From e3e839059d9209f467dfeda066629b7e426359f8 Mon Sep 17 00:00:00 2001 From: Pier-Hugues Pellerin Date: Thu, 1 Nov 2018 14:29:27 -0400 Subject: [PATCH 01/11] Add CheckRemoved6xSettings and CheckRemoved6xSettings Add new methods to verify obsolete configuration for 7.0, added missing test for them. --- filebeat/channel/factory.go | 3 - libbeat/common/cfgwarn/removed.go | 27 ++++- libbeat/common/cfgwarn/removed_test.go | 146 +++++++++++++++++++++++++ 3 files changed, 169 insertions(+), 7 deletions(-) create mode 100644 libbeat/common/cfgwarn/removed_test.go diff --git a/filebeat/channel/factory.go b/filebeat/channel/factory.go index 86db045c84f9..5222ccba826f 100644 --- a/filebeat/channel/factory.go +++ b/filebeat/channel/factory.go @@ -110,9 +110,6 @@ func (f *OutletFactory) Create(p beat.Pipeline, cfg *common.Config, dynFields *c } } if config.Type != "" { - fields["prospector"] = common.MapStr{ - "type": config.Type, - } fields["input"] = common.MapStr{ "type": config.Type, } diff --git a/libbeat/common/cfgwarn/removed.go b/libbeat/common/cfgwarn/removed.go index ba11bcb67ce5..769f7b98c544 100644 --- a/libbeat/common/cfgwarn/removed.go +++ b/libbeat/common/cfgwarn/removed.go @@ -26,10 +26,10 @@ import ( "github.com/elastic/beats/libbeat/common" ) -func CheckRemoved5xSettings(cfg *common.Config, settings ...string) error { +func checkRemovedSettings(cfg *common.Config, settings ...string) error { var errs multierror.Errors for _, setting := range settings { - if err := CheckRemoved5xSetting(cfg, setting); err != nil { + if err := checkRemovedSetting(cfg, setting); err != nil { errs = append(errs, err) } } @@ -37,8 +37,7 @@ func CheckRemoved5xSettings(cfg *common.Config, settings ...string) error { return errs.Err() } -// CheckRemoved5xSetting prints a warning if the obsolete setting is used. -func CheckRemoved5xSetting(cfg *common.Config, setting string) error { +func checkRemovedSetting(cfg *common.Config, setting string) error { segments := strings.Split(setting, ".") L := len(segments) @@ -64,3 +63,23 @@ func CheckRemoved5xSetting(cfg *common.Config, setting string) error { return fmt.Errorf("setting '%v' has been removed", current.PathOf(name)) } + +// CheckRemoved5xSettings prints a warning if the obsolete setting is used. +func CheckRemoved5xSettings(cfg *common.Config, settings ...string) error { + return checkRemovedSettings(cfg, settings...) +} + +// CheckRemoved5xSetting prints a warning if the obsolete setting is used. +func CheckRemoved5xSetting(cfg *common.Config, setting string) error { + return checkRemovedSetting(cfg, setting) +} + +// CheckRemoved6xSettings prints a warning if the obsolete setting is used. +func CheckRemoved6xSettings(cfg *common.Config, settings ...string) error { + return checkRemovedSettings(cfg, settings...) +} + +// CheckRemoved6xSetting prints a warning if the obsolete setting is used. +func CheckRemoved6xSetting(cfg *common.Config, setting string) error { + return checkRemovedSetting(cfg, setting) +} diff --git a/libbeat/common/cfgwarn/removed_test.go b/libbeat/common/cfgwarn/removed_test.go new file mode 100644 index 000000000000..7fb1cf070823 --- /dev/null +++ b/libbeat/common/cfgwarn/removed_test.go @@ -0,0 +1,146 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package cfgwarn + +import ( + "errors" + "testing" + + "github.com/joeshaw/multierror" + "github.com/stretchr/testify/assert" + + "github.com/elastic/beats/libbeat/common" +) + +func TestRemovedSetting(t *testing.T) { + tests := []struct { + name string + cfg *common.Config + lookup string + expected error + }{ + { + name: "no obsolete setting", + lookup: "notfound", + cfg: common.MustNewConfigFrom(map[string]interface{}{ + "hello.world": "ok", + }), + expected: nil, + }, + { + name: "obsolete setting found", + lookup: "hello", + cfg: common.MustNewConfigFrom(map[string]interface{}{ + "hello.world": "ok", + }), + expected: errors.New("setting 'hello' has been removed"), + }, + { + name: "obsolete setting found", + lookup: "not.hello", + cfg: common.MustNewConfigFrom(map[string]interface{}{ + "hello.world": "ok", + }), + expected: errors.New("setting 'hello' has been removed"), + }, + } + + functions := []struct { + name string + fn func(*common.Config, string) error + }{ + {name: "checkRemovedSetting", fn: checkRemovedSetting}, + {name: "checkRemoved6xSetting", fn: CheckRemoved6xSetting}, + } + + for _, function := range functions { + t.Run(function.name, func(t *testing.T) { + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + err := function.fn(test.cfg, test.lookup) + assert.Equal(t, test.expected, err) + }) + } + }) + } +} + +func TestRemovedSettings(t *testing.T) { + tests := []struct { + name string + cfg *common.Config + lookup []string + expected error + }{ + { + name: "no obsolete setting", + lookup: []string{"notfound"}, + cfg: common.MustNewConfigFrom(map[string]interface{}{ + "hello.world": "ok", + }), + expected: nil, + }, + { + name: "obsolete setting found", + lookup: []string{"hello"}, + cfg: common.MustNewConfigFrom(map[string]interface{}{ + "hello.world": "ok", + }), + expected: multierror.Errors{errors.New("setting 'hello' has been removed")}.Err(), + }, + { + name: "obsolete setting found", + lookup: []string{"not.hello"}, + cfg: common.MustNewConfigFrom(map[string]interface{}{ + "hello.world": "ok", + }), + expected: multierror.Errors{errors.New("setting 'hello' has been removed")}.Err(), + }, + { + name: "multiple obsolete settings", + lookup: []string{"not.hello", "bad"}, + cfg: common.MustNewConfigFrom(map[string]interface{}{ + "hello.world": "ok", + "bad": "true", + }), + expected: multierror.Errors{ + errors.New("setting 'hello' has been removed"), + errors.New("setting 'bad' has been removed"), + }.Err(), + }, + } + + functions := []struct { + name string + fn func(*common.Config, ...string) error + }{ + {name: "checkRemovedSetting", fn: checkRemovedSettings}, + {name: "checkRemoved6xSetting", fn: CheckRemoved6xSettings}, + } + + for _, function := range functions { + t.Run(function.name, func(t *testing.T) { + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + err := checkRemovedSettings(test.cfg, test.lookup...) + assert.Equal(t, test.expected, err) + }) + } + }) + } +} From 03199767e77d91f2bfec1ec2a9a6e689a499d718 Mon Sep 17 00:00:00 2001 From: Pier-Hugues Pellerin Date: Thu, 1 Nov 2018 15:59:52 -0400 Subject: [PATCH 02/11] Remove the prospector option in the configuration. In 6.3 we have deprecated the usage of the 'prospector' options, in 7.0 its now obsolete. This commit does the following: - Remove any backward compatibility fixes. - Add warning when using the prospector key in configuration. - Remove any usage of prospector in tests. - Remove any usage or prospector in module expectation files. - Adjust any integration tests to not check for prospector.type. - Remove the prospector type from the fields. - Remove any shims created by the prospector package. --- filebeat/Makefile | 2 +- filebeat/_meta/fields.common.yml | 7 - filebeat/beater/filebeat.go | 16 +- filebeat/config/config.go | 10 - filebeat/docs/fields.asciidoc | 13 - .../inputs/input-common-file-options.asciidoc | 4 +- .../input-common-harvester-options.asciidoc | 2 +- filebeat/fileset/config.go | 18 +- filebeat/fileset/config_test.go | 36 - filebeat/fileset/factory.go | 2 +- filebeat/fileset/fileset.go | 10 +- filebeat/fileset/modules_test.go | 21 - filebeat/include/fields.go | 2 +- filebeat/input/docker/config.go | 2 +- filebeat/input/log/config.go | 2 +- .../access/test/test.log-expected.json | 138 ++-- .../apache2/error/test/test.log-expected.json | 65 +- .../auditd/log/test/test.log-expected.json | 98 ++- .../audit/test/test.log-expected.json | 189 ++--- .../elasticsearch/deprecation/manifest.yml | 2 +- .../gc/test/test.log-expected.json | 105 ++- .../module/elasticsearch/server/manifest.yml | 2 +- .../server/test/test.log-expected.json | 493 ++++++----- .../slowlog/test/test.log-expected.json | 240 +++--- .../log/test/default.log-expected.json | 39 +- .../log/test/haproxy.log-expected.json | 75 +- .../haproxy/log/test/tcplog.log-expected.json | 53 +- .../icinga/debug/test/test.log-expected.json | 57 +- .../icinga/main/test/test.log-expected.json | 59 +- .../startup/test/test.log-expected.json | 38 +- .../iis/access/test/test.log-expected.json | 203 +++-- .../iis/error/test/test.log-expected.json | 166 ++-- .../log/test/controller.log-expected.json | 498 ++++++----- .../kafka/log/test/server.log-expected.json | 498 ++++++----- .../test/state-change-1.1.0.log-expected.json | 23 +- .../test/state-change-2.0.0.log-expected.json | 25 +- .../log/test/state-change.log-expected.json | 23 +- filebeat/module/kibana/log/manifest.yml | 2 +- .../kibana/log/test/test.log-expected.json | 111 ++- .../log/test/logstash-plain.log-expected.json | 40 +- .../test/slowlog-plain.log-expected.json | 31 +- .../mongodb-debian-3.2.11.log-expected.json | 780 +++++++++--------- .../nginx/access/test/test.log-expected.json | 383 +++++---- .../nginx/error/test/error.log-expected.json | 46 +- .../result/test/test.log-expected.json | 53 +- ...