud.source.vpc.vpc_name`*:: -+ --- -type: alias - -alias to: gcp.source.vpc.vpc_name - --- - -*`googlecloud.source.vpc.subnetwork_name`*:: -+ --- -type: alias - -alias to: gcp.source.vpc.subnetwork_name - --- - -[float] -=== gcp - Fields from Google Cloud logs. @@ -68587,7 +68472,7 @@ If the destination of the connection was a VM located on the same VPC, this fiel -*`gcp.destination.instance.project_id`*:: +*`googlecloud.destination.instance.project_id`*:: + -- ID of the project containing the VM. @@ -68597,7 +68482,7 @@ type: keyword -- -*`gcp.destination.instance.region`*:: +*`googlecloud.destination.instance.region`*:: + -- Region of the VM. @@ -68607,7 +68492,7 @@ type: keyword -- -*`gcp.destination.instance.zone`*:: +*`googlecloud.destination.instance.zone`*:: + -- Zone of the VM. @@ -68624,7 +68509,7 @@ If the destination of the connection was a VM located on the same VPC, this fiel -*`gcp.destination.vpc.project_id`*:: +*`googlecloud.destination.vpc.project_id`*:: + -- ID of the project containing the VM. @@ -68634,7 +68519,7 @@ type: keyword -- -*`gcp.destination.vpc.vpc_name`*:: +*`googlecloud.destination.vpc.vpc_name`*:: + -- VPC on which the VM is operating. @@ -68644,7 +68529,7 @@ type: keyword -- -*`gcp.destination.vpc.subnetwork_name`*:: +*`googlecloud.destination.vpc.subnetwork_name`*:: + -- Subnetwork on which the VM is operating. @@ -68661,7 +68546,7 @@ If the source of the connection was a VM located on the same VPC, this field is -*`gcp.source.instance.project_id`*:: +*`googlecloud.source.instance.project_id`*:: + -- ID of the project containing the VM. @@ -68671,7 +68556,7 @@ type: keyword -- -*`gcp.source.instance.region`*:: +*`googlecloud.source.instance.region`*:: + -- Region of the VM. @@ -68681,7 +68566,7 @@ type: keyword -- -*`gcp.source.instance.zone`*:: +*`googlecloud.source.instance.zone`*:: + -- Zone of the VM. @@ -68698,7 +68583,7 @@ If the source of the connection was a VM located on the same VPC, this field is -*`gcp.source.vpc.project_id`*:: +*`googlecloud.source.vpc.project_id`*:: + -- ID of the project containing the VM. @@ -68708,7 +68593,7 @@ type: keyword -- -*`gcp.source.vpc.vpc_name`*:: +*`googlecloud.source.vpc.vpc_name`*:: + -- VPC on which the VM is operating. @@ -68718,7 +68603,7 @@ type: keyword -- -*`gcp.source.vpc.subnetwork_name`*:: +*`googlecloud.source.vpc.subnetwork_name`*:: + -- Subnetwork on which the VM is operating. @@ -68735,7 +68620,7 @@ Fields for Google Cloud audit logs. -*`gcp.audit.type`*:: +*`googlecloud.audit.type`*:: + -- Type property. @@ -68752,7 +68637,7 @@ Authentication information. -*`gcp.audit.authentication_info.principal_email`*:: +*`googlecloud.audit.authentication_info.principal_email`*:: + -- The email address of the authenticated user making the request. @@ -68762,7 +68647,7 @@ type: keyword -- -*`gcp.audit.authentication_info.authority_selector`*:: +*`googlecloud.audit.authentication_info.authority_selector`*:: + -- The authority selector specified by the requestor, if any. It is not guaranteed that the principal was allowed to use this authority. @@ -68772,7 +68657,7 @@ type: keyword -- -*`gcp.audit.authorization_info`*:: +*`googlecloud.audit.authorization_info`*:: + -- Authorization information for the operation. @@ -68782,7 +68667,7 @@ type: array -- -*`gcp.audit.method_name`*:: +*`googlecloud.audit.method_name`*:: + -- The name of the service method or operation. For API calls, this should be the name of the API method. For example, 'google.datastore.v1.Datastore.RunQuery'. @@ -68792,7 +68677,7 @@ type: keyword -- -*`gcp.audit.num_response_items`*:: +*`googlecloud.audit.num_response_items`*:: + -- The number of items returned from a List or Query API method, if applicable. @@ -68809,7 +68694,7 @@ The operation request. -*`gcp.audit.request.proto_name`*:: +*`googlecloud.audit.request.proto_name`*:: + -- Type property of the request. @@ -68819,7 +68704,7 @@ type: keyword -- -*`gcp.audit.request.filter`*:: +*`googlecloud.audit.request.filter`*:: + -- Filter of the request. @@ -68829,7 +68714,7 @@ type: keyword -- -*`gcp.audit.request.name`*:: +*`googlecloud.audit.request.name`*:: + -- Name of the request. @@ -68839,7 +68724,7 @@ type: keyword -- -*`gcp.audit.request.resource_name`*:: +*`googlecloud.audit.request.resource_name`*:: + -- Name of the request resource. @@ -68856,7 +68741,7 @@ Metadata about the request. -*`gcp.audit.request_metadata.caller_ip`*:: +*`googlecloud.audit.request_metadata.caller_ip`*:: + -- The IP address of the caller. @@ -68866,7 +68751,7 @@ type: ip -- -*`gcp.audit.request_metadata.caller_supplied_user_agent`*:: +*`googlecloud.audit.request_metadata.caller_supplied_user_agent`*:: + -- The user agent of the caller. This information is not authenticated and should be treated accordingly. @@ -68883,7 +68768,7 @@ The operation response. -*`gcp.audit.response.proto_name`*:: +*`googlecloud.audit.response.proto_name`*:: + -- Type property of the response. @@ -68900,7 +68785,7 @@ The details of the response. -*`gcp.audit.response.details.group`*:: +*`googlecloud.audit.response.details.group`*:: + -- The name of the group. @@ -68910,7 +68795,7 @@ type: keyword -- -*`gcp.audit.response.details.kind`*:: +*`googlecloud.audit.response.details.kind`*:: + -- The kind of the response details. @@ -68920,7 +68805,7 @@ type: keyword -- -*`gcp.audit.response.details.name`*:: +*`googlecloud.audit.response.details.name`*:: + -- The name of the response details. @@ -68930,7 +68815,7 @@ type: keyword -- -*`gcp.audit.response.details.uid`*:: +*`googlecloud.audit.response.details.uid`*:: + -- The uid of the response details. @@ -68940,7 +68825,7 @@ type: keyword -- -*`gcp.audit.response.status`*:: +*`googlecloud.audit.response.status`*:: + -- Status of the response. @@ -68950,7 +68835,7 @@ type: keyword -- -*`gcp.audit.resource_name`*:: +*`googlecloud.audit.resource_name`*:: + -- The resource or collection that is the target of the operation. The name is a scheme-less URI, not including the API service name. For example, 'shelves/SHELF_ID/books'. @@ -68967,7 +68852,7 @@ The location of the resource. -*`gcp.audit.resource_location.current_locations`*:: +*`googlecloud.audit.resource_location.current_locations`*:: + -- Current locations of the resource. @@ -68977,7 +68862,7 @@ type: keyword -- -*`gcp.audit.service_name`*:: +*`googlecloud.audit.service_name`*:: + -- The name of the API service performing the operation. For example, datastore.googleapis.com. @@ -68994,7 +68879,7 @@ The status of the overall operation. -*`gcp.audit.status.code`*:: +*`googlecloud.audit.status.code`*:: + -- The status code, which should be an enum value of google.rpc.Code. @@ -69004,7 +68889,7 @@ type: integer -- -*`gcp.audit.status.message`*:: +*`googlecloud.audit.status.message`*:: + -- A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. @@ -69028,7 +68913,7 @@ Description of the firewall rule that matched this connection. -*`gcp.firewall.rule_details.priority`*:: +*`googlecloud.firewall.rule_details.priority`*:: + -- The priority for the firewall rule. @@ -69037,7 +68922,7 @@ type: long -- -*`gcp.firewall.rule_details.action`*:: +*`googlecloud.firewall.rule_details.action`*:: + -- Action that the rule performs on match. @@ -69046,7 +68931,7 @@ type: keyword -- -*`gcp.firewall.rule_details.direction`*:: +*`googlecloud.firewall.rule_details.direction`*:: + -- Direction of traffic that matches this rule. @@ -69055,7 +68940,7 @@ type: keyword -- -*`gcp.firewall.rule_details.reference`*:: +*`googlecloud.firewall.rule_details.reference`*:: + -- Reference to the firewall rule. @@ -69064,7 +68949,7 @@ type: keyword -- -*`gcp.firewall.rule_details.source_range`*:: +*`googlecloud.firewall.rule_details.source_range`*:: + -- List of source ranges that the firewall rule applies to. @@ -69073,7 +68958,7 @@ type: keyword -- -*`gcp.firewall.rule_details.destination_range`*:: +*`googlecloud.firewall.rule_details.destination_range`*:: + -- List of destination ranges that the firewall applies to. @@ -69082,7 +68967,7 @@ type: keyword -- -*`gcp.firewall.rule_details.source_tag`*:: +*`googlecloud.firewall.rule_details.source_tag`*:: + -- List of all the source tags that the firewall rule applies to. @@ -69092,7 +68977,7 @@ type: keyword -- -*`gcp.firewall.rule_details.target_tag`*:: +*`googlecloud.firewall.rule_details.target_tag`*:: + -- List of all the target tags that the firewall rule applies to. @@ -69102,7 +68987,7 @@ type: keyword -- -*`gcp.firewall.rule_details.ip_port_info`*:: +*`googlecloud.firewall.rule_details.ip_port_info`*:: + -- List of ip protocols and applicable port ranges for rules. @@ -69112,7 +68997,7 @@ type: array -- -*`gcp.firewall.rule_details.source_service_account`*:: +*`googlecloud.firewall.rule_details.source_service_account`*:: + -- List of all the source service accounts that the firewall rule applies to. @@ -69122,7 +69007,7 @@ type: keyword -- -*`gcp.firewall.rule_details.target_service_account`*:: +*`googlecloud.firewall.rule_details.target_service_account`*:: + -- List of all the target service accounts that the firewall rule applies to. @@ -69139,7 +69024,7 @@ Fields for Google Cloud VPC flow logs. -*`gcp.vpcflow.reporter`*:: +*`googlecloud.vpcflow.reporter`*:: + -- The side which reported the flow. Can be either 'SRC' or 'DEST'. @@ -69149,7 +69034,7 @@ type: keyword -- -*`gcp.vpcflow.rtt.ms`*:: +*`googlecloud.vpcflow.rtt.ms`*:: + -- Latency as measured (for TCP flows only) during the time interval. This is the time elapsed between sending a SEQ and receiving a corresponding ACK and it contains the network RTT as well as the application related delay. diff --git a/x-pack/filebeat/module/gcp/_meta/fields.yml b/x-pack/filebeat/module/gcp/_meta/fields.yml index 4523faf4bf20..f574d666eb77 100644 --- a/x-pack/filebeat/module/gcp/_meta/fields.yml +++ b/x-pack/filebeat/module/gcp/_meta/fields.yml @@ -4,59 +4,6 @@ Module for handling logs from Google Cloud. fields: - name: googlecloud - type: group - description: > - Aliases for backward compatibility with old googlecloud fields - fields: - - name: destination.instance.project_id - type: alias - path: gcp.destination.instance.project_id - migration: true - - name: destination.instance.region - type: alias - path: gcp.destination.instance.region - migration: true - - name: destination.instance.zone - type: alias - path: gcp.destination.instance.zone - migration: true - - name: destination.vpc.project_id - type: alias - path: gcp.destination.vpc.project_id - migration: true - - name: destination.vpc.vpc_name - type: alias - path: gcp.destination.vpc.vpc_name - migration: true - - name: destination.vpc.subnetwork_name - type: alias - path: gcp.destination.vpc.subnetwork_name - migration: true - - name: source.instance.project_id - type: alias - path: gcp.source.instance.project_id - migration: true - - name: source.instance.region - type: alias - path: gcp.source.instance.region - migration: true - - name: source.instance.zone - type: alias - path: gcp.source.instance.zone - migration: true - - name: source.vpc.project_id - type: alias - path: gcp.source.vpc.project_id - migration: true - - name: source.vpc.vpc_name - type: alias - path: gcp.source.vpc.vpc_name - migration: true - - name: source.vpc.subnetwork_name - type: alias - path: gcp.source.vpc.subnetwork_name - migration: true - - name: gcp type: group description: > Fields from Google Cloud logs. diff --git a/x-pack/filebeat/module/gcp/audit/config/pipeline.js b/x-pack/filebeat/module/gcp/audit/config/pipeline.js index 878f2b19b8dd..a24bd6219340 100644 --- a/x-pack/filebeat/module/gcp/audit/config/pipeline.js +++ b/x-pack/filebeat/module/gcp/audit/config/pipeline.js @@ -79,121 +79,121 @@ function Audit(keep_original_message) { fields: [ { from: "json.@type", - to: "gcp.audit.type", + to: "googlecloud.audit.type", type: "string" }, { from: "json.authenticationInfo.principalEmail", - to: "gcp.audit.authentication_info.principal_email", + to: "googlecloud.audit.authentication_info.principal_email", type: "string" }, { from: "json.authenticationInfo.authoritySelector", - to: "gcp.audit.authentication_info.authority_selector", + to: "googlecloud.audit.authentication_info.authority_selector", type: "string" }, { from: "json.authorizationInfo", - to: "gcp.audit.authorization_info" + to: "googlecloud.audit.authorization_info" // Type is an array of objects. }, { from: "json.methodName", - to: "gcp.audit.method_name", + to: "googlecloud.audit.method_name", type: "string", }, { from: "json.numResponseItems", - to: "gcp.audit.num_response_items", + to: "googlecloud.audit.num_response_items", type: "long" }, { from: "json.request.@type", - to: "gcp.audit.request.proto_name", + to: "googlecloud.audit.request.proto_name", type: "string" }, // The values in the request object will depend on the proto type. // So be very careful about making any assumptions about data shape. { from: "json.request.filter", - to: "gcp.audit.request.filter", + to: "googlecloud.audit.request.filter", type: "string" }, { from: "json.request.name", - to: "gcp.audit.request.name", + to: "googlecloud.audit.request.name", type: "string" }, { from: "json.request.resourceName", - to: "gcp.audit.request.resource_name", + to: "googlecloud.audit.request.resource_name", type: "string" }, { from: "json.requestMetadata.callerIp", - to: "gcp.audit.request_metadata.caller_ip", + to: "googlecloud.audit.request_metadata.caller_ip", type: "ip" }, { from: "json.requestMetadata.callerSuppliedUserAgent", - to: "gcp.audit.request_metadata.caller_supplied_user_agent", + to: "googlecloud.audit.request_metadata.caller_supplied_user_agent", type: "string", }, { from: "json.response.@type", - to: "gcp.audit.response.proto_name", + to: "googlecloud.audit.response.proto_name", type: "string" }, // The values in the response object will depend on the proto type. // So be very careful about making any assumptions about data shape. { from: "json.response.status", - to: "gcp.audit.response.status", + to: "googlecloud.audit.response.status", type: "string" }, { from: "json.response.details.group", - to: "gcp.audit.response.details.group", + to: "googlecloud.audit.response.details.group", type: "string" }, { from: "json.response.details.kind", - to: "gcp.audit.response.details.kind", + to: "googlecloud.audit.response.details.kind", type: "string" }, { from: "json.response.details.name", - to: "gcp.audit.response.details.name", + to: "googlecloud.audit.response.details.name", type: "string" }, { from: "json.response.details.uid", - to: "gcp.audit.response.details.uid", + to: "googlecloud.audit.response.details.uid", type: "string", }, { from: "json.resourceName", - to: "gcp.audit.resource_name", + to: "googlecloud.audit.resource_name", type: "string", }, { from: "json.resourceLocation.currentLocations", - to: "gcp.audit.resource_location.current_locations" + to: "googlecloud.audit.resource_location.current_locations" // Type is a string array. }, { from: "json.serviceName", - to: "gcp.audit.service_name", + to: "googlecloud.audit.service_name", type: "string", }, { from: "json.status.code", - to: "gcp.audit.status.code", + to: "googlecloud.audit.status.code", type: "integer", }, { from: "json.status.message", - to: "gcp.audit.status.message", + to: "googlecloud.audit.status.message", type: "string" }, ], @@ -206,27 +206,27 @@ function Audit(keep_original_message) { var copyFields = new processor.Convert({ fields: [ { - from: "gcp.audit.request_metadata.caller_ip", + from: "googlecloud.audit.request_metadata.caller_ip", to: "source.ip", type: "ip" }, { - from: "gcp.audit.authentication_info.principal_email", + from: "googlecloud.audit.authentication_info.principal_email", to: "user.email", type: "string" }, { - from: "gcp.audit.service_name", + from: "googlecloud.audit.service_name", to: "service.name", type: "string" }, { - from: "gcp.audit.request_metadata.caller_supplied_user_agent", + from: "googlecloud.audit.request_metadata.caller_supplied_user_agent", to: "user_agent.original", type: "string" }, { - from: "gcp.audit.method_name", + from: "googlecloud.audit.method_name", to: "event.action", type: "string" }, @@ -242,7 +242,7 @@ function Audit(keep_original_message) { // Rename nested fields. var renameNestedFields = function(evt) { - var arr = evt.Get("gcp.audit.authorization_info"); + var arr = evt.Get("googlecloud.audit.authorization_info"); if (Array.isArray(arr)) { for (var i = 0; i < arr.length; i++) { if (arr[i].resourceAttributes) { @@ -259,14 +259,14 @@ function Audit(keep_original_message) { evt.Put("event.kind", "event"); // google.rpc.Code value for OK is 0. - if (evt.Get("gcp.audit.status.code") === 0) { + if (evt.Get("googlecloud.audit.status.code") === 0) { evt.Put("event.outcome", "success"); return; } // Try to use authorization_info.granted when there was no status code. - if (evt.Get("gcp.audit.status.code") == null) { - var authorization_info = evt.Get("gcp.audit.authorization_info"); + if (evt.Get("googlecloud.audit.status.code") == null) { + var authorization_info = evt.Get("googlecloud.audit.authorization_info"); if (Array.isArray(authorization_info) && authorization_info.length === 1) { if (authorization_info[0].granted === true) { evt.Put("event.outcome", "success"); diff --git a/x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log-expected.json b/x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log-expected.json index 26abbf7ec804..8b4b2ed642df 100644 --- a/x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log-expected.json +++ b/x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log-expected.json @@ -9,8 +9,8 @@ "event.module": "gcp", "event.outcome": "success", "fileset.name": "audit", - "gcp.audit.authentication_info.principal_email": "xxx@xxx.xxx", - "gcp.audit.authorization_info": [ + "googlecloud.audit.authentication_info.principal_email": "xxx@xxx.xxx", + "googlecloud.audit.authorization_info": [ { "granted": true, "permission": "resourcemanager.projects.get", @@ -18,13 +18,13 @@ "resource_attributes": {} } ], - "gcp.audit.method_name": "GetResourceBillingInfo", - "gcp.audit.request.proto_name": "type.googleapis.com/google.internal.cloudbilling.billingaccount.v1.GetResourceBillingInfoRequest", - "gcp.audit.request.resource_name": "projects/189716325846", - "gcp.audit.request_metadata.caller_ip": "192.168.1.1", - "gcp.audit.resource_name": "projects/elastic-beats", - "gcp.audit.service_name": "cloudbilling.googleapis.com", - "gcp.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", + "googlecloud.audit.method_name": "GetResourceBillingInfo", + "googlecloud.audit.request.proto_name": "type.googleapis.com/google.internal.cloudbilling.billingaccount.v1.GetResourceBillingInfoRequest", + "googlecloud.audit.request.resource_name": "projects/189716325846", + "googlecloud.audit.request_metadata.caller_ip": "192.168.1.1", + "googlecloud.audit.resource_name": "projects/elastic-beats", + "googlecloud.audit.service_name": "cloudbilling.googleapis.com", + "googlecloud.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", "input.type": "log", "log.logger": "projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access", "log.offset": 0, @@ -46,8 +46,8 @@ "event.module": "gcp", "event.outcome": "failure", "fileset.name": "audit", - "gcp.audit.authentication_info.principal_email": "xxx@xxx.xxx", - "gcp.audit.authorization_info": [ + "googlecloud.audit.authentication_info.principal_email": "xxx@xxx.xxx", + "googlecloud.audit.authorization_info": [ { "granted": false, "permission": "compute.machineTypes.list", @@ -58,17 +58,17 @@ } } ], - "gcp.audit.method_name": "beta.compute.machineTypes.aggregatedList", - "gcp.audit.num_response_items": 71, - "gcp.audit.request.proto_name": "type.googleapis.com/compute.machineTypes.aggregatedList", - "gcp.audit.request_metadata.caller_ip": "192.168.1.1", - "gcp.audit.request_metadata.caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", - "gcp.audit.resource_location.current_locations": [ + "googlecloud.audit.method_name": "beta.compute.machineTypes.aggregatedList", + "googlecloud.audit.num_response_items": 71, + "googlecloud.audit.request.proto_name": "type.googleapis.com/compute.machineTypes.aggregatedList", + "googlecloud.audit.request_metadata.caller_ip": "192.168.1.1", + "googlecloud.audit.request_metadata.caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", + "googlecloud.audit.resource_location.current_locations": [ "global" ], - "gcp.audit.resource_name": "projects/elastic-beats/global/machineTypes", - "gcp.audit.service_name": "compute.googleapis.com", - "gcp.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", + "googlecloud.audit.resource_name": "projects/elastic-beats/global/machineTypes", + "googlecloud.audit.service_name": "compute.googleapis.com", + "googlecloud.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", "input.type": "log", "log.logger": "projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access", "log.offset": 945, @@ -97,8 +97,8 @@ "event.module": "gcp", "event.outcome": "success", "fileset.name": "audit", - "gcp.audit.authentication_info.principal_email": "xxx@xxx.xxx", - "gcp.audit.authorization_info": [ + "googlecloud.audit.authentication_info.principal_email": "xxx@xxx.xxx", + "googlecloud.audit.authorization_info": [ { "granted": true, "permission": "compute.instances.list", @@ -109,23 +109,23 @@ } } ], - "gcp.audit.method_name": "beta.compute.instances.aggregatedList", - "gcp.audit.num_response_items": 61, - "gcp.audit.request.proto_name": "type.googleapis.com/compute.instances.aggregatedList", - "gcp.audit.request_metadata.caller_ip": "192.168.1.1", - "gcp.audit.request_metadata.caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", - "gcp.audit.resource_location.current_locations": [ + "googlecloud.audit.method_name": "beta.compute.instances.aggregatedList", + "googlecloud.audit.num_response_items": 61, + "googlecloud.audit.request.proto_name": "type.googleapis.com/compute.instances.aggregatedList", + "googlecloud.audit.request_metadata.caller_ip": "192.168.1.1", + "googlecloud.audit.request_metadata.caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", + "googlecloud.audit.resource_location.current_locations": [ "global" ], - "gcp.audit.resource_name": "projects/elastic-beats/global/instances", - "gcp.audit.response.details.group": "batch", - "gcp.audit.response.details.kind": "jobs", - "gcp.audit.response.details.name": "gsuite-exporter-1589294700", - "gcp.audit.response.details.uid": "2beff34a-945f-11ea-bacf-42010a80007f", - "gcp.audit.response.proto_name": "core.k8s.io/v1.Status", - "gcp.audit.response.status": "Success", - "gcp.audit.service_name": "compute.googleapis.com", - "gcp.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", + "googlecloud.audit.resource_name": "projects/elastic-beats/global/instances", + "googlecloud.audit.response.details.group": "batch", + "googlecloud.audit.response.details.kind": "jobs", + "googlecloud.audit.response.details.name": "gsuite-exporter-1589294700", + "googlecloud.audit.response.details.uid": "2beff34a-945f-11ea-bacf-42010a80007f", + "googlecloud.audit.response.proto_name": "core.k8s.io/v1.Status", + "googlecloud.audit.response.status": "Success", + "googlecloud.audit.service_name": "compute.googleapis.com", + "googlecloud.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", "input.type": "log", "log.logger": "projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access", "log.offset": 2252, @@ -154,8 +154,8 @@ "event.module": "gcp", "event.outcome": "failure", "fileset.name": "audit", - "gcp.audit.authentication_info.principal_email": "xxx@xxx.xxx", - "gcp.audit.authorization_info": [ + "googlecloud.audit.authentication_info.principal_email": "xxx@xxx.xxx", + "googlecloud.audit.authorization_info": [ { "permission": "compute.instances.list", "resource_attributes": { @@ -165,19 +165,19 @@ } } ], - "gcp.audit.method_name": "beta.compute.instances.aggregatedList", - "gcp.audit.num_response_items": 61, - "gcp.audit.request.proto_name": "type.googleapis.com/compute.instances.aggregatedList", - "gcp.audit.request_metadata.caller_ip": "192.168.1.1", - "gcp.audit.request_metadata.caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", - "gcp.audit.resource_location.current_locations": [ + "googlecloud.audit.method_name": "beta.compute.instances.aggregatedList", + "googlecloud.audit.num_response_items": 61, + "googlecloud.audit.request.proto_name": "type.googleapis.com/compute.instances.aggregatedList", + "googlecloud.audit.request_metadata.caller_ip": "192.168.1.1", + "googlecloud.audit.request_metadata.caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", + "googlecloud.audit.resource_location.current_locations": [ "global" ], - "gcp.audit.resource_name": "projects/elastic-beats/global/instances", - "gcp.audit.service_name": "compute.googleapis.com", - "gcp.audit.status.code": 7, - "gcp.audit.status.message": "PERMISSION_DENIED", - "gcp.