-9.6-debian-with-slowlog.log-expected.json | 538 ++++++------ .../redis/log/test/test.log-expected.json | 64 +- .../system/auth/test/test.log-expected.json | 262 +++--- .../darwin-syslog-sample.log-expected.json | 59 +- .../access/test/test.log-expected.json | 100 ++- filebeat/prospector/prospector.go | 54 -- filebeat/registrar/registrar.go | 2 +- filebeat/scripts/generate_imports_helper.py | 12 +- filebeat/tests/files/config.yml | 2 +- filebeat/tests/files/config2.yml | 2 +- filebeat/tests/load/filebeat.yml | 2 +- .../tests/open-file-handlers/filebeat.yml | 2 +- filebeat/tests/system/test_base.py | 1 - filebeat/tests/system/test_deprecated.py | 80 -- filebeat/tests/system/test_redis.py | 1 - filebeat/tests/system/test_syslog.py | 1 - filebeat/tests/system/test_tcp.py | 1 - filebeat/tests/system/test_tcp_tls.py | 1 - filebeat/tests/system/test_udp.py | 1 - 64 files changed, 2717 insertions(+), 3150 deletions(-) delete mode 100644 filebeat/prospector/prospector.go diff --git a/filebeat/Makefile b/filebeat/Makefile index 12f54bcbc95b..6e0bd3fe9792 100644 --- a/filebeat/Makefile +++ b/filebeat/Makefile @@ -34,7 +34,7 @@ collect-docs: python-env @mkdir -p docs/modules @${PYTHON_ENV}/bin/python ${ES_BEATS}/filebeat/scripts/docs_collector.py --beat ${BEAT_NAME} -# Generate imports for prospectors +# Generate inputs for prospectors .PHONY: imports imports: python-env @mkdir -p include diff --git a/filebeat/_meta/fields.common.yml b/filebeat/_meta/fields.common.yml index 62b5854c2ede..a5a16316f69b 100644 --- a/filebeat/_meta/fields.common.yml +++ b/filebeat/_meta/fields.common.yml @@ -29,13 +29,6 @@ description: > Log stream when reading container logs, can be 'stdout' or 'stderr' - - name: prospector.type - required: true - deprecated: 6.3 - description: > - The input type from which the event was generated. This field is set to the value specified - for the `type` option in the input section of the Filebeat config file. (DEPRECATED: see `input.type`) - - name: input.type required: true description: > diff --git a/filebeat/beater/filebeat.go b/filebeat/beater/filebeat.go index f057cf5c1caf..06b4b00b20a5 100644 --- a/filebeat/beater/filebeat.go +++ b/filebeat/beater/filebeat.go @@ -77,20 +77,8 @@ func New(b *beat.Beat, rawConfig *common.Config) (beat.Beater, error) { return nil, err } - if len(config.Prospectors) > 0 { - cfgwarn.Deprecate("7.0.0", "prospectors are deprecated, Use `inputs` instead.") - if len(config.Inputs) > 0 { - return nil, fmt.Errorf("prospectors and inputs used in the configuration file, define only inputs not both") - } - config.Inputs = config.Prospectors - } - - if config.ConfigProspector != nil { - cfgwarn.Deprecate("7.0.0", "config.prospectors are deprecated, Use `config.inputs` instead.") - if config.ConfigInput != nil { - return nil, fmt.Errorf("config.prospectors and config.inputs used in the configuration file, define only config.inputs not both") - } - config.ConfigInput = config.ConfigProspector + if err := cfgwarn.CheckRemoved6xSettings(rawConfig, "prospectors", "config.prospectors"); err != nil { + return nil, err } moduleRegistry, err := fileset.NewModuleRegistry(config.Modules, b.Info.Version, true) diff --git a/filebeat/config/config.go b/filebeat/config/config.go index a1212fb4b6c9..748208f864a9 100644 --- a/filebeat/config/config.go +++ b/filebeat/config/config.go @@ -40,7 +40,6 @@ const ( type Config struct { Inputs []*common.Config `config:"inputs"` - Prospectors []*common.Config `config:"prospectors"` RegistryFile string `config:"registry_file"` RegistryFilePermissions os.FileMode `config:"registry_file_permissions"` RegistryFlush time.Duration `config:"registry_flush"` @@ -48,7 +47,6 @@ type Config struct { ShutdownTimeout time.Duration `config:"shutdown_timeout"` Modules []*common.Config `config:"modules"` ConfigInput *common.Config `config:"config.inputs"` - ConfigProspector *common.Config `config:"config.prospectors"` ConfigModules *common.Config `config:"config.modules"` Autodiscover *autodiscover.Config `config:"autodiscover"` OverwritePipelines bool `config:"overwrite_pipelines"` @@ -106,14 +104,6 @@ func mergeConfigFiles(configFiles []string, config *Config) error { return fmt.Errorf("Failed to read %s: %s", file, err) } - if len(tmpConfig.Filebeat.Prospectors) > 0 { - cfgwarn.Deprecate("7.0.0", "prospectors are deprecated, Use `inputs` instead.") - if len(tmpConfig.Filebeat.Inputs) > 0 { - return fmt.Errorf("prospectors and inputs used in the configuration file, define only inputs not both") - } - tmpConfig.Filebeat.Inputs = append(tmpConfig.Filebeat.Inputs, tmpConfig.Filebeat.Prospectors...) - } - config.Inputs = append(config.Inputs, tmpConfig.Filebeat.Inputs...) } diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 02a699966674..b83f3b90901a 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -4669,19 +4669,6 @@ required: False Log stream when reading container logs, can be 'stdout' or 'stderr' --- - -*`prospector.type`*:: -+ --- - -deprecated[6.3] - -required: True - -The input type from which the event was generated. This field is set to the value specified for the `type` option in the input section of the Filebeat config file. (DEPRECATED: see `input.type`) - - -- *`input.type`*:: diff --git a/filebeat/docs/inputs/input-common-file-options.asciidoc b/filebeat/docs/inputs/input-common-file-options.asciidoc index ee663f7e47aa..2cbf3b8111fe 100644 --- a/filebeat/docs/inputs/input-common-file-options.asciidoc +++ b/filebeat/docs/inputs/input-common-file-options.asciidoc @@ -1,5 +1,5 @@ ////////////////////////////////////////////////////////////////////////// -//// This content is shared by Filebeat inputs that use the prospector +//// This content is shared by Filebeat inputs that use the input //// to process files on disk (includes options for managing physical files) //// If you add IDs to sections, make sure you use attributes to create //// unique IDs for each input that includes this file. Use the format: @@ -94,7 +94,7 @@ harvester is started and the latest changes will be picked up after We recommended that you set `close_inactive` to a value that is larger than the least frequent updates to your log files. For example, if your log files get updated every few seconds, you can safely set `close_inactive` to `1m`. If there -are log files with very different update rates, you can use multiple +are log files with very different update rates, you can use multiple configurations with different values. Setting `close_inactive` to a lower value means that file handles are closed diff --git a/filebeat/docs/inputs/input-common-harvester-options.asciidoc b/filebeat/docs/inputs/input-common-harvester-options.asciidoc index c8722ff1568b..b9fa634b4cb6 100644 --- a/filebeat/docs/inputs/input-common-harvester-options.asciidoc +++ b/filebeat/docs/inputs/input-common-harvester-options.asciidoc @@ -1,5 +1,5 @@ ////////////////////////////////////////////////////////////////////////// -//// This content is shared by Filebeat inputs that use the prospector +//// This content is shared by Filebeat inputs that use the input //// but do not process files (the options for managing files //// on disk are not relevant) //// If you add IDs to sections, make sure you use attributes to create diff --git a/filebeat/fileset/config.go b/filebeat/fileset/config.go index b3a94cf57534..8a121ee371e7 100644 --- a/filebeat/fileset/config.go +++ b/filebeat/fileset/config.go @@ -35,26 +35,22 @@ type ModuleConfig struct { // FilesetConfig contains the configuration file options for a fileset type FilesetConfig struct { - Enabled *bool `config:"enabled"` - Var map[string]interface{} `config:"var"` - Input map[string]interface{} `config:"input"` - Prospector map[string]interface{} `config:"prospector"` + Enabled *bool `config:"enabled"` + Var map[string]interface{} `config:"var"` + Input map[string]interface{} `config:"input"` } // NewFilesetConfig creates a new FilesetConfig from a common.Config. func NewFilesetConfig(cfg *common.Config) (*FilesetConfig, error) { + if err := cfgwarn.CheckRemoved6xSetting(cfg, "prospector"); err != nil { + return nil, err + } + var fcfg FilesetConfig err := cfg.Unpack(&fcfg) if err != nil { return nil, fmt.Errorf("error unpacking configuration") } - if len(fcfg.Prospector) > 0 { - cfgwarn.Deprecate("7.0.0", "prospector is deprecated. Use `input` instead.") - if len(fcfg.Input) > 0 { - return nil, fmt.Errorf("error prospector and input are defined in the fileset, use only input") - } - fcfg.Input = fcfg.Prospector - } return &fcfg, nil } diff --git a/filebeat/fileset/config_test.go b/filebeat/fileset/config_test.go index 245b86c4899d..78a1f6f5edd7 100644 --- a/filebeat/fileset/config_test.go +++ b/filebeat/fileset/config_test.go @@ -25,23 +25,6 @@ import ( "github.com/elastic/beats/libbeat/common" ) -func TestProspectorDeprecation(t *testing.T) { - cfg := map[string]interface{}{ - "enabled": true, - "prospector": map[string]interface{}{ - "close_eof": true, - }, - } - - c, err := common.NewConfigFrom(cfg) - assert.NoError(t, err) - - f, err := NewFilesetConfig(c) - if assert.NoError(t, err) { - assert.Equal(t, f.Input["close_eof"], true) - } -} - func TestInputSettings(t *testing.T) { cfg := map[string]interface{}{ "enabled": true, @@ -56,24 +39,5 @@ func TestInputSettings(t *testing.T) { f, err := NewFilesetConfig(c) if assert.NoError(t, err) { assert.Equal(t, f.Input["close_eof"], true) - assert.Nil(t, f.Prospector) } } - -func TestProspectorDeprecationWhenInputIsAlsoDefined(t *testing.T) { - cfg := map[string]interface{}{ - "enabled": true, - "input": map[string]interface{}{ - "close_eof": true, - }, - "prospector": map[string]interface{}{ - "close_eof": true, - }, - } - - c, err := common.NewConfigFrom(cfg) - assert.NoError(t, err) - - _, err = NewFilesetConfig(c) - assert.Error(t, err, "error prospector and input are defined in the fileset, use only input") -} diff --git a/filebeat/fileset/factory.go b/filebeat/fileset/factory.go index 47d94c1e3c1c..bba19f2969d7 100644 --- a/filebeat/fileset/factory.go +++ b/filebeat/fileset/factory.go @@ -21,7 +21,7 @@ import ( "github.com/gofrs/uuid" "github.com/elastic/beats/filebeat/channel" - input "github.com/elastic/beats/filebeat/prospector" + "github.com/elastic/beats/filebeat/input" "github.com/elastic/beats/filebeat/registrar" "github.com/elastic/beats/libbeat/beat" "github.com/elastic/beats/libbeat/cfgfile" diff --git a/filebeat/fileset/fileset.go b/filebeat/fileset/fileset.go index 49c2b2a542e4..27646ca34b20 100644 --- a/filebeat/fileset/fileset.go +++ b/filebeat/fileset/fileset.go @@ -34,6 +34,7 @@ import ( "text/template" "github.com/elastic/beats/libbeat/common" + "github.com/elastic/beats/libbeat/common/cfgwarn" "github.com/elastic/beats/libbeat/logp" mlimporter "github.com/elastic/beats/libbeat/ml-importer" ) @@ -102,7 +103,6 @@ type manifest struct { Vars []map[string]interface{} `config:"var"` IngestPipeline string `config:"ingest_pipeline"` Input string `config:"input"` - Prospector string `config:"prospector"` MachineLearning []struct { Name string `config:"name"` Job string `config:"job"` @@ -115,14 +115,16 @@ type manifest struct { } func newManifest(cfg *common.Config) (*manifest, error) { + if err := cfgwarn.CheckRemoved6xSetting(cfg, "prospector"); err != nil { + return nil, err + } + var manifest manifest err := cfg.Unpack(&manifest) if err != nil { return nil, err } - if manifest.Prospector != "" { - manifest.Input = manifest.Prospector - } + return &manifest, nil } diff --git a/filebeat/fileset/modules_test.go b/filebeat/fileset/modules_test.go index 2eaba031081d..9a867f1b5d17 100644 --- a/filebeat/fileset/modules_test.go +++ b/filebeat/fileset/modules_test.go @@ -185,27 +185,6 @@ func TestApplyOverrides(t *testing.T) { }, }, }, - { - name: "prospector overrides", - fcfg: FilesetConfig{}, - module: "nginx", - fileset: "access", - overrides: &ModuleOverrides{ - "nginx": map[string]*common.Config{ - "access": load(t, map[string]interface{}{ - "prospector.close_eof": true, - }), - }, - }, - expected: FilesetConfig{ - Input: map[string]interface{}{ - "close_eof": true, - }, - Prospector: map[string]interface{}{ - "close_eof": true, - }, - }, - }, { name: "input overrides", fcfg: FilesetConfig{}, diff --git a/filebeat/include/fields.go b/filebeat/include/fields.go index 592f4286f118..aad5554dd275 100644 --- a/filebeat/include/fields.go +++ b/filebeat/include/fields.go @@ -31,5 +31,5 @@ func init() { // Asset returns asset data func Asset() string { - return "eJzsvf+T2zaSKP57/grUpOoTez8aeWbsOMlc7XvnG9vJ3Prbesabd+ekJIiEJOxQAAOAIyv39n9/hQZAAiRIkZLGztaOt2pjUyS60Wg0Gv31GN2QzTnK+OIrhBRVGTlHr/gCzWlGUMKZIkx9hVBKZCJorihn5+h/fYUQQhecKUyZ1N+a1zPKiBx/hdCckiyV5/DaMWJ4Rc6R5IVICDxCSG1ycq4hr7lI7TNBfiuoIOk5UqJwL0bg6j/XS2JAzgVfofWSJkuklgYDtMYSCYLTMbpeUmmQgakAtvo1PJM8KxRBOVZLpDg81OONSwgvuUDkE17lmiDTR7dYPMr44pHcSEVW44wvpuOvgvnx+VwSFcwv42zRmNwcZ7Lv7MyYgJ0gOReKpGaKUmGhJMKqhsSKSIkXIZUV+eTQogvGBZngGb8l5+hkR8JbrkB8XtFc09ssBjyyHFHDTipB8KoXC/SgkuZSMyJaLwkDFChbuJUmQqMhRyjBDM0I+kaqlBfqG8QF/J0I8U2IXi64zEmiuBhr5LqpkwuSYKUfPx0/3k4zyvJCwZzrLEtuNS01zy4II0KPGTAulQh4wDDpLc4KgjSadE5JWsKYcwG/TzWIKeKABKIMHhrgkiTw0C7bS5qRGcFK02tO7XqhB89fvHv/4uLZ9Yvn50gSgqbwMRBk+jCkV/XLjoz0T0KUcNaazSaKrohUeJV3T/KSoQRLYuEtiFQopzmBHZNjIYkRR+Vo4Q6y+0yOEFVIKi6ILEfW73BBF5ThDE3/vRxhih4IzZuSMKU3gxvebBE3ciAmHxqK0GpwoHFt2poSkqjxiqdF1mNtS0qaD5BaYlUtJsAzq9wCR/9rABT7WW8wciMzvhjPcUIzqjaHE9t2QEQ+KYETjUO5prmgXFC1iaPifj0YKm5Ax9sGThc1JLkl+otJhmckO5Sc1rgsixU2EhrPMoIcoO5FuXM0HKBx4xxIiJTjXPCFONx5pRHQANx62OFrwIEAGV7IbYPFNRv41EGILfVSqXwsiMw5k2RMMpxLYuRZG+O1YPDCfGqky4yoNYEz+LdCSznMUuSAaPGyollGtbDlLJWdGFmhN8kIW6jlQJwurGZiPnZk+On6+l2FzYynDb4D1XRCEhnAWwheOAHva7TeCZhXAhk+8R60oIjQ5TuE01QQWa6TgW+R8viQC1Ub3yNBB4R3XKgtYy8Irw3tzzYc2xv5R8IznmA4MvXp6kZ3v4dkqsDpVaVMr6sn19t2VefcEHrj7aFy3HKCPsyCKbGZUMknCU/3hHphRkOXV2+RHi0C0FGmAWhB+CTnlKl+oF5xtqCqSAlsowwr+EcEoCALytkBSPoeBoJRY4TUsnh/IBf6LGoBYWdymKWys6mtlAOVEqko8xdq226P75r4vmndOc294yEy9l6sw+6xidqp1Emn7Vup12baGXrHlurcVF3bagvIrVtr2+baebLxLda9yXanbGSr9dls+86uZcsVkogJXhCmBp6vXHYeUm3bdF5kWbfA+sqavfTdobJ7/Yf5V5etK+GrFWfI3jk0eIRvMc1An6QM4Syzl1cNMDCGBSTRA/S84/g6o8YQScJSd7fTGr01+sgxuvTegs+8S52+Hdmrr7ncFsLKIpqRkX7OzO3J3Kap1MuWwphU6X8yrvzB4BO05FJZSPb9a46czarEY6R/M1dx/c9pOU54JW/iNW4SzUHsoe073OCiqwrBSIpmG3N3zvUNUVPRWPQQZ575ARD3aCcKxihbRLDR2u/vnPXAxr15l9jcEiErWdmBjH3RsRWwc9+r81FlbTgK9nOKVaclaM7FCqvgvdLC+qxYFFKhs6dqic5OTp+O0OnZ+eNvz799PH78+KwfdY0JpTR0mG2oN4ggCRdpzZwUTkptvXE9EzOqBBYbeNdQy5oWNb/nRJiF0geL/ocSmEmcBGeXplPD3qGlQ0BHPvs7SdxeM/+YxORyxyUIZJUWu9WeggsvAKthQITgolUwt93+9EdOAtobqOZfnKZUv4szRNmc650NFjA+N3DkeIuK5ZkT0W7qn0HNkNqKeXOzs1L+xcVVXMi/uLgqKRQiGNArOMjMkM+8R0C8c9SDZ2GgGg2Bc1OsMMIzXhgxCu89SjKq/yOXNAf2WuJKHCeC2D1bXvrdluOKcUWCpTN7Tp6jSyt27QJp9pWgmhrDeQl77CT83JrbxuAeefbu9cieDWpZLZqZlhVSTrTjPH8kibilCRl7k9c8ooWClkUpJ3DIoGSJ2YIgOq9uo5ogYPPVB+tS8GKxRL8VpKhEpkQZvSHoL3h+g0foPUmpHCEunDHHe7E6xIpkqaXxK76QCsslMnNCV0TcEjEefDsIpe+O3Pu3UDIb+ldMaP6UYvPp+GR8ciySswYyh71nb0HD8UUDC5ruh8MHRn/TykhKmKJzSoRBiErLPw/oHOkzlXyiUsmHDQxLbj8HjjUcDt+veZGlWngDP9N0HJvX9/jJ/NuTk7QxL5IvyYoInE32neELN9I+kwRrIE0R05spyzZ2C0mEE8Gl1jeMw3CEZoVCU7OaNJ2We65r9vOmCJzh0tjpVOfqiRWAp9sFoB4GDs/ShKnVZysQjf6DBdHKELgxeI4ycksyECCSlPq3IE4tt9PVo4D6DceOlody+G6OqDkopuqgNnVH/8mXWJJz9DhG3iOt5xyffHt89vj65Pvzk2/PHz8Zf//t4/8+6sc5z7Eij0LfjlF5rF8IlJwGq7w04t2SxbCZEeAwqeiAgeI00hpOMKSW2fAFVZXvvQn5vSWSNVvrc6a8Lcna+xG1DHXsr4qmH385ygVPC9C7fjkaoV+OCLs9++Xo155UfUUl2E4tEHOrAUcjXiCCk6V/wDbwBY9FE+NAowsQ/p8bsjk9N3eu05GGemb/dfaPfgj/hWwemStbjqmoE1L/uTBaqpsITlO0IvpA9Q5fxd1CoKsliEY4ia1SwohUJFx0MyU5Rs+yzCBsdiL4KVN9rFoKdsnkacqTGyKmoDRPb76XU0vBFvKG4Q0oFuKAql13GuWQn0iWcfQzF1nakyUaW4Y4RGIeGO9GHpn6JUNcLYmAC7FWvKLjhQuWcJZgRVgocxBK6XxOhN6glv6VyITb/FwQkm2QJFgkS63/w2V+VWSK5lk4lDMhmDMGVL+NQyPhqxnVl1XKFIeDqDm90oqV8SINT4YL71E/3filkeuCZEapNU5+GFqraJTNBZZKFIkqzFTtylQaqDkRtM43F3zVUxmeo9dECZrMzHW71GD1ucLQi4szMCgAq86JSpZEGr0U/LvUA69fG3k4w0Uo4JFAwacSrXCypMysT4WEf+GXgAYSZMUVce8jXihJU+LBimOHkdW9/SF99Rw+HtkwqIClzbDVUMCtFryv9VsAIeGGn7q54Lc0JSK2dYmn5u7vOYJ5OXBjxwi+KCPJ2QgtEqLvEbWNt6AKZzwhmLVIKmsUNH5sz0AUTKiQxwRLdXya7DevZx4wBDYmWtmPqDR8Wy1MC8rGLDzktC3x74emNRLvghtlUmGWkHEvdbtEkB6fnj1+8u3T777/4QTPkpTMT/qhemnhocvnjmEAUbdRt2C5/+WrRMC3/vZAwf3a04xSUkqdjVckpcWqH3qvnQTY5EOwwwn4kQau4tOnT7/77rvvv//+hx9+6IfedSUPDUR9bnCxwIz+bvQdmpbHq713barzNBhL/6gokWDdN6fnsT6MmUKE3VLB2Sp2N/aPlmc/X5WI0HSEfuR8kRFzMqK3739ElynYKqxmAHfeYKjqahg7c128Y+3crT3ud/aWX/m3K6CU1tcbamNlpLLRd0kDHWRMpfaOYQIGNMt4w9QudEuS5SjhwigA5uzRV8WKOUoY0p5vbKMFiL67DD9y7If77df3ZhC0wgwvjHOGygrP6P3aKL9NKXIYm0kVBusbN0ogK63AHdZIBGOWvmQDW98HZwXNFPK93CEWCi/2Q6JiWosCXjRhHSCAoQRjXKt1CH0vfx0m/S0YXML0GlekjtAGIwueN37oJw2879zmNG/OCEqJwjSTngjwwGuWwOUwOU5uiHoUWKb770+aN0hK2wIu6vRqhFo1gi5iN2WtQWlpZ29K6PLd7RP94PLd7VM3IJFNBqi5Jndks5+c27INZdQWIxaNEuuE5UeKdcJZ4T111NfPLrauhQ8w5StM+2ijkct+l9HM41EDoglaFrPPAL2EEt3I3mWt3MPes77bF65k9ZNccXfvqbvrmsd6gEnbUW7C24PjHA4/a2HHaE4FWeMsGyFG1JqLGzvuCBGVDJcId8OMwUTvSPiA/+uzyY04tFvC0uBCG7WhdXIxsJUZJ1j4CKwDuMRKeDBWZL8SQXE2YcVqRprz2gWUGRGZEZsAXSjH2ORnjSVp8mN/GXztAkNstpd/naKsCppG9dPqDaCn37fvGJMZvSV6i3+4vigDguzIVKLjk9PzxyeB5Ub/MQbkNc0yvWGPv31ychJVWeGXJj329tlDCId3lzS8W9nKQJzUDHr1AQQxUUooFyQlczBZZtaa78aDmCx0xVfEzQnkYjDUlLAUwgqnIzR1kkv/naYS/pPDf3LBP22mUSq5j5qCPYi1sOEI3qPesQPVZSmBhAab8WNjLED7Yht0Q1k6Rh9M6NUKbnD2hSB6YInznIBRJiPGeKgJba3dsMOtpXoNRK78QlRJks097x0z4wfrM0DRO7iz2CWANbEa7FPYGnASt/lXl/R9o5oNFD2O08FdDGB9diWz3TYCVV7c7hKoYlY7ZhCAbI1Pqk15gK0LTLKD2n8Ybrh8roVheWtpRMigTn9/RMErVxQrsuBis+eqAmndWG2ufeuJwSakywm38KvaVFbgRpBxbtxfYD8z4npBbwkzHhoqQd6ULndr5PV9WZpjYOmbht5yqiDCbRSDm6iNktSTj86VLSj7dCwVVvK4c961cLydjyozDkpwrgpRIWgYKzjM7Jtwst5isYHzKxjPRnwq7v42K+CkzugNyTZgoGRJBiHrMJbU0CRJCsjts24XOQrHtJFNs4wnN+CKEei3AgvMFITp/Zv+cU2yTP93xQUx7n2alDD0CMGQGPL8KbPnwsgkqNNH3AZZfdro5V1jkVaHR/ycrgKMBy+0IKUppSnH/cTUHdfWt2aVeatU9tZBNP96kjD8whvVRhVQZiOSuCiD0OKbeSN/y+LT1qhVdQcOMG87YMvaJZwlJAedCqOpfXeKHrj820dO8BD10MWEV/PE0rMKGUadWZXXEmaMLlXoK/UJakSKJmshBGEq24SjmdgDyiokTOgiZqn3yK4sxK9WycZRwoNMiRPe5bBu0/w7gxG+6xmCcGWBlQeZvYK7x0HCJ/p5ie0BHPVolF9ZX+eKYAZy+pYIzwtSJnWWoQp6cb6RqMiR4sGIxvqbZ2RFmCJCC60VviFIFqJEkhIXqsUklZCmacO1OiOAXJJ7DwaPUPpr9EGzjyoYViBNIajdunpNTgOSS75mxt+QqGyDNkRpRv2/KOUmtImLm2BIypDCM72LtQgNfrqU6P/7+vTsyb85I0mpmpdm0f8LYVJc3GhEYC+BIlUp2MGAxmBDkxsZ5c+jK5Kj0x/QyffnZ0/PT0/MrfHixcvzE4PHlT0ozL+CRdPLJghW4LIgwrxxOrYfnp6cRL9Zc7HSp0NCpJwXWnhLxfOcpO4z818pkj+fnoz1/05rI6RS/flsfDo+G5/JXP359OzxWc9dgNB7vAbFvAyY0doGU1SUvP/BWrhSsuJMKoGVCcmhTJGFyTlHdcGGaqUl9KpTlpJPxARUpDyZeHEBKZV6+VMjqzDTr89IbUQTdUNSE3JJy1wBocUQuXV1AaYTY0YLLpIAO8wpB8qUaPi/NXbMEsvlbrulYqvKbR7727P/uHjee8l+wnKJHuRELHEOOoSJtZ5TtiAiF5Sph3oVBV7bBVAcdN2ZPnx5nXd6rupw+1NrCOcWVdBl0kQiwdxPmLkbFBeQZIBTvc8lUrxNizCjyaUzoVp7LcTV5djY7KtgxFLeUoVyLiWd1cK7YD8oksCb5hDVeDQQnBF9eMX0NrO73AdUQixSEM8JZ2whlQkhC3Lh4OD4KlxHd4w1sansC1voRJwagDy8Tsan47jtCn5pUaJsztm2s7zLcujS1vyjWFOBYcbjNrzyJmmyNxrAa0HGHcDN6rgskHqoWTSe177cxoBVPpVWf6lUlCXKiKx/936zKYPeIwe8oR/YRAxbMQJeHrvQSkBVEqTWvPq1vPbGtRhcr51Da/VtNEPWJk6lLVRVFfcKxpxtqooyWtLDQQDmpARn47DODvC6n7VTrwnk2K9RB8ZhOKqtW7NED/WDqX3Gl1qrNQ4WnOfmmpjj5EYfieZWqm8dxl4XWZyG/bd6JYKv89k4AJqwccybTLmF1/wCSbXF1/QvaT/yZ1GJRcg4jW8qQeXNRCZcNK+E84zjnqa991TeIBjFXHPDijpmhg/IeDH2buQ8K+AO/TBctg+SoA0vhL3mfyOr+k3mQqwXa+tkJvrOvM+M3sCdm/5OUhh1y+RGJuxUJhiq0aETzWinzjkQtd6sMGXZRi/NvMgQnetJwxUC7AxqiRn4153ZQ4sPLCVd1ERGhZyEjAMYZo3NYScJQdiaD2AqhoJe+ofN9YpYRfWdz0KqWUCtjfQl3Vbf6iUtcylLT2oYDgFns19QsG/Ge45VpbxFDNEBRu9aqxdC6MKkNeIJr/ezFzQAl6uvV4UdY4azze+lauC8xoYngpEgC2SxEGQBp2d4RFZZIGJB1GQQba7hG1PgESrVbFYZZf41Kk6jNirtXBrhcLTqSS3ySREm62nHTcxbsQb2LkdpbHVA38pgnGV8jQiWGz03ReDYmW2McbAcwiN6qY3lVrGqL7Vvme6BN+AKxtYHpo5BSgXEUtr1fhglUT2qYTuc584h2Rb/UO2/GizKfNdPD1CX+gPUqOJn7K2s/LutRBoDWXi+k4Frf23Nr+jyOXrw4fL5Q6ClO9s819qDK/ixmjzia0ZEFB/4ZfCqwlffmDT2ykBXG3oxbKrvBF1hsTGCGOb4Y20acShB2ZHBcPyojFYYq+1sUl1lnj45iQN+rXnHXxXKEE8UzmqWqCgKkv5eR6G94Biskf5Cg5htFJF6C1oLCtcqAE5TpxvaCpw0POOnGsNpfIuugpjcyIUoQOYVlspUovPrFoPyueIpVAWNQkn2gbIiCoNnwGTbphFloyoYZZWLH8sH/dyvPxLue/oTLMTGTx/CVeB1WVzKS5xyN/tyPC40ToFRHQ4Vhi7fubqfPjH6eGo/Q3G3Jsi7re1Wh3fXpd3q8O6msluDigcv7IbqG2DJZS0E4afqSb8toD+oa9s+//rsDvDG6Jmxgzu3eTlUvtxIfZ10aSojhNEtFarwH+ntgJ5DbH49gL8c6I3zXHqRWoHfr5a8WCbssXqR43LIIMn6UcKzjCTK2Y/9fExwCZQ2kWyj71iMkJTssHX/5SLZuqzeVXBbg077bxJgTFdHJaic5VEpZiExbOwMTWutgE7dt1NbSQqyQz8w+snde20qZ5HVPKS/FTiD09AGP9vqXMDygExZRDvwxRubE2FhYqaeb0LT0ohrSK+4/qaV5g3S9orzGRZmbUN/DN/FzE7PZFC4jHGFcLbGG2mTr0y9MuvyMSYKQcBPStmifi2jzNh1emWDnQd268L5sKZlPbhpJEtm9xhkkJ00d4HI7UmD+zH3Tzb1bwucA8SJ2rCals3ykgubVecSe22FCys6g+RlPRTUDJqWyY/T0GR3OUe3q5FL5bI2xyC/aeSbkr0cPu80CEasWKidbcyf+Kb5Gr0tS8VdGQtaDFRVP3GcZ1jNYzbDQXR/Wy9Q54ZFDxLCFJcjVMwKpooRWlOW8rU0of0PY3I2xWJtkytiGPeUtZWz8jVO0Nsr9H96uiQbc2lcLgN05nhFsz5RfhVCKZlRzPqic4UMCPRAkHSJ1QiZ70dQwGEm0yhNY6j293Z6nt6T8enZ+OmutAuC8hs4YZEsqSJQqGEQVp++fzp5+mRXpHywMZ1Uqbymk15fvxukkzZLVNgi41D+XAb1z3eoPWTHGa+IWvI942B/Uiov67KbAaPu0R9fXI/Qu7dX+v8/XEdQsgXapcKqkPFbV39V0WJla7KbMWt3Lw+3JydP2hGa8bS5PftHb19bRQnYol4mPoKLqR+z5iJrlgU7SLoLkKaR7OJhcDo+bTK1aeCEkN/EqRcPV0VjSkuC4l69m+HcC0W69qPBK74ww5RNhqrOFah+6jfSOdD052fv30xHaPri/Xv9n8s3L9/GUzVevH/flKR7hZy1x2ZlPMEZKKWvN3pCvngbFPLTSr4aY1elvUpXo1edCIRU2DxCbwPvjWC4GZlzYJKMKhC2VKECvO5lnmyORTTo99LcXwSYz8yFeGpBTK3bowoWdzcdzDxftB45GNJjCzuS1dMicThu8qPGBMexq9YS3xKEM0FwukFS85YxIRoLkASHO4XcohuCCEt4aiOsGQkdRtAODUr23NpCThnBDMInt9aJ2ikgDUluI82+aUSk/VYQAdc6m5thLmu9gtICOWODAUJZ8yZ4uOsRWuaGYoWHS52o2tj/GADDo0lnmG1sQWbIlOKuR5RL46TCYRo/R+Gg/ZnOqfdrm6+x3dvY5W/c4nHcZzINsuaCK57wPeX5GxdCYkdDrRHXnnLm+euoIAdI3XjuhnHiw3GcEng+p0lkH74nCV+tCEtdkAHsuPMaxf+EKJvxgtWX6U+IFyr+Q8FuGF+zGAn8sRqksEkWJJ3saxbw8pPLyCPr0/R+sgcIZHjEtZEfzsan49PxWYjv17aQmWzMwE5vDD6jPVRIx1N2POODiqP4fVN9dFiY2hSHxMOOGMekWajXccjB6OEGHEiQEo/DUaTEZCBJFFc4Oxg9YDRLDGPILFamAJFHd/T/1xYiiuvjp9+3IHuHRIvhbH/zsW5iUKJ99qR5jvvVsMLD/G3zl/6pokGRLeu0IUxo5Q68lmuqli3Zoglf5ZhttCYFNbeqS52fBo6l5Ak1UYdULWOloza8QFgIKCJuknwUEWaAKkMIM6NRwQEZ1nsp4fqT2eEetKdG4q9Dl43q7tKm/fmPQ+6RNZ6pWSUH883bq3oh/DiT1DtljP1RwprQfK5M8pJebyiTaWyzuSBz+onIUZkmCf6UMZfjP001H0yrfjXm4fClv3OrK6DeYnp9GK82VlldtzLp57G2+mh8RiurW/Vt1taH+5QzaRhYj0XSN82pzcgK6ZOQKCOVKFOoffxuiGC9TC8Vek/GT8Ynx6enZ8c2BXhXJA3sblwDGWITAkJB8i54uEs9jFbxgcvGni1f6ru/Oz+q8oM2bzTMQ9WnWDkeoumjYBvZmrv+Dd9IuWnZWpSmUyugpMIb6QL7DDBXWENf9b2QqYTntAopWGR8hjOvmLpDuW6O7y+1sOhVbb0rMNhSBItFsWpJAX+NN2hG7LFclqOC7CRJmKTg9o9WFfL49uPRcXY0QkdaVOv/ulzDp0e/7iriekwrcgoja4CE9ASU4CwjqWvtagP/BJJ0RTMcz2mXXrZeuTUiZ/qAom4lW4YAO+AdBmCOwavdcLlX0SZq3wx9BwqGaskK05sMfh/ZLaZcxgyW5Z5tiVcK62RboXQVPOyv1Lia2PXSicr/DSrT1vufG10Z+3vfxgO1KbxzylJr0XWSCxKrILqvNO2X4znw+ouYD+9LVu2xxhlXRty1DYottml7YoPRTexGtqkq+oJF2Gs7BOkpN0R2JUrW6OeVDjBrxTxHSTtqZbjH5dzeRwgin3IiKGEJWM+lhJL9+iTRYwqSQvUIU/Z5pD8KBtSnk73JcJt1R1OXC+MQhKBCt+rwjqRsAVHAtjJ1HdNKPXz8HfmWzObkBJOnyZMfvjtLZ+SH+cnpd0/w6dPH381m3589+W7+1Pu2O66np9Tt9KCQDEtFE5NL3VMx8SNIHZdX9TvsLuooI2aEdq0Fg4njjmyvgD30Hg5LvaOeLAJjmQLLZiGhUIKPrGtpNXUDmvgv18YoGHkKzDTdLwpnWMiVFZEwWgtcqcJ81sMAvrChVDB6bd33UeA7+fLx+GzcNzqh1tDLsaQv5fvwJZUm2UYa7yy/QVirtMaqQZSJuA+Fvd/lEbczpU+fz9TXyhHh4J2t3MT26G1ViCw8/T+8f9V91H94/6oen4zBmpURRfSvIyPmZaJJMrL9QaBPJLYWLA+Iqw9d+eZcDZ1u80UhsvGfppoFvqrNdoz+QohxOlZtU7wyLOslYeSWiDJTs5rQjjrBUpB5g336W75eFlmm18GQpvSC9mktNNWfafBTk2H3EYx6ZoxfHyyVyuX5o0fr9Xpsz5Zxwh8tCpqSR4Q9CoYKDp9HgkC8dUIePR2fhS+angCWYEu1yr6e+P6+iV78iTMuTmy+n5APzfTs2RTuz/pM/XlpxlFEqvi8xy6fcFrTFAmDkhp6jRXXyhXC4BTeILzAWj9odbIXIkNS0SyzZWuqEADrytb8ovURvTFNgkxsZapVYaiW9CjNlTbHwrB6ddN2IfyJqR0QKmu2EeQ0nLfeKsbb3bx9fmY/bBlb9OH9q33yPtsyPy2j+r5Tzd4Va58/efL4keHg//3bnwOO/lrxpqPViKj9JP8VjFFq8SbyrJJWR4DlUSwLAHozgZ3kfOrCHly1E5BeMHL71Jty6E4KKzenVBH8KOi4DqEvEEJi6jth2CorvEEgTmyG1uU7vacfcQHV3K2zO9uYUwMsV8GQXuT+2LRwhQBnaZp4B25dUA4XvAy6qfIGglSvgJLVXJpmglixeSjBE+QF9Kw33yDjkyeP49F/Tx43UfFzwYefMJCU3bqcdsccjb+c5NB8YrSDZweVFg5ZkPx7EFDvUnN6GITCunTmF2P5rZM5POgcyWvCKSYeQDD8bxAM5BNUxPRqlPgQIVnIbLVoNRrG9TiwW8qa0d5cXK6R+Q0DTK1curdGtUMoJIRRZa2FmCGyylWFF0zBvDENRjEj1C6dZY4X1VcbV43PlUoxFfm+LIcatLWIvis+nQu8WIWlf3axGnLhh/1ohQbPoVChXpCvp97eVzxvZb6vo6eSQ7GJvMtc3w/5D3aU2kZqgsuxlLVhd6rtYUaJgvuqPr3aVUkObDdVlhuom0jj3l941fGUIBm5xR5rKI78KpgvPbcOvjVdXQjk+fq9XfQTCqUt/UsyAFq64rhl0RqajqorHoMgg43Fx9ToNcVneHX5UcvKR/35bKpvaw1sirqNtWxJEZbaPZzHxLfCVTAaW6q822E3vLkYQ/6mqauIFL8hjP5OIl2syArTHcO0t2w4M3SYz4YOUmRxuyncMd8yNEc3cvbNixDLwtlmBYWQ9CsRWn8oqzFBcAPYR1ykg7UkOsdpwtncMEq9KUwtirGsfFkvw+XLBxNG0ZQSyH8+TFaYIZ3EqAxDWs22nteZ4GsNxMku/e3GOIPK4eSSr20A+5rMSpMUWGLrVZvtxbQoEa954Pvv7Nbcgv6q1wdm0bkNLYte1EoDbK3gzd5bukykb28yc4BMmJrpdCvQFf57pLFNfz/ma/19jKyohawryvYDqL8fAjDHKukjd7qvPslyCMyhEUIXS8FXPQtX1o+JNhz6p4X2BNYeR7ZTPmV/Ju4F+E4YuR/ku+DoJuRjTcOqXbjfKrxM3S7r63wVhfjaVd8BKZ3Usr5N7SFbwwCn6QRemJQle2wYgOmb4oR1cHrpV8fw1bjWlDrSkLqFIl0Np99Z/3Nbx+lal+k23Jxnt3LYtOCytaXxVgjeDtwGo17YYjsU+8LE8062Nidugb69KXEb8LZu3e2dultQGNyJu4PloElouapV4Tzzy/Gn/qxnP9G4+K2H26EHrcBbAPTr5m03etnq1jUzdP+ODG5L70DrhboT3Pym96xccqEmoKwuqtxIzJIlFw7ecbnLvwo1slIt8jvwDit4ZaoCfZZevR64VaxT1Wds2Fuhsv9xvK2dbgXrczfWtUxra1eFdasig1yyOfcZ1UbP1/uhO97Uz7dypl83q//lQo57RwBvse3Wj+xvZC3At6TSTTHTP5hcHUurv/jPIpCq36siesGJXQ2KfEp1b/rqo63kDZAeRuScpwdgfo8COU+Njh0FVewrYjxI73iKPlw+bwLS/y9zvO8N0QNVjdgExtNDdB73gfGUtJCwr+joB8iMhlY4b0ICa4gxYx8KnDdkHOYhxbEHNwkkcxfYAxxIUbhmXCthcI6TJTmrxMvRM/PkKC5d7K/otesIFooN298jJhYqSCgqE9q0PgvQj5npiLJPvAyHOJwtJLtw1Q2sDcydOA6Pn66v3z23cMCg5buJOh1EZMUVCTOLu5Z1C56Aa0YJ85ONx1HIYLyqMfGekEvfAlxGwKkGec4zLGmCcKGWprmAsiUbKytmHblGGZ5tmPlFdYYj7Yr1QEmhZsWeWKjagcgVQP7w/lUc7FKpfNK0jRwAPsCNlL5pVv2p1x9CbbaKIZDL4j/1QkQV/BlPNxNJmGqkJ3diYKzo5yj2UQ/sWFkf0yQre7GkYOVuqVnkk21OhKhVbzzMcrmh44B9M38ItWbw7gHywi/qUrDjVqs8esuyDXI9kWllXmwMaT574YceoDwrFpSVdSHNjd70C9QP2sVEw98RTrgu4IfO2E638p64cIUDzbaaKWZpZJrxowN1eRlCAsT5rAcZkB+Zv80ZUEeqbksNcYrs1QEIrfo6DBpI1cysB0Wqr1OhjlTduRAitffq5X0dD3W8ImpBH7TaHRIDEWdbnBR1fHldwvfBdgdc2g36TYwmn30bDMPuc++HQdjtyIB3u6RNR3KIV+R8Re2F5gbg/NbVkvMOXlNNzJaI0weV7QNjQsKP9ZvH5k1z3sQP0AXhLVePfc7OHwm/fBdEMiwwhPel+ipAUmR7DpaXn2ZwrJ145Jw1g/c6Uhvj7XLEtvZaCOl1UKaM9GFootXaj+GAiLX3aajjE+nXEOIR69swkETZll4OdZziPR0OSB5zg4v0e6hjEuv7cGA8krAnRAc97pZlrJeqvbMHESLi8B5gjLFhhmWskDHCmHEHGV/qZVO3UaDHBa3s9B3UUo0Wvyx5A+w1h0XDS0koneFgFYLQybLphQne1HRrM8M0q5Lufps0W3ixIGk3QcLSCGhPO4MrP3D5PA5NHRQaNPhOW4GtnIG0CW/ntbbN9XPB0yJxvcvqdHaG3SKlKvXtuvCgxaxrzLlg7HQahhmg3GX97bwOMBpi5q3v9Bp01FUSmS8OKWNeUVZ8MvD10GP0BjpYZH75q5QnUIKFpNBZFM1IgouazgdtZeDlDcMrmphyEFhstO5mhrcNpsu07vg8USDXEy7SSS3NvCf7dAH1lN8sneCisVW2jG+bDVPbE8u2hnAVkrPUAr98bozFzqoOai50R232I0dmDBg1jioj60Ojysi6RHXsUe3yeS2DpImswAlB8wIygN3IvJqlfmQ1WypsuLiqcq4fZPSmeU7PiA2XFZyrh+0LJodaPreulyQS7nSHX7HD4qoXrMJ17ApNe6k+ipJalh9yWQiK1xZstvEHi05Bkt8KwhqmuH2OEn9juuGtXbrF8pskO5zI5k6ZwH3CXEJqBR+9DI+ex3UfBeW5FyqVtDqp8rscnCqy2ss1AAPY0pYdBKJVecYBYPRXLluDpTTBqmz7BD/xosyHMvVWa3g1rwGQDW3fohL9TgQ/hvv4vyFs7QnQcHpFMIOCPXYzzamQCgZt4buT4bMzY7qiZU4k2sJ2Cc6yVmfUcFiCyCKrUporGFCZEJRDLtAc06wQpEWcfllDydQoPmOteWi9ftoYssMxcW8w+VxX8AAjqjZf2DLBghTGRcPDi+7NSbuYkz6z+cTe3IJkbe8C1yjYFYERvFMF6cTuaXUwqP91rbUocyT6LBjgyI+Q1W/7dZ6qElC3P7/5T/nfj48a17o6vctzl6XkUzfkSyhIrV+Jw5zTjMwIVseKSHVMWV6oofBpa1SWhU7TOGz89sfF8/Xsw/v5xd++/e7ZVfLb7GKx7g9eLrFIO8GXGcfwahyLk/4A4ZDa/dLdaanDm4Z3PZwMbGj9VljYkUqrQVvvjSIpaBFqpK9mTEL9Dy4QzSem1t9RDUpFCf1V/df2DV9uKA1969Uc0HdZFPYuvsQK8QQaV6bnNuOUF3JioswmKWGUpKNaWNVEqzHwuPaW+edCYAYtbhPOmOnMEX3mPlN4lWt1ZFKW7BAFm2BvIPtv80E78UL4w8lolm87HX8Gy4uXRd9YePSg+YvLYn3/4uoaPXt36T5+6HNJ+d0aSlknhN5WGlr1mr66M5I9HJnuUxMIlX1gbHKJVtP1v6EWZerj+bCddtU4O9PNGoO3sqBnN67VR20SrR1haFDy9Pvx6fjJWRzlmi5dXvcEZQnNGz7WJqLlm+iBq/nw0GwZswFq26Id10m5sYYTF9c75MRx9fUw84nBVPMR+USSopOYSVZIRcT5ijOquHi0wrQxne2oFoJuxRO4n7AU1Cr04f1lK1KPJp9ynNw8kiQpBFWbRxOP3P3N25ViBbzVW0A6XhxAxYuMYHGVCJ5l783Xw2lowU5q7Q/juOqXGvWO6NwWhevAVH8Yxy3wuFQRYLkgba3ydz16y1tvs0vxABv6jxdI60+SqFqcdgykDxZqOBzqsm0t+X6rxR8vDIihN9u7u675GvCPFy61SUuKKKLe8hfCnPthH/kQtXnG8Y73pIsaJiVAMBkKaMRnjTf/iW8bvf3bEZeJKGYTuVnNeDZRek9MFF2Ru5oHeocLSaBSotcY3/QHtHUVDS4IcIlYz2qIQ9zrZ0C8B96m6Nc2vNcE30wEmcuJNYoC/neI+TU13e2ZQhVEQAOVpT2lN6muMEmBs4xkE0Fkgtnnwtqj9wqLG419Rm+JzS0CY2xGTHPKKqdBKp7nTaOZ7+7HUk4KlnGcfq6ZGGjALwwcIIBET+oneQF4tptiIkK5J46uucDFuw+Gxy2/EDHnAlxclSiMoNguslE9SjxOZLSV0D0nov/UJsELBT2QILsSMjljE/AEy0Z+ASxtoyYPSdSJpSA4+xxoXoNPg2Q41/xaQxqqNNlqz8b8W55ScG2BCtXgx6OMymXcpP/329VEFKxlC7ZPpE8UCHWVkf7zb68tNqbwkd1tI9OtB4bXXG5U7i7nngkskRPw9Uy0lGkTHjtj/iMWM7wIqGmhWg+ThmqXISY0SkbWIhBOF4fzoUmsUVCc30A3BkDK4tmJl8KLePrQTqE3P15AkI05ehctIJcEH8xr9BPBOVSkT8rqYG5d6O+DdVn9zeRm1irUm0Vme6KJys2rJw9wNOPf0Iw32jyGKOmT6c5Q+iAhLAfnHcj4sRMLEs+022Hh3mapC7mDePgkKXLMks0ffwVh8fgcQj+8GfwBlrOVpttXd8MLtjjk+v6XHvCffIU39Tn8Ada4g65x7KpgHHHbXh/76MokcWZ8AfaJpoOjzgPNdarcpqucs3r4bgjuFV9U74WWncrqw8dknIxX49dE4edY4QtBsCLgILKNXsIv2w6uqOWmjpE5umIDNrm/y04DTNO1V47MEv540W7uipu6YrswvltKmc2aF5QQlzqkLiw6IrdKbWLdDHQ7OMBqOSf8loglwWnHurYxV2ylA0Dlxsn4Ogycre0c87uLiwMN90Vbx6gK/sezk9Pvj0+eHp/9cH16cn7y9Pz0yeiHx49//Xj55uVb9OtH4yk1Q4wtEmModf0r+ng7+dt/Lv/+t1/RR9OrCfyxT8ePxyfHetzxydPx2dNfP578Cirhxyfjb1fy1xH8Y7KiWUblxyfwb604L6mSH09/ePL4W/1okxP58deRqXwFfwEUwM308a8fXrz/r8n1Ty/eTF6+uL74qRwDvKXy46l+H7q3f/yfX44A21+Ozv/nl6MVVslygrPM/HPGuVS/HJ2fjk/+8Y9//DraR95AWLfoFjYLW4ChjRuixJ4TFa7edhGjCdyBCSjpVJV6urXRV+Xb2/B7fHKykjFUahkHJR56FbsQ0b8P2RrtUwY+6QB1pbCisBuGwGuZl8eLXSBNUId+qw1mnZEHzhlYfFJvXxATDd3rOmCTDKAS+aQEnhgkO9B7oV+zc/ED7g6wTp6g2bYdYC9Qhszb5q7agsGTs4Gb0Um3LhzMtYyqgwI14nArWNMgKDWxJm0InA1DQPBC0doJHcJ+b95oW2Z5cvrTf5/99T9ufvj7+slCLfBLxYZtD9pxIF+mB5E6WyTAdcfWT3nSBcuV3cO54J82XlSZfdIST2Z/bUSShcXIq1HR8CCyhmqSEqkoq/s5gzGeV6/4W3yP47bWfqcGz2+t46HnVxL0wYLGFeOgvIOD3rUCaFDIOlnqQaXBeLUapVAWqzlQe8zYu0ZofYO64TRbkxzDaUZ7T9iUxZS7pLZmnMDQBd1C63jOpA26Z1TRMmny+uKdFy+l9RvL7uPYEnfzkR4r93ipA2wFcryVwxzwueBMEZb2Zgz3AXrABcqgZSERDy0+ZeATdFM0PBBBroHFDCc3Q5Cw70dxWGOJJLHFPxVHK8y8sqremlQlmyIYmR96I6SvOa7+k+JeZJQH0iDGVASaOSvXmKrS7xokn4QcASemc/r62oJ1gNhxXBP7WywoL6Q+YwvSe0tW4X56uIPh5HLCwqUgUuFZRk2LDZNVwnDWNNV0YQzmnokIL8ERJOvFuyA4b0WVqnr5l3vM9nfSt1oqETFvjXsiBCQDot/NSg7Cw+0wS/cvsY4j25UHchOJqhpCbp+C3Y09iFmtrj