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", + "googlecloud.audit.resource_name": "projects/elastic-beats/global/instances", + "googlecloud.audit.service_name": "compute.googleapis.com", + "googlecloud.audit.status.code": 7, + "googlecloud.audit.status.message": "PERMISSION_DENIED", + "googlecloud.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", "input.type": "log", "log.logger": "projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access", "log.offset": 3776, @@ -206,24 +206,24 @@ "event.module": "gcp", "event.outcome": "success", "fileset.name": "audit", - "gcp.audit.authentication_info.principal_email": "system:serviceaccount:cert-manager:cert-manager-webhook", - "gcp.audit.authorization_info": [ + "googlecloud.audit.authentication_info.principal_email": "system:serviceaccount:cert-manager:cert-manager-webhook", + "googlecloud.audit.authorization_info": [ { "granted": true, "permission": "io.k8s.authorization.v1beta1.subjectaccessreviews.create", "resource": "authorization.k8s.io/v1beta1/subjectaccessreviews" } ], - "gcp.audit.method_name": "io.k8s.authorization.v1beta1.subjectaccessreviews.create", - "gcp.audit.request.proto_name": "authorization.k8s.io/v1beta1.SubjectAccessReview", - "gcp.audit.request_metadata.caller_ip": "10.11.12.13", - "gcp.audit.request_metadata.caller_supplied_user_agent": "webhook/v0.0.0 (linux/amd64) kubernetes/$Format", - "gcp.audit.resource_name": "authorization.k8s.io/v1beta1/subjectaccessreviews", - "gcp.audit.response.proto_name": "authorization.k8s.io/v1beta1.SubjectAccessReview", - "gcp.audit.response.status": "map[allowed:true reason:RBAC: allowed by ClusterRoleBinding \"system:discovery\" of ClusterRole \"system:discovery\" to Group \"system:authenticated\"]", - "gcp.audit.service_name": "k8s.io", - "gcp.audit.status.code": 0, - "gcp.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", + "googlecloud.audit.method_name": "io.k8s.authorization.v1beta1.subjectaccessreviews.create", + "googlecloud.audit.request.proto_name": "authorization.k8s.io/v1beta1.SubjectAccessReview", + "googlecloud.audit.request_metadata.caller_ip": "10.11.12.13", + "googlecloud.audit.request_metadata.caller_supplied_user_agent": "webhook/v0.0.0 (linux/amd64) kubernetes/$Format", + "googlecloud.audit.resource_name": "authorization.k8s.io/v1beta1/subjectaccessreviews", + "googlecloud.audit.response.proto_name": "authorization.k8s.io/v1beta1.SubjectAccessReview", + "googlecloud.audit.response.status": "map[allowed:true reason:RBAC: allowed by ClusterRoleBinding \"system:discovery\" of ClusterRole \"system:discovery\" to Group \"system:authenticated\"]", + "googlecloud.audit.service_name": "k8s.io", + "googlecloud.audit.status.code": 0, + "googlecloud.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", "input.type": "log", "log.logger": "projects/foo/logs/cloudaudit.googleapis.com%2Fdata_access", "log.offset": 5100, @@ -249,8 +249,8 @@ "event.module": "gcp", "event.outcome": "success", "fileset.name": "audit", - "gcp.audit.authentication_info.principal_email": "user@mycompany.com", - "gcp.audit.authorization_info": [ + "googlecloud.audit.authentication_info.principal_email": "user@mycompany.com", + "googlecloud.audit.authorization_info": [ { "granted": true, "permission": "compute.images.create", @@ -261,19 +261,19 @@ } } ], - "gcp.audit.method_name": "v1.compute.images.insert", - "gcp.audit.request.name": "windows-server-2016-v20200805", - "gcp.audit.request.proto_name": "type.googleapis.com/compute.images.insert", - "gcp.audit.request_metadata.caller_ip": "1.2.3.4", - "gcp.audit.request_metadata.caller_supplied_user_agent": "google-cloud-sdk gcloud/290.0.1 command/gcloud.compute.images.create invocation-id/032752ad0fa44b4ea951951d2deef6a3 environment/None environment-version/None interactive/True from-script/False python/2.7.17 term/xterm-256color (Macintosh; Intel Mac OS X 19.6.0),gzip(gfe)", - "gcp.audit.resource_location.current_locations": [ + "googlecloud.audit.method_name": "v1.compute.images.insert", + "googlecloud.audit.request.name": "windows-server-2016-v20200805", + "googlecloud.audit.request.proto_name": "type.googleapis.com/compute.images.insert", + "googlecloud.audit.request_metadata.caller_ip": "1.2.3.4", + "googlecloud.audit.request_metadata.caller_supplied_user_agent": "google-cloud-sdk gcloud/290.0.1 command/gcloud.compute.images.create invocation-id/032752ad0fa44b4ea951951d2deef6a3 environment/None environment-version/None interactive/True from-script/False python/2.7.17 term/xterm-256color (Macintosh; Intel Mac OS X 19.6.0),gzip(gfe)", + "googlecloud.audit.resource_location.current_locations": [ "eu" ], - "gcp.audit.resource_name": "projects/foo/global/images/windows-server-2016-v20200805", - "gcp.audit.response.proto_name": "type.googleapis.com/operation", - "gcp.audit.response.status": "RUNNING", - "gcp.audit.service_name": "compute.googleapis.com", - "gcp.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", + "googlecloud.audit.resource_name": "projects/foo/global/images/windows-server-2016-v20200805", + "googlecloud.audit.response.proto_name": "type.googleapis.com/operation", + "googlecloud.audit.response.status": "RUNNING", + "googlecloud.audit.service_name": "compute.googleapis.com", + "googlecloud.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", "input.type": "log", "log.logger": "projects/foo/logs/cloudaudit.googleapis.com%2Factivity", "log.offset": 7530, @@ -310,14 +310,14 @@ "event.module": "gcp", "event.outcome": "unknown", "fileset.name": "audit", - "gcp.audit.authentication_info.principal_email": "user@mycompany.com", - "gcp.audit.method_name": "beta.compute.instances.stop", - "gcp.audit.request.proto_name": "type.googleapis.com/compute.instances.stop", - "gcp.audit.request_metadata.caller_ip": "2.3.4.5", - "gcp.audit.request_metadata.caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0,gzip(gfe),gzip(gfe)", - "gcp.audit.resource_name": "projects/foo/zones/us-central1-a/instances/win10-test", - "gcp.audit.service_name": "compute.googleapis.com", - "gcp.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", + "googlecloud.audit.authentication_info.principal_email": "user@mycompany.com", + "googlecloud.audit.method_name": "beta.compute.instances.stop", + "googlecloud.audit.request.proto_name": "type.googleapis.com/compute.instances.stop", + "googlecloud.audit.request_metadata.caller_ip": "2.3.4.5", + "googlecloud.audit.request_metadata.caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0,gzip(gfe),gzip(gfe)", + "googlecloud.audit.resource_name": "projects/foo/zones/us-central1-a/instances/win10-test", + "googlecloud.audit.service_name": "compute.googleapis.com", + "googlecloud.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", "input.type": "log", "log.logger": "projects/foo/logs/cloudaudit.googleapis.com%2Factivity", "log.offset": 9946, diff --git a/x-pack/filebeat/module/gcp/fields.go b/x-pack/filebeat/module/gcp/fields.go index 7395b207f5e9..0e5675483bb9 100644 --- a/x-pack/filebeat/module/gcp/fields.go +++ b/x-pack/filebeat/module/gcp/fields.go @@ -19,5 +19,5 @@ func init() { // AssetGcp returns asset data. // This is the base64 encoded gzipped contents of module/gcp. func AssetGcp() string { - return "eJzsWk1v5LgRvftX1G12AY8Wuc4hgNEeb4ysA6/dcYBcGmyyWmJMkQpJdafn1wckRbU++0vyJgOMb1ZLrx6rilWPJX2Gd9x/gZQWNwCWW4Ff4FelUoGwEKpk8CyI3Sidw0+/Lp5/vgFgaKjmheVKfoE/3wAAPClWCoSN0pARyQSXKQiVGtholbfgkhuADUfBzBf/5GeQJMcvkPp7qLvFXwew+8Jd16osqisDht3fneDEoPHW14S+74hmQFVeEMvXXHC7hx23GSjBmmYqGhVMk1OTF0NjuSTOZsKlsURSTAqt/oXUrjir7498iSPTuFoQm3nvJucj5TzVJKzS6hLP46Qx5UpO5dNDuYrLNyVxKpMOxiU8tgWdHqJRkEuZbAu6cr9M4DEAcSkLU64l2p3S71PJjCOd4mRUqSlO3EZngVzK5OLNcxLgUgYXbpkTj59p/eqNcur5C+xfsT2OP32B7es3xVkgQ0zqfkeLS/vcg29R/ZbqO21yRR/rrbdJ4ggR9/e4AZthExZUuESVlEj9lR0xQODtCYSixCIDJf0thuQIb8+L2xakzbgJ/IEbKFRRCv+Qb95vTxBpA0NLuDAJPEog8JoRjczBtdCokhueliEAt3BIU6BKazSFksyAVZ5Q9SvYjFhQO2nc1RZcNH4LpSmJEPuwENRbTuvnk8Yj3UA0gzG4Zw5heMf9Tunub0eC4QNyHwMQF0OVtIRLp8Xc5ben5GaQTa92TWTy4vEim1GznZI10eg/lcRBkyMN8bvK/ecFVCVm9tx3+R64Z8rY7zuRB5rBRC7O8y6WGadZZdvFRxXofCvTESLjLWEin9ca+FxaI3pjhvQPiNdkvs/2FuSPqv+j6n9I1T/otO8l43/U+h+13v+dXeu7jEjJuJ2S7vGgoXT7nOGBW6cNGMyZSMQZvjnPG0d9sdwXPkEK1HafDBgipc1QWk79JlhxuVEDdrseOGH1rgUKDlTnQT9CfyuPbhouKS+IWGFOuJgvO5YZgocEwphGY+JGavgCGZQGNeTkPe4njf8u0djOCpp+VJrb/cqgQGqVnpdwjQ8RH0yBlG84MljvmwyVvgW+ASL3CTxal/FSWUhLoom0iAx6Bnx9C6Wk8nmoy0KoHTJXAUuDQWjXPFp+6Hjh29FkIlqT/WXJVGM2c8nvMse62tBKJucnF+qcGzNrG19WIeCu1zzePTWMjCRN6iMy3BTWSgkkXXonKPwjQ5uhBqV9zFvh8O7SWHViIlmDnw93xWaEa3xyRazVfF1aNIO8+6XivPyuUeNujAaTzv1DYW30lCAw+yl+JK4nCQaKzkAkV5npcossBtrZ7BTG/DPaQmbi4CCOcYj2c7SZYv3Ofm0nG45AZcZl/KEMwIPScPf8CJQIYYKE7FY9k6lSMFijR2siuwcDatJ9yOHif0heCLyFT+GNWMKIJa7qYrL9U3Jf//NSyt9L1PtPQ86RZb4KCtPgilvMzYCPhJLphQ4q87Xb/hvwmKDRlloiC5NPAr9xY52rPLHGQkPDKArBKVmLwXBWzWW6OFg2K3bdVS+QBcqqmfViSyUdcnuAWWSx4cLijC3+weOdZXrepf+tVVGOKZy6AXw4gUNZGdIY1U2rHC1xW296Rj5VSEDWqrTjETiWlq7SoF7xbusLhHqXz+iIj89dfRpsjISnImBKt4uRrZx8XZEUpZ1X4XhZ7HG7tJauyjb1WaU827LaCY8ecKMYawy3Uao04zIVg8eWWDvnL0cB9/+yHg1RO8zo/cBjTklWQR63f0qPDdmeXQp5I2M66J3LvokZCDjcrm/qudP/VheexaXsTaNmoVLyM71SK3ZLbDmcuNdsnlcP10va4U4y1tEmaNT6hKU0UCVENef0R2zux+RgiU6xLp8N2Tomed25GwzNMMfPwjWEv7883vrayiUVJYsjCifooi52D57QryZDsUXzy+tfvv72sHq8/2Wt1LsZ1Ku1q/yYtntsvrrwRrTjZ5qjfbfUGqWtec2XSLAI0DXJoyfTzvnzw449zRAXqF2zjdEfT6RW2A/HlXB+IQU3CVX54Gr6e/PqWJvWxlRb1ESIUdJHY67YcLPl0mLak+VntLqKmwO+rebFB0lCJKAsc9gSUfo4VOc+XdBkoVh3lx3Ov8aQdEZVcAcMtyicxz5vCHVhR62Vjpb6zLmErzIV3GQJ3Mm9127x0R58C6sB4tJf8G+VdDNuR/Dwjqbhh1B1kygZeuA+nLeuJh7gqqklFRxl89BxOGNp3BHRnPzONo9/qLAvGMnrUuBqSGZdtSPuDz/GLRHX6y2FhpETSzNkYYBxeGt2ujy2xuh+XjvS63szhh7zZZgLh+FzHLm2uI4pDEJ7nQIuExl3jebpK6/zTFX2DCgZHDRmn3GNkyncRxAfJk02G06bwTEhOMf8oHGDGuW0qeRLBImv4M8KQdW1NZG9SnSR9TA42sT3uB7PHOLSTl0/SHI/q9HIHL7/mY9b86OiUYKnuVUus6S/LybK40jU8Wi8FLckneDKICb/CLqVbJ1GlxerQmnbfzcER94PXUSXF+FMTpUwvmUd5prgTMfc8K9DSoGjB6QqEaKiI5SqsjdN+aikiBqvsjo9Qf7gZVTJMmUZje8VNkLtPkIGvD0vwGFfIgPQJVFHZE4Q94YzrIRbBc2Cf4TaJbAg0mkw5P613qfXl8UnJ6I+3X99XTYOakM8rU1meKvwG7Eo6R6IgRyJKTUy+Mn5cbl49hxdGxb7n4GVOh5ELHdnVmlRb4mIc8HewSzeiIIUxslBtDtE6RSmP9ASeP36u9/AGinybbh2+DLH/X+3+GsH1t3P629hwnk7fgvysly6dezQ9YHwU1Ubqtlf+JiIoSD75Oa/AQAA//9tnOpX" + return "eJzsWktv48gRvvtX1M27gIeLXH0IYMjjjZFx4LWVCZCL0GqWyI6b3Uw/pGh+fdAvik9ZtuhJBhidbD6++lhVXfV1kZ/gBffXUND6AsAww/Eafpey4AgLLm0Oj5yYjVQV/PL74vHXC4AcNVWsNkyKa/jzBQDAg8wtR9hIBSUROWeiAC4LDRslqw5cdgGwYchzfe3v/ASCVHgNhb+Gukv8cQCzr91xJW0dj4wYdr87Dzc05Rlk8bK2zbbdHLVhgjjMjAltiKDYXDRG4ggR97vfgCmxDQsyHKJSCKT+yI5oIPD1AbikxGAOUvhLNKkQvj4urjqQpmQ68AemoZa15f6mHTOlA0m0IUdDGNcZ3Asg8FwShbmD66BRKTassMpzu4JayX8hNSuWA5VKoa6lyDUY6QnFs2BKYkDuhHZHO3DJ+BVYbQnn+/AgqLaMNvdnrVv6gWgH40CmczqF4QX3O6n6544EwwfkNgUgPQyVwhAmXI66w18fsotRNgoLJsV8TJ48XmIzafabFDif0X9KgaMmxxbAtqY/VO4/LkCg2Un1Mnvuu3wP3EupzY+dyNuartxf83FxnnexLBkto20XH1mj860oJohou47xmpnPcwN8Kq2GkrSK4pylPyC+J/N9tncgf1b9n1X/Q6p+TPt5Cv53yfiftf5nrfe/k2t9nxGxOTPnpHvaaEjV3Wd44M5uA0ZzJhFxhi9O88ZRXyz3tU+QGpXZZyOGiDUlCsOoXwQrJjZyxG7fA69YvemAggNVVdCPMFzKk4uGCcpqwldYEcbny45lieAhgeS5Qq3TQmr5AnOwGhVU5CWtJ4X/tqhN7wnafpSKmf1KI0dqpJqXcIMPCR90jZRtGOaw3rcZSnUFbANE7DO4Ny7jhTRQWKKIMIg5DAz4+hZKSfR5qMucyx3mrgJajUFoNzw6fuh54dvRZCJKkf3bkqnBbOeSX2WOdVzQUmSnJxeqimk9axtfxhAw12vubx5aRiaSpvARGW8Kayk5kj69Vyj8o0RTogKpfMw74fDuUhg7MRF5i58Pd2QzwTXduSLGKLa2BvUo72GpOC2/G9S0GpPBrHf9WFhbPSUIzGGKH4nrqwQDRWcgkYtm+twSi5F2NjuFKf9MtpCZODiIYxyS/QpNKfNhZ39vJxuPQDTjMv5QBuBOKrh5vAdKONdBQvarni6l5Tms0aO1kd2NATXr3+Rw8T+kqjlewWUYSGY5McRVXcy2f8pum3+erPjDotpfjjlH2GoVFKbGFTNY6REfcSmKNzrIVmu3/DfgMUGhsUpgHiafBL4wbZyrPLHWg4aGUdecUbLmo+GMzeV8cbBsV+ymq75BFkgjZ9aLHZV0yO0RZonFhnGDM7b4O493kul5H/1vnYpyTOE0DeDDCRzKypjGiBetKjTELb3zM/IhIgFZS2umI3AsLV2lQbVi/dYXCA0On9AR7x/7+jTYmAhPJKCtW8WYr5x8XZEChZlX4XhZ7HH7tJauyrb1WVSeXVnthMcAuFWMFYbLKJUqZ6Lgo9uWVDvnL0cB9/+yHo1RO8zo/cBjTkkWIY/bf02PjdmeXQp5I1M66IWJoYkZCDjcvm+audP/VheexMUOplGzULHsRK80it0QY8cT9z2L59nDDZJ2vJNMdbQzNGqzw5IKqOQ8zjn9Fpv5MTkYogpsymdLtk5JXrfvBk1LrPATdw3h70/3V762MkG5zdOIwgm6pIvdja/oV10i36L+7fkvn7/cre5vf1tL+aJH9WrjKj+m7W+b3114E9rxPc3RvmuVQmEaXvMlEiwCdEPy6M60t//8sG1PO8Q1KtdsU/SnE6kT9sN2JexfSM10RmU1+jTDtfnuWOvOwpRbVITzSdJHYy7z8WbLhMFiIMtPaHWRmwO+ivPigyQhAlDYCraEWx+HuO9TNc0WMu+vssP+V2tSzKgKbiDHLXLnsU8bQl3YUSmpkqUhcybgsyg402UGN2LvtVu6dQDfwWqBuPTn7FuUbtqtCBbe0bT8EKpuliTDANyH88rVxANcnFpSzlC0Nx2HPZbCHeHtye9s8/i7iP2GkbyyHFdjMutdK+L2cDItifS83lJoGBUxtMQ8DDAOb81eL4+dMbqf1070+sGMYcB8GebCYficRq4drlMKg9BBp4C3iYybVvP0ldd5JpY9DVIEB03Zz5nCsyncJhAfJkU2G0bbwdEhOMf8oHCDCsV5U8mnBJJewZ8Ugti1FRGDSvQm62FwtEnvcT2ePsSlm7p+kOROy8nIHL7/mY9b+6OiSYKvc4suM2S4Ls6Ux4mo49F6KW5IcYYrg5j8HnSjbD2PLqtXtVRm+G4IjrwfehNdVoc9OZVc+5Z1mGuCM51yw78OsRwnN0gxEZKiI5RKO5imfFRSJI0XrZ6fIN/5MWKynPMYre8VNlzuPkIGfH1cgMN+iwxAl0Q9kXmGuNcsxyjcInQe/MPlLoMFEU6DIfOv9S6fnxaXTkRd3n5+XrY2amM8jclmeKvwhRgUdA9EQ4VEW4U5/OL8uFw8eo6uDfP9r5BblTYihrk9qzCotoSnueBgY5YuRE5q7eQgmh2icArTb2gJPH/+wy9ghRTZNhw7fJnj/r9Z/LUH665nzbcwYb+dvgV5Wi7dc+zQ9YFwKtaGOPsLHxPlyMk+u/hvAAAA///1JdgD" } diff --git a/x-pack/filebeat/module/gcp/firewall/config/pipeline.js b/x-pack/filebeat/module/gcp/firewall/config/pipeline.js index 7a5ba750376f..f9f899197030 100644 --- a/x-pack/filebeat/module/gcp/firewall/config/pipeline.js +++ b/x-pack/filebeat/module/gcp/firewall/config/pipeline.js @@ -189,7 +189,7 @@ function FirewallProcessor(keep_original_message, debug) { fail_on_error: false })); - // Set network.transport from iana_number. GCP Firewall only supports + // Set network.transport from iana_number. googlecloud Firewall only supports // logging of tcp and udp connections, added icmp just in case as it's the // other protocol supported by firewall rules. builder.Add("transportFromIANA", makeMapper({ @@ -224,12 +224,12 @@ function FirewallProcessor(keep_original_message, debug) { {from: "json.src_location.region", to: "source.geo.region_name"}, {from: "json.src_location.city", to: "source.geo.city_name"}, - {from: "json.dest_instance", to: "gcp.destination.instance"}, - {from: "json.dest_vpc", to: "gcp.destination.vpc"}, - {from: "json.src_instance", to: "gcp.source.instance"}, - {from: "json.src_vpc", to: "gcp.source.vpc"}, + {from: "json.dest_instance", to: "googlecloud.destination.instance"}, + {from: "json.dest_vpc", to: "googlecloud.destination.vpc"}, + {from: "json.src_instance", to: "googlecloud.source.instance"}, + {from: "json.src_vpc", to: "googlecloud.source.vpc"}, {from: "json.rule_details.reference", to: "rule.name"}, - {from: "json", to: "gcp.firewall"}, + {from: "json", to: "googlecloud.firewall"}, ], mode: "rename", ignore_missing: true, @@ -238,10 +238,10 @@ function FirewallProcessor(keep_original_message, debug) { // Delete emtpy object's whose fields have been renamed leaving them childless. builder.Add("dropEmptyObjects", function (evt) { - evt.Delete("gcp.firewall.connection"); - evt.Delete("gcp.firewall.dest_location"); - evt.Delete("gcp.firewall.disposition"); - evt.Delete("gcp.firewall.src_location"); + evt.Delete("googlecloud.firewall.connection"); + evt.Delete("googlecloud.firewall.dest_location"); + evt.Delete("googlecloud.firewall.disposition"); + evt.Delete("googlecloud.firewall.src_location"); }); // Copy the source/destination.address to source/destination.ip if they are @@ -260,22 +260,22 @@ function FirewallProcessor(keep_original_message, debug) { }, EGRESS: new processor.Convert({ fields: [ - {from: "gcp.source.instance.project_id", to: "cloud.project.id"}, - {from: "gcp.source.instance.vm_name", to: "cloud.instance.name"}, - {from: "gcp.source.instance.region", to: "cloud.region"}, - {from: "gcp.source.instance.zone", to: "cloud.availability_zone"}, - {from: "gcp.source.vpc.subnetwork_name", to: "network.name"} + {from: "googlecloud.source.instance.project_id", to: "cloud.project.id"}, + {from: "googlecloud.source.instance.vm_name", to: "cloud.instance.name"}, + {from: "googlecloud.source.instance.region", to: "cloud.region"}, + {from: "googlecloud.source.instance.zone", to: "cloud.availability_zone"}, + {from: "googlecloud.source.vpc.subnetwork_name", to: "network.name"} ], ignore_missing: true }), INGRESS: new processor.Convert({ fields: [ - {from: "gcp.destination.instance.project_id", to: "cloud.project.id"}, - {from: "gcp.destination.instance.vm_name", to: "cloud.instance.name"}, - {from: "gcp.destination.instance.region", to: "cloud.region"}, - {from: "gcp.destination.instance.zone", to: "cloud.availability_zone"}, - {from: "gcp.destination.vpc.subnetwork_name", to: "network.name"}, + {from: "googlecloud.destination.instance.project_id", to: "cloud.project.id"}, + {from: "googlecloud.destination.instance.vm_name", to: "cloud.instance.name"}, + {from: "googlecloud.destination.instance.region", to: "cloud.region"}, + {from: "googlecloud.destination.instance.zone", to: "cloud.availability_zone"}, + {from: "googlecloud.destination.vpc.subnetwork_name", to: "network.name"}, ], ignore_missing: true }) @@ -288,8 +288,8 @@ function FirewallProcessor(keep_original_message, debug) { })); builder.Add("setInternalDirection", function(event) { - var srcInstance = event.Get("gcp.source.instance"); - var destInstance = event.Get("gcp.destination.instance"); + var srcInstance = event.Get("googlecloud.source.instance"); + var destInstance = event.Get("googlecloud.destination.instance"); if (srcInstance && destInstance) { event.Put("network.direction", "internal"); } diff --git a/x-pack/filebeat/module/gcp/firewall/test/rare.log-expected.json b/x-pack/filebeat/module/gcp/firewall/test/rare.log-expected.json index 28a67d649f95..1d799e8edbcf 100644 --- a/x-pack/filebeat/module/gcp/firewall/test/rare.log-expected.json +++ b/x-pack/filebeat/module/gcp/firewall/test/rare.log-expected.json @@ -16,15 +16,15 @@ "denied" ], "fileset.name": "firewall", - "gcp.destination.instance.project_id": "local-test", - "gcp.destination.instance.region": "us-central1", - "gcp.destination.instance.zone": "us-central1-a", - "gcp.destination.vpc.project_id": "test-beats", - "gcp.destination.vpc.subnetwork_name": "mysubnet", - "gcp.destination.vpc.vpc_name": "default", - "gcp.firewall.rule_details.action": "DENY", - "gcp.firewall.rule_details.direction": "INGRESS", - "gcp.firewall.rule_details.ip_port_info": [ + "googlecloud.destination.instance.project_id": "local-test", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "mysubnet", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -33,19 +33,19 @@ ] } ], - "gcp.firewall.rule_details.priority": 1000, - "gcp.firewall.rule_details.source_range": [ + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "gcp.firewall.rule_details.target_tag": [ + "googlecloud.firewall.rule_details.target_tag": [ "adrian-test" ], - "gcp.source.instance.project_id": "remote-beats", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "remote-beats", - "gcp.source.vpc.subnetwork_name": "mysubnet", - "gcp.source.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "remote-beats", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "remote-beats", + "googlecloud.source.vpc.subnetwork_name": "mysubnet", + "googlecloud.source.vpc.vpc_name": "default", "input.type": "log", "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", "log.offset": 0, @@ -83,15 +83,15 @@ "denied" ], "fileset.name": "firewall", - "gcp.destination.instance.project_id": "remote-beats", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "remote-beats", - "gcp.destination.vpc.subnetwork_name": "mysubnet", - "gcp.destination.vpc.vpc_name": "default", - "gcp.firewall.rule_details.action": "DENY", - "gcp.firewall.rule_details.direction": "EGRESS", - "gcp.firewall.rule_details.ip_port_info": [ + "googlecloud.destination.instance.project_id": "remote-beats", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "remote-beats", + "googlecloud.destination.vpc.subnetwork_name": "mysubnet", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "EGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -100,19 +100,19 @@ ] } ], - "gcp.firewall.rule_details.priority": 1000, - "gcp.firewall.rule_details.source_range": [ + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "gcp.firewall.rule_details.target_tag": [ + "googlecloud.firewall.rule_details.target_tag": [ "adrian-test" ], - "gcp.source.instance.project_id": "local-test", - "gcp.source.instance.region": "us-central1", - "gcp.source.instance.zone": "us-central1-a", - "gcp.source.vpc.project_id": "test-beats", - "gcp.source.vpc.subnetwork_name": "mysubnet", - "gcp.source.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "local-test", + "googlecloud.source.instance.region": "us-central1", + "googlecloud.source.instance.zone": "us-central1-a", + "googlecloud.source.vpc.project_id": "test-beats", + "googlecloud.source.vpc.subnetwork_name": "mysubnet", + "googlecloud.source.vpc.vpc_name": "default", "input.type": "log", "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", "log.offset": 1153, diff --git a/x-pack/filebeat/module/gcp/firewall/test/test.log-expected.json b/x-pack/filebeat/module/gcp/firewall/test/test.log-expected.json index eeba0d7268c3..908b2436bd9a 100644 --- a/x-pack/filebeat/module/gcp/firewall/test/test.log-expected.json +++ b/x-pack/filebeat/module/gcp/firewall/test/test.log-expected.json @@ -22,26 +22,26 @@ "denied" ], "fileset.name": "firewall", - "gcp.firewall.rule_details.action": "DENY", - "gcp.firewall.rule_details.destination_range": [ + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.destination_range": [ "8.8.8.0/24" ], - "gcp.firewall.rule_details.direction": "EGRESS", - "gcp.firewall.rule_details.ip_port_info": [ + "googlecloud.firewall.rule_details.direction": "EGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ { "ip_protocol": "ALL" } ], - "gcp.firewall.rule_details.priority": 1000, - "gcp.firewall.rule_details.target_tag": [ + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.target_tag": [ "adrian-test" ], - "gcp.source.instance.project_id": "test-beats", - "gcp.source.instance.region": "us-central1", - "gcp.source.instance.zone": "us-central1-a", - "gcp.source.vpc.project_id": "test-beats", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "test-beats", + "googlecloud.source.instance.region": "us-central1", + "googlecloud.source.instance.zone": "us-central1-a", + "googlecloud.source.vpc.project_id": "test-beats", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "input.type": "log", "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", "log.offset": 0, @@ -82,15 +82,15 @@ "allowed" ], "fileset.name": "firewall", - "gcp.destination.instance.project_id": "test-beats", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "test-beats", - "gcp.destination.vpc.subnetwork_name": "windows-isolated", - "gcp.destination.vpc.vpc_name": "windows-isolated", - "gcp.firewall.rule_details.action": "ALLOW", - "gcp.firewall.rule_details.direction": "INGRESS", - "gcp.firewall.rule_details.ip_port_info": [ + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "windows-isolated", + "googlecloud.destination.vpc.vpc_name": "windows-isolated", + "googlecloud.firewall.rule_details.action": "ALLOW", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -98,11 +98,11 @@ ] } ], - "gcp.firewall.rule_details.priority": 1000, - "gcp.firewall.rule_details.source_range": [ + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "gcp.firewall.rule_details.target_tag": [ + "googlecloud.firewall.rule_details.target_tag": [ "allow-rdp" ], "input.type": "log", @@ -146,15 +146,15 @@ "denied" ], "fileset.name": "firewall", - "gcp.destination.instance.project_id": "test-beats", - "gcp.destination.instance.region": "us-central1", - "gcp.destination.instance.zone": "us-central1-a", - "gcp.destination.vpc.project_id": "test-beats", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.firewall.rule_details.action": "DENY", - "gcp.firewall.rule_details.direction": "INGRESS", - "gcp.firewall.rule_details.ip_port_info": [ + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -163,11 +163,11 @@ ] } ], - "gcp.firewall.rule_details.priority": 1000, - "gcp.firewall.rule_details.source_range": [ + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "gcp.firewall.rule_details.target_tag": [ + "googlecloud.firewall.rule_details.target_tag": [ "adrian-test" ], "input.type": "log", @@ -213,15 +213,15 @@ "denied" ], "fileset.name": "firewall", - "gcp.destination.instance.project_id": "test-beats", - "gcp.destination.instance.region": "us-central1", - "gcp.destination.instance.zone": "us-central1-a", - "gcp.destination.vpc.project_id": "test-beats", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.firewall.rule_details.action": "DENY", - "gcp.firewall.rule_details.direction": "INGRESS", - "gcp.firewall.rule_details.ip_port_info": [ + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -230,11 +230,11 @@ ] } ], - "gcp.firewall.rule_details.priority": 1000, - "gcp.firewall.rule_details.source_range": [ + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "gcp.firewall.rule_details.target_tag": [ + "googlecloud.firewall.rule_details.target_tag": [ "adrian-test" ], "input.type": "log", @@ -278,15 +278,15 @@ "denied" ], "fileset.name": "firewall", - "gcp.destination.instance.project_id": "test-beats", - "gcp.destination.instance.region": "us-central1", - "gcp.destination.instance.zone": "us-central1-a", - "gcp.destination.vpc.project_id": "test-beats", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.firewall.rule_details.action": "DENY", - "gcp.firewall.rule_details.direction": "INGRESS", - "gcp.firewall.rule_details.ip_port_info": [ + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -295,11 +295,11 @@ ] } ], - "gcp.firewall.rule_details.priority": 1000, - "gcp.firewall.rule_details.source_range": [ + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "gcp.firewall.rule_details.target_tag": [ + "googlecloud.firewall.rule_details.target_tag": [ "adrian-test" ], "input.type": "log", @@ -343,15 +343,15 @@ "denied" ], "fileset.name": "firewall", - "gcp.destination.instance.project_id": "test-beats", - "gcp.destination.instance.region": "us-central1", - "gcp.destination.instance.zone": "us-central1-a", - "gcp.destination.vpc.project_id": "test-beats", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.firewall.rule_details.action": "DENY", - "gcp.firewall.rule_details.direction": "INGRESS", - "gcp.firewall.rule_details.ip_port_info": [ + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -360,11 +360,11 @@ ] } ], - "gcp.firewall.rule_details.priority": 1000, - "gcp.firewall.rule_details.source_range": [ + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "gcp.firewall.rule_details.target_tag": [ + "googlecloud.firewall.rule_details.target_tag": [ "adrian-test" ], "input.type": "log", @@ -410,15 +410,15 @@ "denied" ], "fileset.name": "firewall", - "gcp.destination.instance.project_id": "test-beats", - "gcp.destination.instance.region": "us-central1", - "gcp.destination.instance.zone": "us-central1-a", - "gcp.destination.vpc.project_id": "test-beats", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.firewall.rule_details.action": "DENY", - "gcp.firewall.rule_details.direction": "INGRESS", - "gcp.firewall.rule_details.ip_port_info": [ + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -427,11 +427,11 @@ ] } ], - "gcp.firewall.rule_details.priority": 1000, - "gcp.firewall.rule_details.source_range": [ + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "gcp.firewall.rule_details.target_tag": [ + "googlecloud.firewall.rule_details.target_tag": [ "adrian-test" ], "input.type": "log", @@ -477,15 +477,15 @@ "denied" ], "fileset.name": "firewall", - "gcp.destination.instance.project_id": "test-beats", - "gcp.destination.instance.region": "us-central1", - "gcp.destination.instance.zone": "us-central1-a", - "gcp.destination.vpc.project_id": "test-beats", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.firewall.rule_details.action": "DENY", - "gcp.firewall.rule_details.direction": "INGRESS", - "gcp.firewall.rule_details.ip_port_info": [ + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -494,11 +494,11 @@ ] } ], - "gcp.firewall.rule_details.priority": 1000, - "gcp.firewall.rule_details.source_range": [ + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "gcp.firewall.rule_details.target_tag": [ + "googlecloud.firewall.rule_details.target_tag": [ "adrian-test" ], "input.type": "log", @@ -544,15 +544,15 @@ "denied" ], "fileset.name": "firewall", - "gcp.destination.instance.project_id": "test-beats", - "gcp.destination.instance.region": "us-central1", - "gcp.destination.instance.zone": "us-central1-a", - "gcp.destination.vpc.project_id": "test-beats", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.firewall.rule_details.action": "DENY", - "gcp.firewall.rule_details.direction": "INGRESS", - "gcp.firewall.rule_details.ip_port_info": [ + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -561,11 +561,11 @@ ] } ], - "gcp.firewall.rule_details.priority": 1000, - "gcp.firewall.rule_details.source_range": [ + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "gcp.firewall.rule_details.target_tag": [ + "googlecloud.firewall.rule_details.target_tag": [ "adrian-test" ], "input.type": "log", @@ -611,15 +611,15 @@ "denied" ], "fileset.name": "firewall", - "gcp.destination.instance.project_id": "test-beats", - "gcp.destination.instance.region": "us-central1", - "gcp.destination.instance.zone": "us-central1-a", - "gcp.destination.vpc.project_id": "test-beats", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.firewall.rule_details.action": "DENY", - "gcp.firewall.rule_details.direction": "INGRESS", - "gcp.firewall.rule_details.ip_port_info": [ + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -628,11 +628,11 @@ ] } ], - "gcp.firewall.rule_details.priority": 1000, - "gcp.firewall.rule_details.source_range": [ + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "gcp.firewall.rule_details.target_tag": [ + "googlecloud.firewall.rule_details.target_tag": [ "adrian-test" ], "input.type": "log", @@ -678,15 +678,15 @@ "denied" ], "fileset.name": "firewall", - "gcp.destination.instance.project_id": "test-beats", - "gcp.destination.instance.region": "us-central1", - "gcp.destination.instance.zone": "us-central1-a", - "gcp.destination.vpc.project_id": "test-beats", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.firewall.rule_details.action": "DENY", - "gcp.firewall.rule_details.direction": "INGRESS", - "gcp.firewall.rule_details.ip_port_info": [ + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -695,11 +695,11 @@ ] } ], - "gcp.firewall.rule_details.priority": 1000, - "gcp.firewall.rule_details.source_range": [ + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "gcp.firewall.rule_details.target_tag": [ + "googlecloud.firewall.rule_details.target_tag": [ "adrian-test" ], "input.type": "log", @@ -745,15 +745,15 @@ "denied" ], "fileset.name": "firewall", - "gcp.destination.instance.project_id": "test-beats", - "gcp.destination.instance.region": "us-central1", - "gcp.destination.instance.zone": "us-central1-a", - "gcp.destination.vpc.project_id": "test-beats", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.firewall.rule_details.action": "DENY", - "gcp.firewall.rule_details.direction": "INGRESS", - "gcp.firewall.rule_details.ip_port_info": [ + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -762,11 +762,11 @@ ] } ], - "gcp.firewall.rule_details.priority": 1000, - "gcp.firewall.rule_details.source_range": [ + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "gcp.firewall.rule_details.target_tag": [ + "googlecloud.firewall.rule_details.target_tag": [ "adrian-test" ], "input.type": "log", @@ -818,26 +818,26 @@ "denied" ], "fileset.name": "firewall", - "gcp.firewall.rule_details.action": "DENY", - "gcp.firewall.rule_details.destination_range": [ + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.destination_range": [ "8.8.8.0/24" ], - "gcp.firewall.rule_details.direction": "EGRESS", - "gcp.firewall.rule_details.ip_port_info": [ + "googlecloud.firewall.rule_details.direction": "EGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ { "ip_protocol": "ALL" } ], - "gcp.firewall.rule_details.priority": 1000, - "gcp.firewall.rule_details.target_tag": [ + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.target_tag": [ "adrian-test" ], - "gcp.source.instance.project_id": "test-beats", - "gcp.source.instance.region": "us-central1", - "gcp.source.instance.zone": "us-central1-a", - "gcp.source.vpc.project_id": "test-beats", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "test-beats", + "googlecloud.source.instance.region": "us-central1", + "googlecloud.source.instance.zone": "us-central1-a", + "googlecloud.source.vpc.project_id": "test-beats", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "input.type": "log", "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", "log.offset": 12444, @@ -884,26 +884,26 @@ "denied" ], "fileset.name": "firewall", - "gcp.firewall.rule_details.action": "DENY", - "gcp.firewall.rule_details.destination_range": [ + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.destination_range": [ "8.8.8.0/24" ], - "gcp.firewall.rule_details.direction": "EGRESS", - "gcp.firewall.rule_details.ip_port_info": [ + "googlecloud.firewall.rule_details.direction": "EGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ { "ip_protocol": "ALL" } ], - "gcp.firewall.rule_details.priority": 1000, - "gcp.firewall.rule_details.target_tag": [ + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.target_tag": [ "adrian-test" ], - "gcp.source.instance.project_id": "test-beats", - "gcp.source.instance.region": "us-central1", - "gcp.source.instance.zone": "us-central1-a", - "gcp.source.vpc.project_id": "test-beats", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "test-beats", + "googlecloud.source.instance.region": "us-central1", + "googlecloud.source.instance.zone": "us-central1-a", + "googlecloud.source.vpc.project_id": "test-beats", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "input.type": "log", "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", "log.offset": 13425, @@ -944,15 +944,15 @@ "allowed" ], "fileset.name": "firewall", - "gcp.destination.instance.project_id": "test-beats", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "test-beats", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.firewall.rule_details.action": "ALLOW", - "gcp.firewall.rule_details.direction": "INGRESS", - "gcp.firewall.rule_details.ip_port_info": [ + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "ALLOW", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -960,19 +960,19 @@ ] } ], - "gcp.firewall.rule_details.priority": 1000, - "gcp.firewall.rule_details.source_range": [ + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "gcp.firewall.rule_details.target_tag": [ + "googlecloud.firewall.rule_details.target_tag": [ "allow9200" ], - "gcp.source.instance.project_id": "test-beats", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "test-beats", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "test-beats", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "test-beats", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "input.type": "log", "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", "log.offset": 14407, @@ -1015,15 +1015,15 @@ "allowed" ], "fileset.name": "firewall", - "gcp.destination.instance.project_id": "test-beats", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "test-beats", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.firewall.rule_details.action": "ALLOW", - "gcp.firewall.rule_details.direction": "INGRESS", - "gcp.firewall.rule_details.ip_port_info": [ + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "ALLOW", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -1031,19 +1031,19 @@ ] } ], - "gcp.firewall.rule_details.priority": 1000, - "gcp.firewall.rule_details.source_range": [ + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "gcp.firewall.rule_details.target_tag": [ + "googlecloud.firewall.rule_details.target_tag": [ "allow9200" ], - "gcp.source.instance.project_id": "test-beats", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "test-beats", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "test-beats", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "test-beats", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "input.type": "log", "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", "log.offset": 15594, @@ -1086,15 +1086,15 @@ "allowed" ], "fileset.name": "firewall", - "gcp.destination.instance.project_id": "test-beats", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "test-beats", - "gcp.destination.vpc.subnetwork_name": "windows-isolated", - "gcp.destination.vpc.vpc_name": "windows-isolated", - "gcp.firewall.rule_details.action": "ALLOW", - "gcp.firewall.rule_details.direction": "INGRESS", - "gcp.firewall.rule_details.ip_port_info": [ + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "windows-isolated", + "googlecloud.destination.vpc.vpc_name": "windows-isolated", + "googlecloud.firewall.rule_details.action": "ALLOW", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -1102,11 +1102,11 @@ ] } ], - "gcp.firewall.rule_details.priority": 1000, - "gcp.firewall.rule_details.source_range": [ + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "gcp.firewall.rule_details.target_tag": [ + "googlecloud.firewall.rule_details.target_tag": [ "allow-rdp" ], "input.type": "log", @@ -1152,15 +1152,15 @@ "allowed" ], "fileset.name": "firewall", - "gcp.destination.instance.project_id": "test-beats", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "test-beats", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.firewall.rule_details.action": "ALLOW", - "gcp.firewall.rule_details.direction": "INGRESS", - "gcp.firewall.rule_details.ip_port_info": [ + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "ALLOW", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -1168,19 +1168,19 @@ ] } ], - "gcp.firewall.rule_details.priority": 1000, - "gcp.firewall.rule_details.source_range": [ + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "gcp.firewall.rule_details.target_tag": [ + "googlecloud.firewall.rule_details.target_tag": [ "allow9200" ], - "gcp.source.instance.project_id": "test-beats", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "test-beats", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "test-beats", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "test-beats", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "input.type": "log", "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", "log.offset": 17858, @@ -1223,15 +1223,15 @@ "allowed" ], "fileset.name": "firewall", - "gcp.destination.instance.project_id": "test-beats", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "test-beats", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.firewall.rule_details.action": "ALLOW", - "gcp.firewall.rule_details.direction": "INGRESS", - "gcp.firewall.rule_details.ip_port_info": [ + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "ALLOW", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -1239,19 +1239,19 @@ ] } ], - "gcp.firewall.rule_details.priority": 1000, - "gcp.firewall.rule_details.source_range": [ + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "gcp.firewall.rule_details.target_tag": [ + "googlecloud.firewall.rule_details.target_tag": [ "allow9200" ], - "gcp.source.instance.project_id": "test-beats", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "test-beats", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "test-beats", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "test-beats", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "input.type": "log", "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", "log.offset": 19045, @@ -1294,15 +1294,15 @@ "denied" ], "fileset.name": "firewall", - "gcp.destination.instance.project_id": "test-beats", - "gcp.destination.instance.region": "us-central1", - "gcp.destination.instance.zone": "us-central1-a", - "gcp.destination.vpc.project_id": "test-beats", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.firewall.rule_details.action": "DENY", - "gcp.firewall.rule_details.direction": "INGRESS", - "gcp.firewall.rule_details.ip_port_info": [ + "googlecloud.destination.instance.project_id": "test-beats", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "test-beats", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.firewall.rule_details.action": "DENY", + "googlecloud.firewall.rule_details.direction": "INGRESS", + "googlecloud.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -1311,19 +1311,19 @@ ] } ], - "gcp.firewall.rule_details.priority": 1000, - "gcp.firewall.rule_details.source_range": [ + "googlecloud.firewall.rule_details.priority": 1000, + "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "gcp.firewall.rule_details.target_tag": [ + "googlecloud.firewall.rule_details.target_tag": [ "adrian-test" ], - "gcp.source.instance.project_id": "test-beats", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "test-beats", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "test-beats", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "test-beats", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", "input.type": "log", "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", "log.offset": 20231, diff --git a/x-pack/filebeat/module/gcp/vpcflow/config/pipeline.js b/x-pack/filebeat/module/gcp/vpcflow/config/pipeline.js index f751f1b490f4..dd7e3e0ea7ed 100644 --- a/x-pack/filebeat/module/gcp/vpcflow/config/pipeline.js +++ b/x-pack/filebeat/module/gcp/vpcflow/config/pipeline.js @@ -96,13 +96,13 @@ function VPCFlow(keep_original_message) { {from: "json.src_location.region", to: "source.geo.region_name"}, {from: "json.src_location.city", to: "source.geo.city_name"}, - {from: "json.dest_instance", to: "gcp.destination.instance"}, - {from: "json.dest_vpc", to: "gcp.destination.vpc"}, - {from: "json.src_instance", to: "gcp.source.instance"}, - {from: "json.src_vpc", to: "gcp.source.vpc"}, + {from: "json.dest_instance", to: "googlecloud.destination.instance"}, + {from: "json.dest_vpc", to: "googlecloud.destination.vpc"}, + {from: "json.src_instance", to: "googlecloud.source.instance"}, + {from: "json.src_vpc", to: "googlecloud.source.vpc"}, {from: "json.rtt_msec", to: "json.rtt.ms", type: "long"}, - {from: "json", to: "gcp.vpcflow"}, + {from: "json", to: "googlecloud.vpcflow"}, ], mode: "rename", ignore_missing: true, @@ -110,9 +110,9 @@ function VPCFlow(keep_original_message) { // Delete emtpy object's whose fields have been renamed leaving them childless. var dropEmptyObjects = function (evt) { - evt.Delete("gcp.vpcflow.connection"); - evt.Delete("gcp.vpcflow.dest_location"); - evt.Delete("gcp.vpcflow.src_location"); + evt.Delete("googlecloud.vpcflow.connection"); + evt.Delete("googlecloud.vpcflow.dest_location"); + evt.Delete("googlecloud.vpcflow.src_location"); }; // Copy the source/destination.address to source/destination.ip if they are @@ -127,22 +127,22 @@ function VPCFlow(keep_original_message) { var setCloudFromDestInstance = new processor.Convert({ fields: [ - {from: "gcp.destination.instance.project_id", to: "cloud.project.id"}, - {from: "gcp.destination.instance.vm_name", to: "cloud.instance.name"}, - {from: "gcp.destination.instance.region", to: "cloud.region"}, - {from: "gcp.destination.instance.zone", to: "cloud.availability_zone"}, - {from: "gcp.destination.vpc.subnetwork_name", to: "network.name"}, + {from: "googlecloud.destination.instance.project_id", to: "cloud.project.id"}, + {from: "googlecloud.destination.instance.vm_name", to: "cloud.instance.name"}, + {from: "googlecloud.destination.instance.region", to: "cloud.region"}, + {from: "googlecloud.destination.instance.zone", to: "cloud.availability_zone"}, + {from: "googlecloud.destination.vpc.subnetwork_name", to: "network.name"}, ], ignore_missing: true, }); var setCloudFromSrcInstance = new processor.Convert({ fields: [ - {from: "gcp.source.instance.project_id", to: "cloud.project.id"}, - {from: "gcp.source.instance.vm_name", to: "cloud.instance.name"}, - {from: "gcp.source.instance.region", to: "cloud.region"}, - {from: "gcp.source.instance.zone", to: "cloud.availability_zone"}, - {from: "gcp.source.vpc.subnetwork_name", to: "network.name"}, + {from: "googlecloud.source.instance.project_id", to: "cloud.project.id"}, + {from: "googlecloud.source.instance.vm_name", to: "cloud.instance.name"}, + {from: "googlecloud.source.instance.region", to: "cloud.region"}, + {from: "googlecloud.source.instance.zone", to: "cloud.availability_zone"}, + {from: "googlecloud.source.vpc.subnetwork_name", to: "network.name"}, ], ignore_missing: true, }); @@ -150,7 +150,7 @@ function VPCFlow(keep_original_message) { // Set the cloud metadata fields based on the instance that reported the // event. var setCloudMetadata = function(evt) { - var reporter = evt.Get("gcp.vpcflow.reporter"); + var reporter = evt.Get("googlecloud.vpcflow.reporter"); if (reporter === "DEST") { setCloudFromDestInstance.Run(evt); @@ -190,8 +190,8 @@ function VPCFlow(keep_original_message) { }; var setNetworkDirection = function(event) { - var srcInstance = event.Get("gcp.source.instance"); - var destInstance = event.Get("gcp.destination.instance"); + var srcInstance = event.Get("googlecloud.source.instance"); + var destInstance = event.Get("googlecloud.destination.instance"); var direction = "unknown"; if (srcInstance && destInstance) { diff --git a/x-pack/filebeat/module/gcp/vpcflow/test/vpc-flow-log-entries.json.log-expected.json b/x-pack/filebeat/module/gcp/vpcflow/test/vpc-flow-log-entries.json.log-expected.json index da74fec40d64..b9d0250b9be0 100644 --- a/x-pack/filebeat/module/gcp/vpcflow/test/vpc-flow-log-entries.json.log-expected.json +++ b/x-pack/filebeat/module/gcp/vpcflow/test/vpc-flow-log-entries.json.log-expected.json @@ -19,14 +19,14 @@ "event.start": "2019-06-14T03:45:37.186193305Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 0, @@ -71,20 +71,20 @@ "event.start": "2019-06-14T03:40:08.466657665Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 1, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 934, @@ -135,20 +135,20 @@ "event.start": "2019-06-14T03:40:20.510622432Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 201, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 201, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 2084, @@ -197,13 +197,13 @@ "event.start": "2019-06-14T03:40:45.860349247Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 3237, @@ -250,14 +250,14 @@ "event.start": "2019-06-14T03:40:36.895188084Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 4210, @@ -302,14 +302,14 @@ "event.start": "2019-06-14T03:40:36.895188084Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 5143, @@ -356,20 +356,20 @@ "event.start": "2019-06-14T03:39:59.500498059Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 1, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 6078, @@ -420,20 +420,20 @@ "event.start": "2019-06-14T03:40:08.469099728Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 3, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 3, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 7229, @@ -478,20 +478,20 @@ "event.start": "2019-06-14T03:39:59.500506974Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 1, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 8378, @@ -539,20 +539,20 @@ "event.start": "2019-06-14T03:40:08.469099728Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 3, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 3, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 9529, @@ -600,13 +600,13 @@ "event.start": "2019-06-14T03:40:45.860349247Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 10679, @@ -655,20 +655,20 @@ "event.start": "2019-06-14T03:40:20.510622432Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 201, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 201, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 11654, @@ -716,20 +716,20 @@ "event.start": "2019-06-14T03:40:01.074897435Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 192, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 192, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 12806, @@ -780,20 +780,20 @@ "event.start": "2019-06-14T03:39:59.500498059Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 1, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 13959, @@ -841,20 +841,20 @@ "event.start": "2019-06-14T03:40:08.150720950Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 1, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 15109, @@ -902,20 +902,20 @@ "event.start": "2019-06-14T03:40:08.466657665Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 1, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 16259, @@ -960,14 +960,14 @@ "event.start": "2019-06-14T03:40:17.343890802Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 17408, @@ -1011,14 +1011,14 @@ "event.start": "2019-06-14T03:48:38.961050187Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 18297, @@ -1068,20 +1068,20 @@ "event.start": "2019-06-14T03:39:59.500506974Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 1, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 19233, @@ -1130,14 +1130,14 @@ "event.start": "2019-06-14T03:40:00.560917237Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 220, + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 220, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 20383, @@ -1185,20 +1185,20 @@ "event.start": "2019-06-14T03:40:01.074897435Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 192, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 192, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 21370, @@ -1242,14 +1242,14 @@ "event.start": "2019-06-14T03:40:17.306085222Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 22524, @@ -1294,14 +1294,14 @@ "event.start": "2019-06-14T03:45:37.186193305Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 23412, @@ -1351,20 +1351,20 @@ "event.start": "2019-06-14T03:40:05.147252064Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 50, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 50, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 24348, @@ -1409,14 +1409,14 @@ "event.start": "2019-06-14T03:40:00.560917237Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 220, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 220, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 25501, @@ -1465,20 +1465,20 @@ "event.start": "2019-06-14T03:40:08.150720950Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 1, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 26490, @@ -1526,20 +1526,20 @@ "event.start": "2019-06-14T03:40:05.147252064Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 50, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 50, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 27641, @@ -1589,14 +1589,14 @@ "event.start": "2019-06-14T03:48:38.961050187Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 28793, @@ -1641,14 +1641,14 @@ "event.start": "2019-06-14T03:40:46.541094678Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 233, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 233, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 29727, @@ -1700,20 +1700,20 @@ "event.start": "2019-06-14T03:40:06.075811571Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 2, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 2, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 30719, @@ -1758,14 +1758,14 @@ "event.start": "2019-06-14T03:46:20.634435179Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 31870, @@ -1815,20 +1815,20 @@ "event.start": "2019-06-14T03:40:06.075942176Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 311, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 311, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 32809, @@ -1876,20 +1876,20 @@ "event.start": "2019-06-14T03:40:05.566551903Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 216, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 216, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 33964, @@ -1938,14 +1938,14 @@ "event.start": "2019-06-14T03:40:01.270990648Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 87, + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 87, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 35119, @@ -1990,20 +1990,20 @@ "event.start": "2019-06-14T03:40:06.075942176Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 311, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 311, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 36107, @@ -2054,20 +2054,20 @@ "event.start": "2019-06-14T03:39:59.711043814Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "windows-isolated", - "gcp.destination.vpc.vpc_name": "windows-isolated", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 113, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "windows-isolated", + "googlecloud.destination.vpc.vpc_name": "windows-isolated", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 113, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 37261, @@ -2114,14 +2114,14 @@ "event.start": "2019-06-14T03:46:11.655143526Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 38440, @@ -2170,14 +2170,14 @@ "event.start": "2019-06-14T03:39:59.843986502Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 219, + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 219, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 39374, @@ -2222,20 +2222,20 @@ "event.start": "2019-06-14T03:40:24.790136141Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 0, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 0, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 40363, @@ -2286,20 +2286,20 @@ "event.start": "2019-06-14T03:40:14.031541248Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-central1", - "gcp.destination.instance.zone": "us-central1-a", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 41513, @@ -2344,20 +2344,20 @@ "event.start": "2019-06-14T03:40:06.075811571Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 2, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 2, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 42677, @@ -2408,20 +2408,20 @@ "event.start": "2019-06-14T03:40:24.790136141Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 0, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 0, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 43829, @@ -2466,20 +2466,20 @@ "event.start": "2019-06-14T03:40:05.147072949Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 1, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 44980, @@ -2527,20 +2527,20 @@ "event.start": "2019-06-14T03:40:05.566551903Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 216, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 216, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 46132, @@ -2590,14 +2590,14 @@ "event.start": "2019-06-14T03:46:20.634545217Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 47286, @@ -2646,14 +2646,14 @@ "event.start": "2019-06-14T03:40:00.155378070Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 89, + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 89, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 48223, @@ -2698,14 +2698,14 @@ "event.start": "2019-06-14T03:46:11.655143526Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 49211, @@ -2752,14 +2752,14 @@ "event.start": "2019-06-14T03:39:59.843986502Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 219, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 219, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 50147, @@ -2812,14 +2812,14 @@ "event.start": "2019-06-14T03:40:00.565831992Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 86, + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 86, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 51137, @@ -2864,20 +2864,20 @@ "event.start": "2019-06-14T03:39:59.711043814Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "windows-isolated", - "gcp.source.vpc.vpc_name": "windows-isolated", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 113, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "windows-isolated", + "googlecloud.source.vpc.vpc_name": "windows-isolated", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 113, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 52125, @@ -2925,20 +2925,20 @@ "event.start": "2019-06-14T03:40:14.031541248Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-central1", - "gcp.source.instance.zone": "us-central1-a", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-central1", + "googlecloud.source.instance.zone": "us-central1-a", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 53305, @@ -2989,20 +2989,20 @@ "event.start": "2019-06-14T03:39:58.492572765Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 144, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 144, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 54470, @@ -3047,14 +3047,14 @@ "event.start": "2019-06-14T03:40:00.565831992Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 86, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 86, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 55625, @@ -3103,14 +3103,14 @@ "event.start": "2019-06-14T03:40:01.270990648Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 87, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 87, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 56614, @@ -3159,14 +3159,14 @@ "event.start": "2019-06-14T03:40:20.454046087Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 57603, @@ -3215,14 +3215,14 @@ "event.start": "2019-06-14T03:40:20.454046087Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 58539, @@ -3271,14 +3271,14 @@ "event.start": "2019-06-14T03:40:46.541094678Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 233, + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 233, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 59473, @@ -3323,20 +3323,20 @@ "event.start": "2019-06-14T03:39:58.492572765Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 144, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 144, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 60463, @@ -3387,20 +3387,20 @@ "event.start": "2019-06-14T03:40:05.147072949Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 1, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 61617, @@ -3445,14 +3445,14 @@ "event.start": "2019-06-14T03:40:00.155378070Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 89, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 89, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 62768, @@ -3501,14 +3501,14 @@ "event.start": "2019-06-14T03:46:51.237256499Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 63757, @@ -3555,14 +3555,14 @@ "event.start": "2019-06-14T03:45:50.954948790Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 64693, @@ -3609,20 +3609,20 @@ "event.start": "2019-06-14T03:40:02.143837873Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 224, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 224, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 65631, @@ -3672,14 +3672,14 @@ "event.start": "2019-06-14T03:45:50.954948790Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 66784, @@ -3724,14 +3724,14 @@ "event.start": "2019-06-14T03:42:40.779893091Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 67720, @@ -3778,20 +3778,20 @@ "event.start": "2019-06-14T03:40:06.075756033Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 2, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 2, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 68656, @@ -3841,14 +3841,14 @@ "event.start": "2019-06-14T03:42:11.063146265Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 69807, @@ -3896,20 +3896,20 @@ "event.start": "2019-06-14T03:40:00.140119099Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 1, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 70741, @@ -3957,20 +3957,20 @@ "event.start": "2019-06-14T03:39:59.500498059Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 15, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 15, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 71891, @@ -4015,20 +4015,20 @@ "event.start": "2019-06-14T03:40:08.469473010Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 230, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 230, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 73042, @@ -4079,20 +4079,20 @@ "event.start": "2019-06-14T03:40:02.143837873Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 224, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 224, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 74194, @@ -4139,14 +4139,14 @@ "event.start": "2019-06-14T03:43:50.703302550Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 43, + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 43, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 75348, @@ -4191,20 +4191,20 @@ "event.start": "2019-06-14T03:40:08.458515996Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 253, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 253, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 