0PXFrUmgjiiSRbGwVigG1dcK+EGwDqi5wj7d1jZyF9I9Ei4zOjNg/Akw6QsEaqQlK3614YSvitMh0qB0yaRQICkC+gLIN9yeWlzzbop2fvQImkDBqrQeBzvRJB9N7VZJ365S/6WbhWS1IiYC+Fjiqe+asBqZ4FNjgkbnDml5FT43iJnENme9Uzvbrsvp0ZXr1dqm+252/1zE7qDbI7/2hL7lF33lEA5z2xqyIR1l8Y936ZTNsn8Wh7pthOhA76DNSI3JIg15+68Qo0/dKnekNxa1ebUfNMJGJlL0yTeiP8GlOwlNpoB1ImemtVDjotkPA5YSlJI7KwEpStGlS5+d0hD2wNtw3vawgRvy0PhEgGc99LTxioftuZOFE/vBLOEtvn38eNB0g1qaOpZkR83WcYvwM3bymHQ7K8xhwQS3s8HwDJJWZpVpXfd9edA+LaUK13RdV0IrdsyQMt6oDoWn2xU5D5mDqd1H6HyKecCEpY4ohKZYUVoCk2NlrZfl2/IbbiW0d1FYqv7eqG/sBkKwSMqVW/svzgg+uLd4gLKPH7sAFyqVSrivEuI1qBwmnqP+8rMFBT3Qny7aHQcbvxwobXm46J5fUqKO4csVQM8zNr8V3I2KkRoAJAzbvmhBBEFYLVL309Fjp+PuJcFYLoCxa/oQMr7byFX3CGjvRgf4ZqC0e2Oaot72CsXDiwfS1xaruNA0x3KDjKjntivCQ4JWJg6YRXVIJJyn5cjlZHAqUFcRQ2ak+lTR/Zj6qXzWhHsE5kZcOs/V0RX55gd0UZtZlC1J9Pm9/uwqaflUGsAF5CLqJlc+zYBDRNqmSzc/EX4ROTrdWPTcy7B+YSj0/w2uWyTjLaiBmp6Ws2xNjnEqS/8u0cpr6fWvJ0VL6j1Xq/sn6teWkH0h2og5HHnMKT7ro1xtfokV6QFabAIaVuac3VI2dmll4lmahxyIVi+13RTRWX2UbVW2WHObIQBedMqO7tUiJURtMYdbbLZaALWDA12/NCTVKs8DYSDbWCVZZfqY9ujOZFloXn3Aiq1YNSr7/UWOw/pwNOI8TZrFNZ4M4eOA+CKcx4unnoNW731ttf4CGzLGeYtOozWhGC4Dywjexw8al5xOIG99YQr74Ejm0InCQkVyHDJxkPdKAW+/sfAkvrEKYJZQvs+YMv4UGLO9j82F1XpBwxvo6DCoqkZFbsVdyxrZuPnQiMP6iQ7Bwn0IByV5tG81C9MumqUPILqyp+VEtOi6Y1pW6tL+tK0h4OuVgj1SOg2tEIHTGuaEL03/w4mxE6WmPBKFscoUjh+aNEUEUTnB196Uq0JURM98io3spkevh7HvsX5zHIDCsO41GIs5mFcM9p/2Kc5g5yKv1T/PKqf6Xny8urMkUCWCd6rNP2dp4tWPuVlRsw0Gfv4qdR2KFvn3VXH7Jv33V1y9jWu+++PV4AFsKKbUmGu4EPEOwtHsq4YNbS960R6tWRSjIAAYgP68oP/kO3c7yDLpfX1Z112275Yq34vnTrRAmFSrAqendN7AtcFjPP0B6Hvqbs8dnh4f9MWcrXEm2F78x8sUv1YTZl7MLdshJUkTvYnXpYszv1XZ4yqfC2IuHxqMcD4MK8KAN7jIHnzYVJunPe2rTXWFZ9SFqS579g19OoCX9fcQWm6yrM19jqpalOWRrTuo+XJZfq8GsHjfONzR3gdOPwT9qRFdAuTZZ/JNSNNGnH/L6l6z7p+bGWrsV9S1d139L1vqXrVrTuW7p6GN23dL1v6Qp/7lu63rd0HciU9y1doyS6b+l639K1wzI/vKfrlzY1AvQDG4Et8K024C/rlLDQDzx3C3zr3L+ksejeHROA/dJmb0Gw5GySL0VbGfl9jf56fGTGb/VIFXdh8AVvpVdwOuc860i5utcF73XBe13wXhc8IC5t/elu8PzGjxj9i/53S7QJ/Fb1Qo8Flrjh0P7hont2AjfIZnwBkf+99VBFV0QqvBooZF31cPi0is524FsSlsktqZ/0VQ2on5+9f1MvN9kvosgM/KWD5VAgFmP1Vvc6Vi/KYDSvDojtr63p34JIhhvttHadPDROgQEHoQCtxQ91uCN0DZ3KKevgtx6naYQs6DCCp0Yl01i9i05oK7eibXa+Hmgh9NqWtshxVcIJsGtHZ15kg22OvXCB1spFljny1FfTCWs6w8yX1uZBi7g2P3bH95cjon9agX3Q7gB/MTTb3iGgXppgT7gXNn8bhtXcaBBpvbfWW+Ab0KbDTe0n83ASrSCY8YVUWPqNad2jFqZyP3ezlTcuOjhjWURfeYiGZBjAdH5Uq95ybtBBtqvDnqktnn69MWKAupSJPW+tpSrhxKOFP3K5zcLc6iEt9xVfPPm7eb0t+tVxzAFRNGMiLuwRsy77iNbax3Z1ZznQwsWrIYqCMZNvqkF5CGrqbkEv44sJzKP/bt+C4w0xzQ2Mzwqi5RemjFmJeyTpuBR6jTrjgzdcc4j7nXW/sz77zmrfVcOxe4/XKC1WeenHdj7iJpAy2gQsYwc2NAZFYgFAF2zVbMm8D8fYFq8V7HN0yfJCyRF6CQ265Qi9LZR+onnqgqckaev3xPnNhLJYbe7dDdEvoIw9VIuCJl823cqZKPsEAzu8GGaNKJc7QwuAdWFllzPHArcESw/n6CvTmtIcEsGqooSzOV3YZqLbEZpED6n9zq/j/xViFqBk8h1sdaZ6vEWvv1jVeMXZgqczTzO2T/qnYr3WHzz/j+3pWBUsNCQlK1RfPWhbc7L2PMQjjt82DGJYbMkK3Mac9pvqAI0d3qUd7TJ43Cbiug1VWzB6WTCoB4AzlGBFFlzQ323noy3IXbx9/frZm+cDUWSNHd1D8SGf1FZ0KKMKs9RUGB2EVGzYPkqGtcF0mq88Keb25kb+lnk78/Xm6q+v+u9LDQo+CXemXHKhJkaanCMlirbbrQOPds2fbEEAdezYw4dqhIgMj9j4nJZyo+JNaFyhHH7sPoNgfjPzb8ffjc+s4u3K6RiNkqZj9JIL+54NJZAoF5RDRRnvywYEoBzs1SqG3VZfpC1u/y3uAJu33DHR7qvGl/YHHPASuYWXNYRBrBxJGOgxUQMMAkGhvFcCvd9MLjwknranAg0HBqk+MM/qntMB2q1CW7RpI7ygTxBD1WjhcIiYHGAtEMaHbuZbFdepsNE6/Givhr4ZT27uBF+84oXNMgtxXmOqSeruBhoBLX1mpAqrGOsRGqMaLZnKveYr+FpC1tiBRG+YWKVHrwrhWbW9Y/MANlooUkYOdRhEMJIJZv0QajsF90GmYPSTd0YqfENYJeOmVy+uq1+nXcg1m3/1i90re4K1CI9DUt4rCXv5vGRyC93qe2xB2SdP33uj/z1M34NPdtT3HHi0j74XQQB99qoZFSI71M4o48Im+oIQZQEsBB7IcM+Y+crUFtQQvIOGyDG6VBBBBn0P0IwkuJDQoND4kFemvYWp60hGaEYkTYn0auM1IFbDjwJQZq1cOcyM3hA0/T/HL7lYY5GSVP9tOkZXhCCcSVMQc1rSZBoLlrvD4OaLRmCzcSJDpb+8mGU0aRzYIcawilND/DG6nCPGqw8b8CoqYeEKgSqrNUd0XYuHoLdYNTWHGCJNiIBYq772hy2acR9VHID9kgHeXzqi+Z804/6LFV65T5g/dML8h/uE+fuE+fuE+fuE+fuE+fuE+fuE+fskqRi97pOk7pOk7pOkvljCfGWUG+6EPXBsomn6aQIrHpDxYmxQGiFXGPlhSxDSwUzC70onKWGKzikR6MG7y+ctcNUBTdHW5evAtiUylc0fDgb6orKAbwN/eG8t8du8Ons7l85z4Czub82TFpu7tXWTTzkXqnKbTO040+6cwQoa2j9XQBBZZNubj3RuUTAqz+NzMuOjFVFCH+Gq70Y9vLXSP3Stc3OJVVWc09hmIQa1xdqSRA69PZB6yQWiLBHQ+EnftbHCI7TC4gaih7UWZeKHy0KiOE0bXjxkimqu+C1JwfifYIZmBJot8zk6gm+ORujIvnM00h8cSYZzueSqpXL7kks1qXbXYVfCk1VOnoO7PqijarncqsBUuvDl5pH3RqueWbYpB2qejKURidFP4Iw+kCj6EHoeLXcBD/lecyQpS2wweM6T5Rh9kNZDnfBVXijndZv+u+eoTHhWrNrqtuKMsBSL6GSKnVfHBrIK19e3jMozmmqWuQbpdEXANW7Ufrvf7ZKVbsicS7UQJIw9e2ceDg5Aq77b0SsZYIN2jxsNEbnr0NG6W7SNDO7PHyYCja7I77y78Vw7qN+t9CrBfp4wN1+disuPpuG3ijjD6YqyQfFmLgOhMWxp88UKz5rVXSqYq40JsB4MMjpyv8i6l8+un706dFxdGguR74oQqvB5fDI+GYTOcxf7zucID40HqeBevXj14uIa/Qm9fP/2Nayh/LdBePzVdluwvR+/VMChldaCpEEXlff63y0yGn7rTml1w6EvnihtkC2lZU9hebgr2rUXy3r53J2mBqtYT+YqduvQOWp6xBC+q6U/RheB2jhdYamImI7QVGb4lui/JEuapVP0QJ/M75+/fPTs7Uu0FqbvIvz2cBTTTadakaCMZNP+YbyHShdsTAsyOPVkbomYcQnzMq2PpqAXT227oxZc72QzNkY9YOTvlQvthTAU00P8Vque+hQ3LHBLMcKIEbXm4sa7sPfVKpLVkOCNXhFuqxVmKSKQ69XmD3YHxvhgXTd+AlKxBaIK4l6R4g4Hq/8avCD5LRHdaWYHlR6V1Og4rG7IAZuFaag3ZBNeyRwB9FW0e3GwOGSRCYj2FYtCH5LSNH2OI5XgLNMo2RPNeHm8I+0KHvS/d5gBdrxvlNDRPmGQMRRQVxxkoZaHvG+8oqz4BKNWWVqfPesFevDitMJK49NdQamlgUjPzAGwFe0ANRd8IfBqd/1gZ8AHlTfvKoHjEANbmXTlo7YjdPiTslfu234ZKmDOqZIzKoOgicOSSPFIcqwPV8p6jMfOLla7E6XpKZno0+jq6ic9b8oMVrKff7Mrh7/HlVgTpga4rlYdPYNOy8bO+BLTrDQzXrJbnNH0aOy9E4GxIphJhJEsIMx6XmQG3Lgawb5jF8bGitgwMpfRXLqbIyCsy7/Erz5eNUWsFFnlCi2xRHN4uU7nztDVASSthcnaaNQ6cXMspT40j4CiJuT4hmyO2rBqePkdE0Z+6IVqVRS6lscU0kufwCvcdNKWGpvgeU7SZlj3gfHTlK3UWLvEWv3lOWGmg9hqRVKKFck2Dqs2pCNlnjsDZ4YgDMWe9yKppAuGVSGaDN8Lj/Lz0sRrETNh7Tdk0wY4FkzSJet6IDQ4pGRqt7TeReOWjALz59CxJfHokvb4kgERJtv98r0884PiTPrFLtwdZlQ1+Az1Du24M7QM2E5qbY/LORh226NzesXn9InQGUCvvlE6Q+JSDkay1ugUHx9ZpPwONTajp5Vpvs7Rr6FO3dV1oBZXC6kxf0qrNKhFb95eg/exSDkRzXjZXmdDEOigR0uwNEeUHra8dncrSKrRwLwn9Ovr//IOxQAibTM+eIf2ekelLLFlJVMqSKK42OyBRDRJoFwnwfmOurjCYkGUvaZwzxJSR1CuqUqWEZe5V7xlFTve+pGqZqUDO6JGYcsNSeON0/ht9U73nAW847aLnj69CFVlyc0IZQsTxNHKNI17fG9tswv85fNWRe7gAGEROyAuY+kCPcbV36E5z1IvbISRNUywVT9ekkgF4h7AUjLHRabMAB3goiwOFPgiPO4gf3Ym9xUnTSVA5A54rhWBymIVAe+ZZO+qkooZ2jPXfmELqcXns9tI+8C9IytpL9AN1juEObQP5M9oELXuDyUwmdMbz/9xbZ4MC7yyH22vylfBQ/t4PKLw0Bcp/eBQ2af4Q3TBD1TCoFXBuk/2v0/2v0/2j2F3n+yP7pP975P92X2y/32yf2+07pP975P975P963/uk/3vk/3vk/3vk/3/1ZP9Q0zg2jsBLj7gpdKrN2sgyCj4ueBMEZa22z92M7X5e9jBAKETv9ni5EYj0WZU2IJD3Pwiyt5HdnjrmnSGBgpmK1N686v/FwAA///3OrW8" + return "eJzsvf9z2za2KP57/wqMO/Npsh9ZsZ00bX1n37u5TtL6br5t7GzfvWlHgkhIwpoCWAC0ot63//sbHAAkQIIUKclJd9buTGNLJM7BwcHBwfl6jG7I5hxlfPEVQoqqjJyjV3yB5jQjKOFMEaa+QiglMhE0V5Szc/S/vkIIoQvOFKZM6nfN4xllRI6/QmhOSZbKc3jsGDG8IudI8kIkBD5CSG1ycq4hr7lI7WeC/FZQQdJzpEThHozA1T/XS2JAzgVfofWSJkuklgYDtMYSCYLTMbpeUmmQgakAtvoxPJM8KxRBOVZLpDh8qMcblxBecoHIJ7zKNUGmj26xeJTxxSO5kYqsxhlfTMdfBfPj87kkKphfxtmiMbk5zmTf2ZkxATtBci4USc0UpcJCSYRVDYkVkRIvQior8smhRReMCzLBM35LztHJjoS3XIH4vKK5prdZDPjIckQNO6kEwateLNCDSppLzYhovSQMUKBs4VaaCI2GHKEEMzQj6BupUl6obxAX8DsR4psQPcryQo01XjsSBgaAidX5ktxqgmnGXBBGBFYk5E4qESy04cRbnBUEyZwkdE5JWsKYcwHfTzWIKeKABKIMPjTAJUngQ7s2L2lGZgQrTZQ5jS6KJttE0RWRCq/y7kleMpRgSSy8BZEK5TQnwAE5FpKY7VWOFnKE5Rs5QlQhqbggshxZP8MFXVCGMzT993KEKXogSC6IJEzpxXXDmyV3Iwfb/qGhCK0GBxrXpq0pIYkar3haZD3WtqSkeQGpJVbVYgI8s8otcPRfA6DY13qDkRuZ8cV4jhOaUbU5nBiyAyLySQmcaBzKNc0F5YKqTRwV9+3BUHEDOt42cLqoIckt0W9MMjwj2aHkjsZlWaywkTh4lhHkAHUvyp2j4QDV0MgFT4iU41zwhTic/NUIaABuPezwNeBAgAwv5LbB4ic1vOogxJZ6qVQ+FkTmnEkyJhnOJTHyrI3xWjB4YV410mVG1JrAmfJboaUcZilyQLR4WdEso1rYcpbKToys0JtkhC3UciBOF/akNS87Mvx0ff2uwmbG0wbfgao1IYkM4C0EL5yA9zU07wTMK4EMr3gftKCI0OU7hNNUEFmuk4FvkfL4kAtVG98jQQeEd1yoLWMvCK8N7c82HNsb+UfCM55gODL16epGd9+HZKrA6VWlTK+rJ9fbdlXn3BB64+2hctxygj7MgimxmVDJJwlP94R6YUZDl1dvkR4tAtBRpgFoQfgk55SpfqBecbagqkgJbKMMK/gjAlCQBeXsACR9DwPBqDFCalm8P5ALfRa1gLAzOcxS2dnUVsqBSolUlPkLtW23x3dNfN+07pzm3vEQGXsP1mH32ETtVOqk0/at1Gsz7Qy9Y0t1bqqubbUF5NattW1z7TzZ+Bbr3mS7Uzay1fpstn1n17LlCknEBC8IUwPPVy47D6m2bTovsqxbYH1lzTj67lDZcf7D/NVlu0n4asUZsncODR7hW0wz0CcpQzjL7OVVAwyMOwFJ9AA97zi+zqgxRJKw1N3ttEZvjRhyjC69p+A171Knb0f26msut4WwsohmZKQ/Z+b2ZG7TVOplS2FMqvSfjCt/MHgFLblUFpJ9/pojZ4Mp8Rjp78xVXP85LccJr+RNvMZNojmIPbR9hxtcdFUhGEnRbGPuzrm+IWoqGgsV4swzPwDiHu1EwRhliwg2Wvv9nbMe2Lgn7xKbWyJkJSs7kLEPOrYCdu57dT6qrA1HwX5Oseq0BM25WGEVPFdaDJ8Vi0IqdPZULdHZyenTETo9O3/87fm3j8ePH5/1o64xoZSGDrMN9QYRJOEirZmTwkmprTeuZ2JGlcBiA88aallTmeb3nAizUPpg0X8ogZnESXB2aTo17B1aOgR05LO/k8TtNfPHJCaXOy5BIKu02K32FFx4AVgNAyIEF62Cue32p19yEtDeQDX/4jSl+lmcIcrmXO9ssIDxuYEjx1tULM+ciHZT/wxqhtRWzJubnZXyLy6u4kL+xcVVSaEQwYBewUFmhnzmfQTEO0c9eBYGqtEQODfFCiM844URo/DcoySj+h+5pDmw1xJX4jgRxO7Z8tLvthxXjCsSLJ3Zc/IcXVqxaxdIs68E1dQYgkvYYyfh59bcNgZz/7N3r0f2bFDLatHMtKyQcqId5/kjScQtTcjYm7zmES0UtCxKOYFDBiVLzBYE0Xl1G9UEAZuvPliXgheLJfqtIEUlMiXK6A1Bf8HzGzxC70lK5Qhx4Yw53oPVIVYkSy2NX/GFVFgukZkTuiLilojx4NtBKH135N6/hZLZ0L9iQvNTis2n45PxybFIzhrIHPaevQUNxxcNLGi6Hw4fGP1NKyMpYYrOKREGISot/zygc6TPVPKJSiUfNjAsuf0cONZwOLy/5kWWauEN/EzTcWxe3+Mn829PTtLGvEi+JCsicDbZd4Yv3Ej7TBKsgTRFTG+mLNvYLSQRTgSXWt8wDrARmhUKTc1q0nRa7rmu2c+bInCGS2OnU52rT6wAPN0uAPUwcHiWJkytPluBaPQfLIhWhsCNwXOUkVuSgQCRpNS/BXFquZ2uHgXUbzh2tDyUw3dzRM1BMVUHtak7+idfYknO0eMYeY+0nnN88u3x2ePrk+/PT749f/xk/P23j//7qB/nPMeKPAp9O0blsX4hUHIarPLSiHdLFsNmRoDDpKIDBorTSGs4wZBaZsMbVFW+5Cbk95ZI1mytz5nytiRrz0fUMtSxvyqafvzlKBc8LUDv+uVohH45Iuz27JejX3tS9RWVYDu1QMytBhyNeIEITpb+AdvAFzwWTYwDjS5A+H9uyOb03Ny5Tkca6pn96+wf/RD+C9k8Mle2HFNRJ6T+uTBaqpsITlO0IvpA9Q5fxd1CoKsliEY4ia1SwohUJFx0MyU5Rs+yzCBsdiL4KVN9rFoKdsnkacqTGyKmoDRPb76XU0vBFvKG7noUc9mjatedRjnkJ5JlHP3MRZb2ZInGliEOkZgHxruRR6Z+yRBXSyLgQqwVr+h44YIlnCVYERbKHIRSOp8ToTeopX8lMuE2PxeEZBskCRbJUuv/cJlfFZmieRYO5UwI5owB1W/j0Ej4akb1ZZUyxeEgak6vtGJlvEjDk+HC+6ifbvzSyHVBMqPUGic/DK1VNMrmAkslikQVZqp2ZSoN1JwIWuebC77qqQzP0WuiBE1m5rpdarD6XGHoxcUZGBSAVedEJUsijV4K/l3qgdePjTyc4SIU8Eig4FOJVjhZUmbWp0LCv/BLQAMJsuKKuOcRL5SkKfFgxbHDyOre/pC+eg4vj2xYT8DSZthqKOBWC97X+i2AkHDDT91c8FuaEhHbusRTc/f3HMG8HLixYwRflJHkbIQWCdH3iNrGW1CFM54QzFoklTUKGj+2ZyAKJlTIY4KlOj5N9pvXMw8YAhsTrexHVBq+rRamBWVjFh5y2pb490PTGol3wY0yqTBLyLiXul0iSI9Pzx4/+fbpd9//cIJnSUrmJ/1QvbTw0OVzxzCAqNuoW7Dc