76282, @@ -4252,14 +4252,14 @@ "event.start": "2019-06-14T03:44:40.125336665Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 77435, @@ -4306,20 +4306,20 @@ "event.start": "2019-06-14T03:39:59.500498059Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 15, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 15, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 78373, @@ -4367,14 +4367,14 @@ "event.start": "2019-06-14T03:43:50.703302550Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 43, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 43, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 79525, @@ -4421,14 +4421,14 @@ "event.start": "2019-06-14T03:42:11.063146265Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 80461, @@ -4477,14 +4477,14 @@ "event.start": "2019-06-14T03:46:37.712749588Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 81397, @@ -4531,14 +4531,14 @@ "event.start": "2019-06-14T03:46:51.237256499Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 82331, @@ -4585,14 +4585,14 @@ "event.start": "2019-06-14T03:44:40.125336665Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 83265, @@ -4637,14 +4637,14 @@ "event.start": "2019-06-14T03:48:50.642206049Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 84201, @@ -4693,14 +4693,14 @@ "event.start": "2019-06-14T03:49:36.865198297Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 85139, @@ -4748,20 +4748,20 @@ "event.start": "2019-06-14T03:40:06.075756033Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 2, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 2, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 86073, @@ -4809,20 +4809,20 @@ "event.start": "2019-06-14T03:39:59.500418290Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 16, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 16, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 87223, @@ -4867,14 +4867,14 @@ "event.start": "2019-06-14T03:49:36.865198297Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 88374, @@ -4921,20 +4921,20 @@ "event.start": "2019-06-14T03:39:59.500418290Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 16, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 16, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 89310, @@ -4984,14 +4984,14 @@ "event.start": "2019-06-14T03:48:50.642206049Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 90462, @@ -5038,14 +5038,14 @@ "event.start": "2019-06-14T03:42:40.779893091Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 91398, @@ -5090,14 +5090,14 @@ "event.start": "2019-06-14T03:46:37.712749588Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 92332, @@ -5144,20 +5144,20 @@ "event.start": "2019-06-14T03:40:00.140119099Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 1, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 93268, @@ -5208,20 +5208,20 @@ "event.start": "2019-06-14T03:40:08.469473010Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 230, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 230, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 94419, @@ -5269,20 +5269,20 @@ "event.start": "2019-06-14T03:40:08.458515996Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 253, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 253, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 95572, @@ -5330,20 +5330,20 @@ "event.start": "2019-06-14T03:40:05.147151100Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 109, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 109, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 96724, @@ -5391,20 +5391,20 @@ "event.start": "2019-06-14T03:40:00.762958327Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-central1", - "gcp.destination.instance.zone": "us-central1-a", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-central1", + "googlecloud.destination.instance.zone": "us-central1-a", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 97878, @@ -5452,20 +5452,20 @@ "event.start": "2019-06-14T03:40:08.150481417Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 194, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 194, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 99041, @@ -5510,20 +5510,20 @@ "event.start": "2019-06-14T03:40:06.075859688Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 11, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 11, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 100195, @@ -5571,20 +5571,20 @@ "event.start": "2019-06-14T03:40:00.762958327Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-central1", - "gcp.source.instance.zone": "us-central1-a", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 36, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-central1", + "googlecloud.source.instance.zone": "us-central1-a", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 101347, @@ -5635,20 +5635,20 @@ "event.start": "2019-06-14T03:40:20.513551480Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "SRC", - "gcp.vpcflow.rtt.ms": 142, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "SRC", + "googlecloud.vpcflow.rtt.ms": 142, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 102512, @@ -5693,20 +5693,20 @@ "event.start": "2019-06-14T03:40:08.480430427Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 201, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 201, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 103665, @@ -5754,20 +5754,20 @@ "event.start": "2019-06-14T03:40:05.147151100Z", "event.type": "connection", "fileset.name": "vpcflow", - "gcp.destination.instance.project_id": "my-sample-project", - "gcp.destination.instance.region": "us-east1", - "gcp.destination.instance.zone": "us-east1-b", - "gcp.destination.vpc.project_id": "my-sample-project", - "gcp.destination.vpc.subnetwork_name": "default", - "gcp.destination.vpc.vpc_name": "default", - "gcp.source.instance.project_id": "my-sample-project", - "gcp.source.instance.region": "us-east1", - "gcp.source.instance.zone": "us-east1-b", - "gcp.source.vpc.project_id": "my-sample-project", - "gcp.source.vpc.subnetwork_name": "default", - "gcp.source.vpc.vpc_name": "default", - "gcp.vpcflow.reporter": "DEST", - "gcp.vpcflow.rtt.ms": 109, + "googlecloud.destination.instance.project_id": "my-sample-project", + "googlecloud.destination.instance.region": "us-east1", + "googlecloud.destination.instance.zone": "us-east1-b", + "googlecloud.destination.vpc.project_id": "my-sample-project", + "googlecloud.destination.vpc.subnetwork_name": "default", + "googlecloud.destination.vpc.vpc_name": "default", + "googlecloud.source.instance.project_id": "my-sample-project", + "googlecloud.source.instance.region": "us-east1", + "googlecloud.source.instance.zone": "us-east1-b", + "googlecloud.source.vpc.project_id": "my-sample-project", + "googlecloud.source.vpc.subnetwork_name": "default", + "googlecloud.source.vpc.vpc_name": "default", + "googlecloud.vpcflow.reporter": "DEST", + "googlecloud.vpcflow.rtt.ms": 109, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 104817, From fcf19c5622f6c125a71e997fe69578cbc1bb2726 Mon Sep 17 00:00:00 2001 From: DeDe Morton Date: Wed, 11 Nov 2020 14:26:45 -0800 Subject: [PATCH 11/14] Add redirects page to fix broken link --- filebeat/docs/index.asciidoc | 2 ++ filebeat/docs/redirects.asciidoc | 10 ++++++++++ 2 files changed, 12 insertions(+) create mode 100644 filebeat/docs/redirects.asciidoc diff --git a/filebeat/docs/index.asciidoc b/filebeat/docs/index.asciidoc index 30e0ec38f462..69633f6836d6 100644 --- a/filebeat/docs/index.asciidoc +++ b/filebeat/docs/index.asciidoc @@ -64,4 +64,6 @@ include::./faq.asciidoc[] include::{libbeat-dir}/contributing-to-beats.asciidoc[] +include::redirects.asciidoc[] + diff --git a/filebeat/docs/redirects.asciidoc b/filebeat/docs/redirects.asciidoc new file mode 100644 index 000000000000..7a41406099b8 --- /dev/null +++ b/filebeat/docs/redirects.asciidoc @@ -0,0 +1,10 @@ +["appendix",role="exclude",id="redirects"] += Deleted pages + +The following pages have moved or been deleted. + +[role="exclude",id="filebeat-module-googlecloud"] +== Google Cloud module + +See <>. + From 676147f89d959edfc522b689fde1915068f70949 Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Thu, 19 Nov 2020 11:13:32 -0700 Subject: [PATCH 12/14] Increase ES cache size --- testing/environments/latest.yml | 4 ++++ testing/environments/snapshot.yml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/testing/environments/latest.yml b/testing/environments/latest.yml index 59dde477bedf..92ed7c91d5b1 100644 --- a/testing/environments/latest.yml +++ b/testing/environments/latest.yml @@ -14,6 +14,10 @@ services: - "transport.host=127.0.0.1" - "http.host=0.0.0.0" - "xpack.security.enabled=false" + - "script.context.template.max_compilations_rate=unlimited" + - "script.context.ingest.cache_max_size=2000" + - "script.context.processor_conditional.cache_max_size=2000" + - "script.context.template.cache_max_size=2000" logstash: image: docker.elastic.co/logstash/logstash:7.9.0 diff --git a/testing/environments/snapshot.yml b/testing/environments/snapshot.yml index 9d3555d78546..4f15ba5582fa 100644 --- a/testing/environments/snapshot.yml +++ b/testing/environments/snapshot.yml @@ -15,6 +15,10 @@ services: - "http.host=0.0.0.0" - "xpack.security.enabled=false" - "indices.id_field_data.enabled=true" + - "script.context.template.max_compilations_rate=unlimited" + - "script.context.ingest.cache_max_size=2000" + - "script.context.processor_conditional.cache_max_size=2000" + - "script.context.template.cache_max_size=2000" logstash: image: docker.elastic.co/logstash/logstash@sha256:e01cf165142edf8d67485115b938c94deeda66153e9516aa2ce69ee417c5fc33 From 5dc108fe5519d8742a124f474e3faa71c9bd4e00 Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Thu, 19 Nov 2020 14:08:24 -0700 Subject: [PATCH 13/14] move Increase ES cache size change into a separate PR --- testing/environments/latest.yml | 4 ---- testing/environments/snapshot.yml | 4 ---- 2 files changed, 8 deletions(-) diff --git a/testing/environments/latest.yml b/testing/environments/latest.yml index 92ed7c91d5b1..59dde477bedf 100644 --- a/testing/environments/latest.yml +++ b/testing/environments/latest.yml @@ -14,10 +14,6 @@ services: - "transport.host=127.0.0.1" - "http.host=0.0.0.0" - "xpack.security.enabled=false" - - "script.context.template.max_compilations_rate=unlimited" - - "script.context.ingest.cache_max_size=2000" - - "script.context.processor_conditional.cache_max_size=2000" - - "script.context.template.cache_max_size=2000" logstash: image: docker.elastic.co/logstash/logstash:7.9.0 diff --git a/testing/environments/snapshot.yml b/testing/environments/snapshot.yml index 4f15ba5582fa..9d3555d78546 100644 --- a/testing/environments/snapshot.yml +++ b/testing/environments/snapshot.yml @@ -15,10 +15,6 @@ services: - "http.host=0.0.0.0" - "xpack.security.enabled=false" - "indices.id_field_data.enabled=true" - - "script.context.template.max_compilations_rate=unlimited" - - "script.context.ingest.cache_max_size=2000" - - "script.context.processor_conditional.cache_max_size=2000" - - "script.context.template.cache_max_size=2000" logstash: image: docker.elastic.co/logstash/logstash@sha256:e01cf165142edf8d67485115b938c94deeda66153e9516aa2ce69ee417c5fc33 From 6f9bc3af31802370d2d1acd9a67557002b134241 Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Tue, 24 Nov 2020 07:51:29 -0700 Subject: [PATCH 14/14] fix typo --- x-pack/filebeat/module/gcp/firewall/config/pipeline.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/filebeat/module/gcp/firewall/config/pipeline.js b/x-pack/filebeat/module/gcp/firewall/config/pipeline.js index f9f899197030..ef184bc8620f 100644 --- a/x-pack/filebeat/module/gcp/firewall/config/pipeline.js +++ b/x-pack/filebeat/module/gcp/firewall/config/pipeline.js @@ -189,7 +189,7 @@ function FirewallProcessor(keep_original_message, debug) { fail_on_error: false })); - // Set network.transport from iana_number. googlecloud Firewall only supports + // Set network.transport from iana_number. GCP Firewall only supports // logging of tcp and udp connections, added icmp just in case as it's the // other protocol supported by firewall rules. builder.Add("transportFromIANA", makeMapper({