//JVIuBbf3ug4L7taUYpKaXOxiuS0mLVD73XTgJs8iHY4QT8SANX8enTp999993333//ww8/9EPvupKHBqI+N7hYYEZ/N/oOTcvj1d67NtV5Goylv1SUSLDum9PzWB/GTCHCbqngbBW7G/tHy7Ofr0pEaDpCP3K+yIg5GdHb9z+iyxRsFVYzgDtvMFR1NYyduS5+r3bu1j7ud/aWb/m3K6CU1tcbamNlpLLRd0kDHWRMpfaOYQIGNMt4w9QudEuS5SjhwigA5uzRV8WKOUoY0p5vbKMFiL67DD9y7Iv77df3ZhC0wgwvjHOGygrP6P3aKL9NKXIYm0kV1ukbN0ogK63AHdZIBGOWvmQDW98HZwXNFPK93CEWCi/2Q6JiWosCXjRhHSCAoQRjXKt1CH0vfx0m/S0YXML0GlekjtAGIwueN77oJw2899zmNE/OCEqJwjSTngjwwGuWwOUwOU5uiHoUWKb770+aN0hK2wIu6vRqhFo1gi5iN2WtQWlpZ29K6PLd7RP9weW726duQCKbDFBzTe7IZj85t2UbyqgtRiwaJdYJy48U64SzwnvqqK+fXWxdCx9gyleY9tFGI5f9LqOZx6MGRBO0LGafAXoJJbqRvctauYe9z/puX7iS1U9yxd29p+6uax7rASZtR7kJbw+Oczj8rIUdozkVZI2zbIQYUWsubuy4I0RUMlwi3A0zBhO9I+ED/q/PJjfi0G4JS4MLbdSG1snFwFZmnGDhI7AO4BIr4cFYkf1KBMXZhBWrGWnOaxdQZkRkRmwCdKEcY5NvNJakyY/9ZfC1Cwyx2Uv+dYqyKmga1U+rN4Ceft4+Y0xm9JboLf7h+qIMCLIjU4mOT07PH58Elhv9YwzIa5plesMef/vk5CSqssI3TXrs7bOHEA7vLml4t7KVgTipGfTqAwhiopRQLkhK5mCyzKw1340HMVnoiq+ImxPIxWCoKWEphBVOR2jqJJf+naYS/snhn1zwT5tplErupaZgD2ItbDiC91Hv2IHqspRAQoPN+LExFqB9sQ26oSwdow8m9GoFNzj7QBA9sMR5TsAokxFjPNSEttZu2OHWUr0GIld+Iaokyeae946Z8YP1GaDoHdxZ7BLAmlgN9ilsDTiJ2/yrS/q+Uc0Gih7H6eAuBrA+u5LZbhuBKi9udwlUMasdMwhAtsYn1aY8wNYFJtlB7T8MN1w+18KwvLU0ImRQp78/ouCVK4oVWXCx2XNVgbRurDbXvvXEYBPS5YRb+FZtKitwI8g4N+4vsJ8Zcb2gt4QZDw2VIG9Kl7s18vq+LM0xsPRNQ285VRDhNorBTdRGSerJR+fKFpR9OpYKK3ncOe9aON7OR5UZByU4V4WoEDSMFRxm9kk4WW+x2MD5FYxnIz4Vd7/NCjipM3pDsg0YKFmSQcg6jCU1NEmSAnL7rNtFjsIxbWTTLOPJDbhiBPqtwAIzBWF6/6a/XJMs0/+uuCDGvU+TEoYeIRgSQ946ZfZcGJmEa/qI2yCrTxu9vGss0urwiJ/TVYDx4IUWpDSlNOW4n5i649r61qwyb5XK3jqI5l9PEoZveKPaqALKbEQSF2UQWnwzb+RvWXzaGrUqj/4A87YDtqxdwllCctCpMJraZ6fogcu/feQED1EPXUx4NU8sPauQYdSZVXktYcboUoW+Up+gRqRoshZCEKayTTiaiT2grELChC5ilnof2ZWF+NUq2ThKeJApccK7HNZtmn9nMMJ3PUMQriyw8iCzV3D3cZDwiX5eYnsARz0a5VvW17kimIGcviXC84KUSZ1lqIJenG8kKnKkeDCisf7mGVkRpojQQmuFbwiShSiRpMSFajFJJaRp2nCtzgggl+Teg8EjlP4afdDsowqGFUhTCGq3rl6T04Dkkq+Z8TckKtugDVGaUf8vSrkJbeLiJhiSMqTwTO9iLUKDry4l+v++Pj178m/OSFKq5qVZ9P9CmBQXNxoR2EugSFUKdjCgMdjQ5EZG+fPoiuTo9Ad08v352dPz0xNza7x48fL8xOBxZQ8K81ewaHrZBMEKXBZEmCdOx/bF05OT6DtrLlb6dEiIlPNCC2+peJ6T1L1m/pUi+fPpyVj/d1obIZXqz2fj0/HZ+Ezm6s+nZ4/Peu4ChN7jNSjmZcCM1jaYoqLk/Q/WwpWSFWdSCaxMSA5liixMzjmqCzZUKy2hV52ylHwiJqAi5cnEiwtIqdTLnxpZhZl+fEZqI5qoG5KakEta5goILYbIrasLMJ0YM1pwkQTYYU45UKZEw/+usWOWWC532y0VW1Vu89hvz/7j4nnvJfsJyyV6kBOxxDnoECbWek7ZgohcUKYe6lUUeG0XQHHQdWf68OV13um5qsPtT60hnFtUQZdJE4kEc19h5m5QXECSAU71PpdI8TYtwowml86Eau21EFeXY2Ozr4IRS3lLFcq5lHRWC++C/aBIAk+aQ1Tj0UBwRvThFdPbzO5yL1AJsUhBPCecsYVUJoQsyIWDg+OrcB3dMdbEprIvbKETcWoA8vA6GZ+O47Yr+KZFibI5Z9vO8i7LoUtb849iTQWGGY/b8MqbpMneaACvBRl3ADer47JA6qFm0Xhe+3AbA1b5VFr9pVJRligjsv7d+86mDHofOeAN/cAmYtiKEfDw2IVWAqqSILXm1bfltTeuxeB67Rxaq2+jGbI2cSpt4aWqWFUw5mxTVZTRkh4OAjAnJTgbh3V2gNf9rJ16TSDHfo06MA7DUW3dmiV6qB9M7TO+1FqtcbDgPDfXxBwnN/pINLdSfesw9rrI4jTsv9UjEXydz8YB0ISNY95kyi285hdIqi2+pn9J+5E/i0osQsZpfFMJKm8mMuGieSWcZxz3NO29p/IGwSjmmhtW1DEzfEDGi7F3I+dZAXfoh+GyfZAEbXgh7DX/G1nVbzIXYr1YWycz0XfmfWb0Bu7c9HeSwqhbJjcyYacywVBdDZ1oRjt1zoGo9WaFKcs2emnmRYboXE8arhBgZ1BLzMC/7sweWnxgKemiJjIq5CRkHMAwa2wOO0kIwtZ8AFMxFPTSP2yuV8Qqqu98FlLNAmptpC/ptvpWL2mZS1l6UsNwCDib/QJ5fTPec6wq5S1iiA4wetdajQ9CFyatEU94vZ+9oAG4XH29KuwYM5xtfi9VA+c1NjwRjARZIIuFIAs4PcMjssoCEQuiJoNocw3vmIKFUKlms8oo869RcRq1UWnn0giHo1VPapFPijBZTztuYt6KNbB3OUpjqwP6VgbjLONrRLDc6LkpAsfObGOMg+UQHtFLbSy3ilV9qX3LdA+8AVcwtj4wdQxSKiCW0q73wyiJ6lEN2+E8dw7JtviHav/VYFHmu356gLrUL6BGFT9jb2Xl77ayZgxk4flOBq79tTW/osvn6MGHy+cPgZbubPNcaw+u4Mtq8oivGRFRfOCbwasKb31j0tgrA11t6MWwqb4TdIXFxghimOOPtWnEoQRlRwbD8aMyWmGstrNJdZV5+uQkDvi15h1/VShDPFE4q1mioihI+nsdhfaCY7BG+g0NYrZRROotaC0oXKsAOE2dbmgrcNLwjJ9qDKfxLboKYnIjF6IAmVdYKlOJzq/DC8rniqdQFTQKJdkHyoooDJ4Bk22bRpSNqmCUVS5+LD/o5379kXDf059gITZ++hCuAq/L4lJe4pS72ZfjcaFxCozqcKgwdPnO1f30idHHU/sZirs1Qd5tbbc6vLsu7VaHdzeV3RpUPHhhN1TfAEsuayEIP1Wf9NsC+oW6tu3zr8/uAG+Mnhk7uHObl0Ply43U10mXpjJCGN1SoQr/I70d0HOIza8H8JcDvXGeSy9SK/D71ZIXy4Q9Vi9yXA4ZJFk/SniWkUQ5+7GfjwkugdImkm30HYsRkpIdtu6/XCRbl9W7Cm5r0Gn/TQKM6eqoBJWzPCrFLCSGjZ2haa0V0Kl7d2orSUF26AdGP7l7r03lLLKah/S3AmdwGtrgZ1udC1gekCmLaAe+eGNzIixMzNTzTWhaGnEN6RXX77TSvEHaXnE+w8KsbeiP4buY2emZDAqXMa4QztZ4I23ylalXZl0+xkQhCPhJKVvUr2WUGbtOr2yw88BuXTgf1rSsBzeNZMnsHoMMspPmLhC5PWlwP+b+yab+bYFzgDhRG1bTsllecmGz6lxir61wYUVnkLysh4KaQdMy+XEamuwu5+h2NXKpXNbmGOQ3jXxTspfD550GwYgVC7WzjfmJb5qv0duyVNyVsaDFQFX1E8d5htU8ZjMcRPe39QJ1blj0ICFMcTlCxaxgqhihNWUpX0sT2v8wJmdTLNY2uSKGcU9ZWzkrX+MEvb1C/6enS7Ixl8blMkBnjlc06xPlVyGUkhnFrC86V8iAQA8ESZdYjZB5fwQFHGYyjdI0hmp/b6fn6T0Zn56Nn+5KuyAov4ETFsmSKgKFGgZh9en7p5OnT3ZFygcb00mVyms66fX1u0E6abNEhS0yDuXPZVD/fIfaQ3ac8YqoJd8zDvYnpfKyLrsZMOoe/fHF9Qi9e3ul///hOoKSLdAuFVaFjN+6+quKFitbk92MWbt7ebg9OXnSjtCMp83t2T96+9oqSsAW9TLxEVxM/Zg1F1mzLNhB0l2ANI1kFw+D0/Fpk6lNQyKE/KZEvXi4KhpTWhIU9+rdDOdeKNK1Hw1e8YUZpmyaU3WuQPVTv5HOgaY/P3v/ZjpC0xfv3+t/Lt+8fBtP1Xjx/n1Tku4VctYem5XxBGeglL7e6An54m1QyE8r+WqMXZX2Kl2NXnUiEFJh8wi9DbwnguFmZM6BSTKqQNhShQrwupd5sjkW0aDfS3N/EWA+MxfiqQUxtW6PKljc3XQw83zReuRgSI8t7EhWT4vE4bjJjxoTHMeuWkt8SxDOBMHpBknNW8aEaCxAEhzuFHKLbggiLOGpjbBmJHQYQXsvKNlzaws5ZQQzCJ/cWidqp4A0JLmNNPumEZH2W0EEXOtsboa5rPUKSgvkjA0GCGXNm+DDXY/QMjcUKzxc6kTVxv7HABgeTTrDbGMLMkOmFHc9olwaJxUO0/g5Cgftz3ROvW/bfI3t3sYuf+MWj+M+k2mQNRdc8YTvKc/fuBASOxpqjbj2lDPPX0cFOUDqxnM3jBMfjuOUwPM5TSL78D1J+GpFWOqCDGDHndco/idE2YwXrL5Mf0K8UPEvCnbD+JrFSOCP1SCFTbIg6WRfs4CXn1xGHlmfpveVPUAgwyOujfxwNj4dn47PQny/toXMZGMGdnpj8BntoUI6nrLjGR9UHMXvm+qjw8LUpjgkHnbEOCbNQr2OQw5GDzfgQIKUeByOIiUmA0miuMLZwegBo1liGENmsTIFiDy6o/+/thBRXB8//b4F2TskWgxn+52PdRODEu2zJ81z3K+GFR7mb5vf9E8VDYpsWacNYUIrd+C1XFO1bMkWTfgqx2yjNSmouVVd6vw0cCwlT6iJOqRqGSsdteEFwkJAEXGT5KOIMANUGUKYGY0KDsiw3ksJ15/MDvegPTUSfx26bFR3lzbtz38cco+s8UzNKjmYb95e1Qvhx5mk3ilj7I8S1oTmc2WSl/R6Q5lMY5vNBZnTT0SOyjRJ8KeMuRz/aar5YFr1qzEfDl/6O7e6AuotpteH8WpjldV1K5N+Hmurj8ZntLK6Vd9mbX24TzmThoH1WCR905zajKyQPgmJMlKJMoXax++GCNbL9FKh92T8ZHxyfHp6dmxTgHdF0sDuxjWQITYhIBQk74IPd6mH0So+cNnYs+VNffd350dVftDmjYZ5qPoUK8dDNH0UbCNbc9e/4RspNy1bi9J0agWUVHgjXWCfAeYKa+irvhcylfCcViEFi4zPcOYVU3co183x/aUWFr2qrXcFBluKYLEoVi0p4K/xBs2IPZbLclSQnSQJkxTc/tGqQh7ffjw6zo5G6EiLav2vyzV8evTrriKux7QipzCyBkhIT0AJzjKSutauNvBPIElXNMPxnHbpZeuVWyNypg8o6layZQiwA95hAOYYvNoNl3sVbaL2zdB3oGColqwwvcng+5HdYsplzGBZ7tmWeKWwTrYVSlfBh/2VGlcTu146UfnfQWXaev9zoytjf+/beKA2hXdOWWotuk5yQWIVRPeVpv1yPAdevxHz4X3Jqj3WOOPKiLu2QbHFNm1PbDC6id3INlVFX7AIe22HID3lhsiuRMka/bzSAWatmOcoaUetDPe4nNv7CEHkU04EJSwB67mUULJfnyR6TEFSqB5hyj6P9EvBgPp0sjcZbrPuaOpyYRyCEFToVh2ekZQtIArYVqauY1qph4+/I9+S2ZycYPI0efLDd2fpjPwwPzn97gk+ffr4u9ns+7Mn382feu92x/X0lLqdHhSSYaloYnKpeyomfgSp4/KqfofdRR1lxIzQrrVgMHHcke0VsIfew2Gpd9STRWAsU2DZLCQUSvCRdS2tpm5AE//l2hgFI0+Bmab7ReEMC7myIhJGa4ErVZjPehjAFzaUCkavrfs+CnwnXz4en437RifUGno5lvSlfB++pNIk20jjneU3CGuV1lg1iDIR96Gw97s84nam9OnzmfpaOSIcvLOVm9geva0KkYWn/4f3r7qP+g/vX9XjkzFYszKiiP52ZMS8TDRJRrY/CPSJxNaC5QFx9aEr35yrodNtvihENv7TVLPAV7XZjtFfCDFOx6ptileGZb0kjNwSUWZqVhPaUSdYCjJvsE9/y9fLIsv0OhjSlF7QPq2Fpvo1DX5qMuw+glHPjPHrg6VSuTx/9Gi9Xo/t2TJO+KNFQVPyiLBHwVDB4fNIEIi3Tsijp+Oz8EHTE8ASbKlW2dcT39830Ys/ccbFic33E/KhmZ49m8L9WZ+pPy/NOIpIFZ/32OUTTmuaImFQUkOvseJauUIYnMIbhBdY6wetTvZCZEgqmmW2bE0VAmBd2ZpftD6iN6ZJkImtTLUqDNWSHqW50uZYGFavbtouhD8xtQNCZc02gpyG89ZbxXi7m7fPz+yHLWOLPrx/tU/eZ1vmp2VU33eq2bti7fMnTx4/Mhz8v3/7c8DRXyvedLQaEbWf5L+CMUot3kSeVdLqCLA8imUBQG8msJOcT13Yg6t2AtILRm6felMO3Ulh5eaUKoIfBR3XIfQFQkhMfScMW2WFNwjEic3Qunyn9/QjLqCau3V2ZxtzaoDlKhjSi9wfmxauEOAsTRPvwK0LyuGCl0E3Vd5AkOoVULKaS9NMECs2DyV4gryAnvXmG2R88uRxPPrvyeMmKn4u+PATBpKyW5fT7pij8ZeTHJpPjHbw7KDSwiELkn8PAupdak4Pg1BYl858Yyy/dTKHB50jeU04xcQDCIb/DYKBfIKKmF6NEh8iJAuZrRatRsO4Hgd2S1kz2puLyzUy32GAqZVL99SodgiFhDCqrLUQM0RWuarwgimYJ6bBKGaE2qWzzPGi+mrjqvG5UimmIt+X5VCDthbRd8Wnc4EXq7D0zy5WQy78sB+t0OA5FCrUC/L11Nv7iuetzPd19FRyKDaRd5nr+yH/wY5S20hNcDmWsjbsTrU9zChRcF/Vp1e7KsmB7abKcgN1E2nc+wuPOp4SJCO32GMNxZFfBfOl59bBt6arC4E8X7+3i/6EQmlL/5IMgJauOG5ZtIamo+qKxyDIYGPxMTV6TfEZXl1+1LLyUX8+m+rbWgObom5jLVtShKV2D+cx8a1wFYzGlirvdtgNby7GkL9p6ioixW8Io7+TSBcrssJ0xzDtLRvODB3ms6GDFFncbgp3zLcMzdGNnH3zIMSycLZZQSEk/UiE1h/KakwQ3AD2ERfpYC2JznGacDY3jFJvClOLYiwrX9bLcPnywYRRNKUE8j8fJivMkE5iVIYhrWZbz+tM8LUG4mSXfndjnEHlcHLJ1zaAfU1mpUkKLLH1qs32YlqUiNc88P13dmtuQX/V6wOz6NyGlkUvaqUBtlbwZu8tXSbStzeZOUAmTM10uhXoCv890timvx/ztX4/RlbUQtYVZfsB1O8PAZhjlfSRO91Xn2Q5BObQCKGLpeCrnoUr68dEGw7900J7AmuPI9spn7I/E/cCfCeM3A/yXXB0E/KxpmHVLtxvFV6mbpf1db6KQnztqu+AlE5qWd+m9pCtYYDTdAIPTMqSPTYMwPRNccI6OL30o2N4a1xrSh1pSN1Cka6G0++s/7mt43Sty3Qbbs6zWzlsWnDZ2tJ4KwRvB26DUS9ssR2KfWDieSdbmxO3QN/elLgNeFu37vZO3S0oDO7E3cFy0CS0XNWqcJ755vhTf9azr2hc/NbD7dCDVuAtAPp187YbvWx165oZur8jg9vSO9B6oe4EN9/pPSuXXKgJKKuLKjcSs2TJhYN3XO7yr0KNrFSL/A68wwpemapAn6VXrwduFetU9Rkb9lao7H8cb2unW8H63I11LdPa2lVh3arIIJdszn1GtdHz9X7ojjf151s506+b1f9yIce9I4C32HbrR/Y3shbgW1LpppjpL0yujqXVX/zPIpCq76siesGJXQ2KfEp1b/rqpa3kDZAeRuScpwdgfo8COU+Njh0FVewrYjxI73iKPlw+bwLS/5c53veG6IGqRmwC4+khOo/7wHhKWkjYV3T0A2RGQyucNyGBNcSYsQ8FzhsyDvOQ4tiDmwSSuQvsAQ6kKFwzrpUwOMfJkpxV4uXomfnkKC5d7LfotesIFooN298jJhYqSCgqE9q0PgvQj5npiLJPvAyHOJwtJLtw1Q2sDcydOA6Pn66v3z23cMCg5buJOh1EZMUVCTOLu5Z1C56Aa0YJ85ONx1HIYLyqMfGekEvfAlxGwKkGec4zLGmCcKGWprmAsiUbKytmHblGGZ5tmPlFdYYj7Yr1QEmhZsWeWKjagcgVQP7w/lUc7FKpfNK0jRwAPsCNlL5pVv2p1x9CbbaKIZDL4j/1QkQV/BlPNxNJmGqkJ3diYKzo5yj2Ug/sWFkf0yQre7GkYOVuqVnkk21OhKhVbzzMcrmh44B9M38ItWbw7gHywi/qUrDjVqs8esuyDXI9kWllXmwMaV574YceoDwrFpSVdSHNjd70C9QftIuJhr8jnHBdwA+dsZ1u5T1x4QoHmm01U8zSyDTjRwfq8jKEBIjzWQ8yID8yf5szoI5U3ZYa4hTZqwMQWvV1GDSQqplZD4pUX6dCHam6cyFEau/Vy/s6Hup4RdSCPmi1OyQGIs62OCnq+PK6hO+D7Q64tBv0mxhNPvs2GIbd594Pg7DbkQHvdkmbjuQQr8j5itoLzQ3A+a2rJecdvKaamC0Rpw8q2wfGhIQf6yePzZPmvIkfoAvCW64e+5ydPxJ++S6IZFhgCO9L9VWApMj2HCwvP83gWDvxyDlrBu91pDbG2+WIbe21ENLroEwZ6cPQRKu1H8MBEWvv01DHJ9KvIcQj1rdhIImyLb0c6jjFezockDzmBhfp91DHJNb34cB4JGFPiA563C3LWC9Ve2cPIkTE4T3AGGPDDMtYIWOEMeMOMr7Uy6Zuo0CPC1rZ6TuopRotflnyBthrDouGl5JQOsPBKgShk2XTCxO8qenWZoZpViXd/TZptvBiQdJugoSlEdCedgZXfuDyeRyaOig0aPCdtgJbOQNpE97Oa22b6+eCp0XiepfV6ewMu0VKVerbdeGDFrOuMeeCsdNpGGaAcpf1t/M6wGiImbe+02vQUVdJZL44pIx5RVnxycDXQ4/RG+hgkfnlr1KeQAkWkkJnUTQjCS5qOh+0lYGHNwyvaGLKQWCx0bqbGd42mC7TuuPzRIFcT7hIJ7U0857s0wXUU36zdIKLxlbZMr5tNkxtTyzbGsJVSM5SC/zyuTEWO6s6qLnQHbXZjxyZMWDUOKqMrA+NKiPrEtWxR7XL57UMkiayAicEzQvIAHYj82qW+iOr2VJhw8VVlXP9IKM3zXN6Rmy4rOBcPWxfMDnU8rl1vSSRcKc7/IodFle9YBWuY1do2kv1UZTUsvyQy0JQvLZgs40/WHQKkvxWENYwxe1zlPgb0w1v7dItlt8k2eFENnfKBO4T5hJSK/joZXj0PK77KCjPvVCppNVJld/l4FSR1V6uARjAlrbsIBCtyjMOAKPfctkaLKUJVmXbJ/iKF2U+lKm3WsOreQ2AbGj7FJXodyL4MdzH/w1ha0+AhtMrghkU7LGbaU6FVDBoC9+dDJ+dGdMVLXMi0Ra2S3CWtTqjhsMSRBZZldJcwYDKhKAccoHmmGaFIC3i9MsaSqZG8RlrzUPr9dPGkB2OiXuDyee6ggcYUbX5wpYJFqQwLhoeXnRvTtrFnPSZzSf25hYka3sXuEbBrgiM4JkqSCd2T6uDQf2va61FmSPRZ8EAR36ErH7ar/NUlYC6/fnNf8r/fnzUuNbV6V2euywln7ohX0JBav1IHOacZmRGsDpWRKpjyvJCDYVPW6OyLHSaxmHjtz8unq9nH97PL/727XfPrpLfZheLdX/wcolF2gm+zDiGR+NYnPQHCIfU7pfuTksd3jS86+FkYEPrp8LCjlRaDdp6bxRJQYtQI301YxLqf3CBaD4xtf6OalAqSui36t+2b/hyQ2noW6/mgL7LorB38SVWiCfQuDI9txmnvJATE2U2SQmjJB3VwqomWo2Bj2tPmT8XAjNocZtwxkxnjuhn7jWFV7lWRyZlyQ5RsAn2BrJ/mxfaiRfCH05Gs3zb6fgzWF68LPrGwqMHzW9cFuv7F1fX6Nm7S/fyQ59LyvfWUMo6IfS20tCqx/TVnZHs4ch0n5pAqOwDY5NLtJqu/4ZalKmP58N22lXj7Ew3awzeyoKe3bhWH7VJtHaEoUHJ0+/Hp+MnZ3GUa7p0ed0TlCU0b/hYm4iWT6IHrubDQ7NlzAaobYt2XCflxhpOXFzvkBPH1dfDzCsGU81H5BNJik5iJlkhFRHnK86o4uLRCtPGdLajWgi6FU/gfsJSUKvQh/eXrUg9mnzKcXLzSJKkEFRtHk08cvc3b1eKFfBWbwHpeHEAFS8ygsVVIniWvTdvD6ehBTuptT+M46ofatQ7onNbFK4DU/1iHLfA41JFgOWCtLXK3/XoLW+9zS7FA2zoP14grT9Jompx2jGQPlio4XCoy7a15PutFn+8MCCG3mzv7rrma8A/XrjUJi0pooh6y18Ic+6HfeRD1OYZxzveky5qmJQAwWQooBGfNd78J75t9PZvR1wmophN5GY149lE6T0xUXRF7moe6B0uJIFKiV5jfNMf0NZVNLggwCViPashDnGvnwHxHnibol/b8F4TfDMRZC4n1igK+N8h5tfUdLdnClUQAQ1UlvaU3qS6wiQFzjKSTQSRCWafC2uP3issbjT2Gb0lNrcIjLEZMc0pq5wGqXieN41mvrsfSzkpWMZx+rlmYqABvzBwgAASPamf5AXg2W6KiQjlnji65gIX7z4YHrf8QsScC3BxVaIwgmK7yEb1KPE4kdFWQveciP6pTYIXCnogQXYlZHLGJuAJlo38AljaRk0ekqgTS0Fw9jnQvAafBslwrvm1hjRUabLVno35tzyl4NoCFarBj0cZlcu4Sf/vt6uJKFjLFmyfSJ8oEOoqI/3n315bbEzhI7vbRqZbDwyvudyo3F3OPRNYIifg65loKdMmPHbG/EcsZngRUNNCtR4mDdUuQ0xolIysRSCcLg7nQ5NYo6A4v4FuDICUxbMTL4UX8fShnUJvfryAIBtz9C5aQC4JPpjX6CeCc6hIn5TVwdy60N8H67L6ncnNrFWoN4vM9kQTlZtXTx7gaMa/oRlvtHkMUdIn052h9EFCWA7OO5DxYycWJJ5pt8PCvc1SF3IH8fBJUuSYJZs//grC4vE5hH54M/gDLGcrTbev7oYXbHHI9f0vPeA/+Qpv6nP4A6xxB13j2FXBOOK2vT720ZVJ4sz4AuwTTQdHnQea61S5TVc5Z/Xw3RDcK76ongstO5XVh4/JOBmvxq+Jws+xwheCYEXAQWQbvYRvth1cUctNHSNzdMUGbHJ/l50GmKZrrxyZJfzxot3cFTd1xXZhfLeUMps1LyghLnVIXVh0RG6V2sS6Geh2cIDVck74LRFLgtOOdW1jrthKB4DKjZPxdRg4W9s55nsXFwca7ou2jlEV/I9nJ6ffH588PT774fr05Pzk6fnpk9EPjx//+vHyzcu36NePxlNqhhhbJMZQ6vpX9PF28rf/XP79b7+ij6ZXE/hjn44fj0+O9bjjk6fjs6e/fjz5FVTCj0/G367kryP4Y7KiWUblxyfwt1acl1TJj6c/PHn8rf5okxP58deRqXwFvwAK4Gb6+NcPL97/1+T6pxdvJi9fXF/8VI4B3lL58VQ/D93bP/7PL0eA7S9H5//zy9EKq2Q5wVlm/pxxLtUvR+en45N//OMfv472kTcQ1i26hc3CFmBo44YosedEhau3XcRoAndgAko6VaWebm30Vfn2Nvwen5ysZAyVWsZBiYdexS5E9PdDtkb7lIFPOkBdKawo7IYh8Frm5fFiF0gT1KGfaoNZZ+SBcwYWn9TbF8REQ/e6DtgkA6hEPimBJwbJDvRe6MfsXPyAuwOskydotm0H2AuUIfO0uau2YPDkbOBmdNKtCwdzLaPqoECNONwK1jQISk2sSRsCZ8MQELxQtHZCh7DfmyfallmenP7032d//Y+bH/6+frJQC/xSsWHbg3YcyJfpQaTOFglw3bH1U550wXJl93Au+KeNF1VmP2mJJ7PfNiLJwmLk1ahoeBBZQzVJiVSU1f2cwRjPq0f8Lb7HcVtrv1OD57fW8dDzKwn6YEHjinFQ3sFB71oBNChknSz1oNJgvFqNUiiL1RyoPWbsXSO0vkHdcJqtSY7hNKO9J2zKYspdUlszTmDogm6hdTxn0gbdM6pomTR5ffHOi5fS+o1l93Fsibv5SI+Ve7zUAbYCOd7KYQ74XHCmCEt7M4Z7AT3gAmXQspCIhxafMvAJuikaHogg18BihpObIUjY56M4rLFEktjin4qjFWZeWVVvTaqSTRGMzBe9EdLXHFf/SXEvMsoDaRBjKgLNnJVrTFXpdw2ST0KOgBPTOX19bcE6QOw4ron9LRaUF1KfsQXpvSWrcD893MFwcjlh4VIQqfAso6bFhskqYThrmmq6MAZzz0SEl+AIkvXiXRCct6JKVb38yz1m+zvpWy2ViJinxj0RApIB0e9mJQfh4XaYpfuXWMeR7coDuYlEVQ0ht0/B7sYexKxW154HLi1qTQTxRJKtjQIxwLYuuFfCDQD1Rc6R9u6xs5C+kWiR8ZlRmwfgSQdIWCNVIanbdS8MJfxWmQ6VAybNIgEByBdQlsE+5PLSZxv007N3oERSBo3VIPC5Xokgeu9qsk798hd9LVyrJSkRsJdCRxXP/NWAVM8CGxwSNzjzy8ipcbxEziGzveqZXl12384Mr94u1Tfb87d6Zif1Btmdf7Ql96g77yiA857YVZEI6zeMe79Mpu2TeLQ9U2wnQgd9BmpEbkmQ60/deAWafulTvaG4tavNqHkmErGyF6ZJvRF+jSlYSm20AykTvbUqB50WSPg5YSlJI7KwEpStGlS5+d0hD2wNtw3vbQgRvy0PhEgGc99LTxioftuZOFE/vBLOEtvn38eNB0g1qaOpZkR83WcYvwM3bymHQ7K8xhwQS3s8HwDJJWZpVpXfd9edA+LaUK13RdV0IrdsyQMt6oDoWn2xU5D5mDqd1L6HyKecCEpY4ohKZYUVoCk2NlrZvl2/IbbiW0d1FYqv7eqGfsFkKwSMqVW/svzgg+uLd4gLKPH7sAFyqVSrivEuI1qBwmnqf95XYKCmuhPk20Oh43bjhQ2vNx0Ty+tVUNw5YqkY5mfW4ruQsVMjQAWAmmfNCSGIKgSrX/p6LHT8fMS5KgTRFyx+QwdW2nkL3+AMHenB/gzVFo5sc1Rb3sFYuXBg+1ri1HYbB5juUHCUHffEeElwSsTA0gmvqASTlH25HK2OBEoL4ihs1J5Kmz6yL1UPm9GOYJ3IyoZZ+7sivjzB7ooyajOFqD+fNt/dhU0/K4NYAbyEXETL5tixCWiaVMlm5+IvwicmW6sfm5hnD8wlHp/gtctlnWS0ETNS09dsiLHPJUi/5ds5TH0/teTpqHxGq/V+Zf1a89IOpDtQByOPOYUn3XVrjK/RI70gK0yBQ0rd0pqrR87MLL1KMlHjkAvF9ruimyous42qt8oOc2QhCs6ZUN3TpUSojKYx6myXy0AXsGBqtueFmqRY4W0kGmoFqyy/Uh/dGM2LLAvPuRFUqwelXr+psdh/TgecRoizWaeywJ09cB4EU5jxdPPQa9zurbe/wENmWc4wadVntCIEwXlgG9nh4lPziMUN7q0hXn0JHNsQOElIrkKGTzIe6EAt9vc/BJbWIUwTyhbY8wdfwgct7mDzZXddkXLE+DoOKiiSklmxV3HHtm4+diIw/qBCsnOcQAPKXW0azUP1yqSrQskvrKr4US05LZrWlLq1vqwrSXs45GKNVI+AakcjdMS4ognRv/lxNiN0tMaCUbY4QpHC80eJoIomODv60pVoS4iY7pFRvZXJ9PD3PPYvzmOQGVYcxqMQZzML4Z7T/sU4zR3kVPqn+OVV/0rPl5dXZYoEsE70WKft7TxbsPYrKzdgoM/exU+jsEPfPuuuPmTfvuvqlrGtd999e7wALIQV25IMdwMfINhbPJRxwayl71sj1KsjlWQAAhAf1pUf/Idu53gHXS6vqzvrtt3yxVrxfenWiRIKlWBV9O6a2Be4LGaeoT0OfU3Z47PDw/+ZspSvJdoK35n5Ypfqw2zK2IW7ZSWoInewO/WwZnfquzxlUuFtRcLjUY8HwIV5UQb2GAPPmwuTdOe8tWmvsaz6kLQkz3/BrqdRE/6+4gpM11WYr7HVS1OdsjSmdR8vSy7V4dcOGucbmzvA6cbhn7QjK6Bdmiz/SKgbadKO+X1L133S82MtXYv7lq7qvqXrfUvXrWjdt3T1MLpv6Xrf0hV+7lu63rd0HciU9y1doyS6b+l639K1wzI/vKfrlzY1AvQDG4Et8K024C/rlLDQDzx3C3zr3L+ksejeHROA/dJmb0Gw5GySL0VbGfl9jf56fGTGb/VIFXdh8AVvpVdwOuc860i5utcF73XBe13wXhc8IC5t/elu8PzGjxj9i/67JdoEvqt6occCS9xwaP9w0T07gRtkM76AyP/eeqiiKyIVXg0Usq56OLxaRWc78C0Jy+SW1E/6qgbUz8/ev6mXm+wXUWQG/tLBcigQi7F6q3sdqxdlMJpXB8T219b0b0Ekw412WrtOHhqnwICDUIDW4oc63BG6hk7llHXwW4/TNEIWdBjBU6OSaazeRSe0lVvRNjtfD7QQem1LW+S4KuEE2LWjMy+ywTbHXrhAa+Uiyxx56qvphDWdYeZLa/NBi7g2X3bH95cjon9agX3Q7gB/MTTb3iGgXppgT7gXNn8bhtXcaBBpvbfWW+Ab0KbDTe0r8+EkWkEw4wupsPQb07qPWpjKfd3NVt646OCMZRF95SEakmEA0/lRrXrLuUEH2a4Oe6a2ePr1xogB6lIm9ry1lqqEE48W/sjlNgtzq4e03Fd88eTv5vG26FfHMQdE0YyJuLBHzLrsI1prH9vVneVACxevhigKxky+qQblIaipuwW9jC8mMI/+u30LjjfENDcwPiuIll+YMmYl7pGk41LoNeqMD95wzSHud9b9zvrsO6t9Vw3H7j1eo7RY5aUf2/mIm0DKaBOwjB3Y0BgUiQUAXbBVsyXzPhxjW7xWsM/RJcsLJUfoJTToliP0tlD6E81TFzwlSVu/J85vJpTFanPvboh+AWXsoVoUNPmy6VbORNknGNjhxTBrRLncGVoArAsru5w5FrglWHo4R1+Z1pTmkAhWFSWczenCNhPdjtAkekjtd34d/68QswAlk+9gqzPV4y16/WJV4xVnC57OPM3YftI/Feu1fuH5f2xPx6pgoSEpWaH66kHbmpO15yEecfy2YRDDYktW4DbmtO9UB2js8C7taJfBx20irttQtQWjlwWDegA4QwlWZMEF/d12PtqC3MXb16+fvXk+EEXW2NE9FB/ySW1FhzKqMEtNhdFBSMWG7aNkWBtMp/nKk2Jub27kb5m3M19vrv76qv++1KDglXBnyiUXamKkyTlSomi73TrwaNf8yRYEUMeOPXyoRojI8IiNz2kpNyrehMYVyuHH7jMI5jcz/3b83fjMKt6unI7RKGk6Ri+5sM/ZUAKJckE5VJTx3mxAAMrBXq1i2G31Rdri9t/iDrB5yx0T7b5qfGl/wAEvkVt4WUMYxMqRhIEeEzXAIBAUynsl0PvN5MJD4ml7KtBwYJDqA/Os7jkdoN0qtEWbNsIL+gQxVI0WDoeIyQHWAmF86Ga+VXGdChutw4/2auib8eTmTvDFK17YLLMQ5zWmmqTubqAR0NJnRqqwirEeoTGq0ZKp3Gu+gq8lZI0dSPSGiVV69KoQnlXbOzYPYKOFImXkUIdBBCOZYNYPobZTcB9kCkY/eWekwjeEVTJuevXiuvp22oVcs/lXv9i9sidYi/A4JOW9krCXz0smt9CtvscWlH3y9L03+u9h+h68sqO+58CjffS9CALos1fNqBDZoXZGGRc20ReEKAtgIfBAhnvGzFumtqCG4B00RI7RpYIIMuh7gGYkwYWEBoXGh7wy7S1MXUcyQjMiaUqkVxuvAbEafhSAMmvlymFm9Iag6f85fsnFGouUpPq36RhdEYJwJk1BzGlJk2ksWO4Og5svGoHNxokMlf7yYpbRpHFghxjDKk4N8cfoco4Yr15swKuohIUrBKqs1hzRdS0egt5i1dQcYog0IQJirfraH7Zoxn1UcQD2SwZ4f+mI5n/SjPsvVnjlPmH+0AnzH+4T5u8T5u8T5u8T5u8T5u8T5u8T5u+TpGL0uk+Suk+Suk+S+mIJ85VRbrgT9sCxiabppwmseEDGi7FBaYRcYeSHLUFIBzMJvyudpIQpOqdEoAfvLp+3wFUHNEVbl68D25bIVDZ/OBjoi8oCvg384b21xG/z6uztXDrPgbO4vzWftNjcra2bfMq5UJXbZGrHmXbnDFbQ0P65AoLIItvefKRzi4JReR6fkxkfrYgS+ghXfTfq4a2V/qFrnZtLrKrinMY2CzGoLdaWJHLo7YHUSy4QZYmAxk/6ro0VHqEVFjcQPay1KBM/XBYSxWna8OIhU1RzxW9JCsb/BDM0I9Bsmc/REbxzNEJH9pmjkX7hSDKcyyVXLZXbl1yqSbW7DrsSnqxy8hzc9UEdVcvlVgWm0oUvN4+8N1r1zLJNOVDzZCyNSIx+Amf0gUTRh9DzaLkLeMj3miNJWWKDwXOeLMfog7Qe6oSv8kI5r9v03z1HZcKzYtVWtxVnhKVYRCdT7Lw6NpBVuL6+ZVSe0VSzzDVIpysCrnGj9tv9bpesdEPmXKqFIGHs2Tvz4eAAtOq9Hb2SATZo97jREJG7Dh2tu0XbyOB+/jARaHRFfufdjefaQf1upVcJ9vOEufnqVFx+NA2/VcQZTleUDYo3cxkIjWFLmy9WeNas7lLBXG1MgPVgkNGR+0XWvXx2/ezVoePq0liIfFeEUIXP45PxySB0nrvYdz5HeGg8SAX36sWrFxfX6E/o5fu3r2EN5b8NwuOvttuC7f34pQIOrbQWJA26qLzXf7fIaPiuO6XVDYe+eKK0QbaUlj2F5eGuaNdeLOvlc3eaGqxiPZmr2K1D56jpEUP4rpb+GF0EauN0haUiYjpCU5nhW6J/SZY0S6fogT6Z3z9/+ejZ25doLUzfRfju4Simm061IkEZyab9w3gPlS7YmBZkcOrJ3BIx4xLmZVofTUEvntp2Ry243slmbIx6wMjfKxfaC2Eopof4rVY99SluWOCWYoQRI2rNxY13Ye+rVSSrIcEbvSLcVivMUkQg16vNH+wOjPHBum78BKRiC0QVxL0ixR0OVv81eEHyWyK608wOKj0qqdFxWN2QAzYL01BvyCa8kjkC6Kto9+JgccgiExDtKxaFPiSlafocRyrBWaZRsiea8fJ4R9oVfND/3mEG2PG+UUJH+4RBxlBAXXGQhVoe8r7xirLiE4xaZWl99qwX6MGL0worjU93BaWWBiI9MwfAVrQD1FzwhcCr3fWDnQEfVN68qwSOQwxsZdKVj9qO0OFPyl65b/tlqIA5p0rOqAyCJg5LIsUjybE+XCnrMR47u1jtTpSmp2SiT6Orq5/0vCkzWMl+/s2uHP4eV2JNmBrgulp19Aw6LRs740tMs9LMeMlucUbTo7H3TATGimAmEUaygDDreZEZcONqBPuMXRgbK2LDyFxGc+lujoCwLv8Sv/p41RSxUmSVK7TEEs3h4TqdO0NXB5C0FiZro1HrxM2xlPrQPAKKmpDjG7I5asOq4eV3TBj5oheqVVHoWh5TSC99Aq9w00lbamyC5zlJm2HdB8ZPU7ZSY+0Sa/WX54SZDmKrFUkpViTbOKzakI6Uee4MnBmCMBR73oukki4YVoVoMnwvPMrXSxOvRcyEtd+QTRvgWDBJl6zrgdDgkJKp3dJ6F41bMgrMz6FjS+LRJe3xJQMiTLb75Xt55gfFmfSLXbg7zKhq8BnqHdpxZ2gZsJ3U2h6XczDstkfn9IrP6ROhM4BefaN0hsSlHIxkrdEpPj6ySPkdamxGTyvTfJ2jX0OduqvrQC2uFlJjfkqrNKhFb95eg/exSDkRzXjZXmdDEOigR0uwNEeUHra8dncrSKrRwLwn9Ovr//IOxQAibTM+eIf2ekelLLFlJVMqSKK42OyBRDRJoFwnwfmOurjCYkGUvaZwzxJSR1CuqUqWEZe5V7xlFTve+pGqZqUDO6JGYcsNSeON0/ht9U73nAW847aLnj69CFVlyc0IZQsTxNHKNI17fG9tswv85fNWRe7gAGEROyAuY+kCPcbV76E5z1IvbISRNUywVT9ekkgF4h7AUjLHRabMAB3goiwOFPgiPO4gf3Ym9xUnTSVA5A54rhWBymIVAe+ZZO+qkooZ2jPXfmELqcXns9tI+8C9IytpL9AN1juEObQP5M9oELXuDyUwmdMbz/9xbT4ZFnhlX9pela+Ch/bxeEThoS9S+sGhsk/xh+iCH6iEQauCdZ/sf5/sf5/sH8PuPtkf3Sf73yf7s/tk//tk/95o3Sf73yf73yf713/uk/3vk/3vk/3vk/3/1ZP9Q0zg2jsBLj7gpdKrN2sgyCj4ueBMEZa22z92M7X5e9jBAKETv9ni5EYj0WZU2IJD3Pwiyt5HdnjrmnSGBgpmK1N686v/FwAA//+s6lOv" } diff --git a/filebeat/input/docker/config.go b/filebeat/input/docker/config.go index 73fdd4b70bd7..ddd5c1ac6290 100644 --- a/filebeat/input/docker/config.go +++ b/filebeat/input/docker/config.go @@ -29,7 +29,7 @@ var defaultConfig = config{ type config struct { Containers containers `config:"containers"` - // Partial configures the prospector to join partial lines + // Partial configures the input to join partial lines Partial bool `config:"combine_partials"` // Enable CRI flags parsing (to be switched to default in 7.0) diff --git a/filebeat/input/log/config.go b/filebeat/input/log/config.go index 12ebaa5ebd4b..234da58cc954 100644 --- a/filebeat/input/log/config.go +++ b/filebeat/input/log/config.go @@ -145,7 +145,7 @@ var ValidScanSort = map[string]struct{}{ } func (c *config) Validate() error { - // DEPRECATED 6.0.0: warning is already outputted on prospector level + // DEPRECATED 6.0.0: warning is already outputted on input level if c.InputType != "" { c.Type = c.InputType } diff --git a/filebeat/module/apache2/access/test/test.log-expected.json b/filebeat/module/apache2/access/test/test.log-expected.json index 83f1ab65c29b..72adc8faf1ca 100644 --- a/filebeat/module/apache2/access/test/test.log-expected.json +++ b/filebeat/module/apache2/access/test/test.log-expected.json @@ -1,77 +1,73 @@ [ { - "@timestamp": "2016-12-26T14:16:29.000Z", - "apache2.access.body_sent.bytes": "209", - "apache2.access.http_version": "1.1", - "apache2.access.method": "GET", - "apache2.access.remote_ip": "::1", - "apache2.access.response_code": "404", - "apache2.access.url": "/favicon.ico", - "apache2.access.user_name": "-", - "fileset.module": "apache2", - "fileset.name": "access", - "input.type": "log", - "offset": 0, - "prospector.type": "log" - }, + "@timestamp": "2016-12-26T14:16:29.000Z", + "apache2.access.body_sent.bytes": "209", + "apache2.access.http_version": "1.1", + "apache2.access.method": "GET", + "apache2.access.remote_ip": "::1", + "apache2.access.response_code": "404", + "apache2.access.url": "/favicon.ico", + "apache2.access.user_name": "-", + "fileset.module": "apache2", + "fileset.name": "access", + "input.type": "log", + "offset": 0 + }, { - "@timestamp": "2016-12-26T16:22:13.000Z", - "apache2.access.body_sent.bytes": "499", - "apache2.access.http_version": "1.1", - "apache2.access.method": "GET", - "apache2.access.referrer": "-", - "apache2.access.remote_ip": "192.168.33.1", - "apache2.access.response_code": "404", - "apache2.access.url": "/hello", - "apache2.access.user_agent.device": "Other", - "apache2.access.user_agent.major": "50", - "apache2.access.user_agent.minor": "0", - "apache2.access.user_agent.name": "Firefox", - "apache2.access.user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0", - "apache2.access.user_agent.os": "Mac OS X 10.12", - "apache2.access.user_agent.os_major": "10", - "apache2.access.user_agent.os_minor": "12", - "apache2.access.user_agent.os_name": "Mac OS X", - "apache2.access.user_name": "-", - "fileset.module": "apache2", - "fileset.name": "access", - "input.type": "log", - "offset": 73, - "prospector.type": "log" - }, + "@timestamp": "2016-12-26T16:22:13.000Z", + "apache2.access.body_sent.bytes": "499", + "apache2.access.http_version": "1.1", + "apache2.access.method": "GET", + "apache2.access.referrer": "-", + "apache2.access.remote_ip": "192.168.33.1", + "apache2.access.response_code": "404", + "apache2.access.url": "/hello", + "apache2.access.user_agent.device": "Other", + "apache2.access.user_agent.major": "50", + "apache2.access.user_agent.minor": "0", + "apache2.access.user_agent.name": "Firefox", + "apache2.access.user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0", + "apache2.access.user_agent.os": "Mac OS X 10.12", + "apache2.access.user_agent.os_major": "10", + "apache2.access.user_agent.os_minor": "12", + "apache2.access.user_agent.os_name": "Mac OS X", + "apache2.access.user_name": "-", + "fileset.module": "apache2", + "fileset.name": "access", + "input.type": "log", + "offset": 73 + }, { - "@timestamp": "2016-12-26T14:16:48.000Z", - "apache2.access.remote_ip": "::1", - "apache2.access.response_code": "408", - "apache2.access.user_name": "-", - "fileset.module": "apache2", - "fileset.name": "access", - "input.type": "log", - "offset": 238, - "prospector.type": "log" - }, + "@timestamp": "2016-12-26T14:16:48.000Z", + "apache2.access.remote_ip": "::1", + "apache2.access.response_code": "408", + "apache2.access.user_name": "-", + "fileset.module": "apache2", + "fileset.name": "access", + "input.type": "log", + "offset": 238 + }, { - "@timestamp": "2017-05-29T19:02:48.000Z", - "apache2.access.body_sent.bytes": "612", - "apache2.access.http_version": "1.1", - "apache2.access.method": "GET", - "apache2.access.referrer": "-", - "apache2.access.remote_ip": "172.17.0.1", - "apache2.access.response_code": "404", - "apache2.access.url": "/stringpatch", - "apache2.access.user_agent.device": "Other", - "apache2.access.user_agent.major": "15", - "apache2.access.user_agent.minor": "0", - "apache2.access.user_agent.name": "Firefox Alpha", - "apache2.access.user_agent.original": "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2", - "apache2.access.user_agent.os": "Windows 7", - "apache2.access.user_agent.os_name": "Windows 7", - "apache2.access.user_agent.patch": "a2", - "apache2.access.user_name": "-", - "fileset.module": "apache2", - "fileset.name": "access", - "input.type": "log", - "offset": 285, - "prospector.type": "log" + "@timestamp": "2017-05-29T19:02:48.000Z", + "apache2.access.body_sent.bytes": "612", + "apache2.access.http_version": "1.1", + "apache2.access.method": "GET", + "apache2.access.referrer": "-", + "apache2.access.remote_ip": "172.17.0.1", + "apache2.access.response_code": "404", + "apache2.access.url": "/stringpatch", + "apache2.access.user_agent.device": "Other", + "apache2.access.user_agent.major": "15", + "apache2.access.user_agent.minor": "0", + "apache2.access.user_agent.name": "Firefox Alpha", + "apache2.access.user_agent.original": "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2", + "apache2.access.user_agent.os": "Windows 7", + "apache2.access.user_agent.os_name": "Windows 7", + "apache2.access.user_agent.patch": "a2", + "apache2.access.user_name": "-", + "fileset.module": "apache2", + "fileset.name": "access", + "input.type": "log", + "offset": 285 } -] \ No newline at end of file +] diff --git a/filebeat/module/apache2/error/test/test.log-expected.json b/filebeat/module/apache2/error/test/test.log-expected.json index 96d611064654..160c53716813 100644 --- a/filebeat/module/apache2/error/test/test.log-expected.json +++ b/filebeat/module/apache2/error/test/test.log-expected.json @@ -1,39 +1,36 @@ [ { - "@timestamp": "2016-12-26T16:22:08.000Z", - "apache2.error.client": "192.168.33.1", - "apache2.error.level": "error", - "apache2.error.message": "File does not exist: /var/www/favicon.ico", - "fileset.module": "apache2", - "fileset.name": "error", - "input.type": "log", - "offset": 0, - "prospector.type": "log" - }, + "@timestamp": "2016-12-26T16:22:08.000Z", + "apache2.error.client": "192.168.33.1", + "apache2.error.level": "error", + "apache2.error.message": "File does not exist: /var/www/favicon.ico", + "fileset.module": "apache2", + "fileset.name": "error", + "input.type": "log", + "offset": 0 + }, { - "@timestamp": "2016-12-26T16:15:55.103Z", - "apache2.error.level": "notice", - "apache2.error.message": "AH00094: Command line: '/usr/local/Cellar/httpd24/2.4.23_2/bin/httpd'", - "apache2.error.module": "core", - "apache2.error.pid": "11379", - "fileset.module": "apache2", - "fileset.name": "error", - "input.type": "log", - "offset": 99, - "prospector.type": "log" - }, + "@timestamp": "2016-12-26T16:15:55.103Z", + "apache2.error.level": "notice", + "apache2.error.message": "AH00094: Command line: '/usr/local/Cellar/httpd24/2.4.23_2/bin/httpd'", + "apache2.error.module": "core", + "apache2.error.pid": "11379", + "fileset.module": "apache2", + "fileset.name": "error", + "input.type": "log", + "offset": 99 + }, { - "@timestamp": "2011-09-09T10:42:29.902Z", - "apache2.error.client": "72.15.99.187", - "apache2.error.level": "error", - "apache2.error.message": "File does not exist: /usr/local/apache2/htdocs/favicon.ico", - "apache2.error.module": "core", - "apache2.error.pid": "35708", - "apache2.error.tid": "4328636416", - "fileset.module": "apache2", - "fileset.name": "error", - "input.type": "log", - "offset": 229, - "prospector.type": "log" + "@timestamp": "2011-09-09T10:42:29.902Z", + "apache2.error.client": "72.15.99.187", + "apache2.error.level": "error", + "apache2.error.message": "File does not exist: /usr/local/apache2/htdocs/favicon.ico", + "apache2.error.module": "core", + "apache2.error.pid": "35708", + "apache2.error.tid": "4328636416", + "fileset.module": "apache2", + "fileset.name": "error", + "input.type": "log", + "offset": 229 } -] \ No newline at end of file +] diff --git a/filebeat/module/auditd/log/test/test.log-expected.json b/filebeat/module/auditd/log/test/test.log-expected.json index 4b63b828497f..d51ebce1676d 100644 --- a/filebeat/module/auditd/log/test/test.log-expected.json +++ b/filebeat/module/auditd/log/test/test.log-expected.json @@ -1,54 +1,52 @@ [ { - "@timestamp": "2017-01-31T20:17:14.891Z", - "auditd.log.auid": "4294967295", - "auditd.log.dst": "192.168.0.0", - "auditd.log.dst_prefixlen": "16", - "auditd.log.op": "SPD-delete", - "auditd.log.record_type": "MAC_IPSEC_EVENT", - "auditd.log.res": "1", - "auditd.log.sequence": 18877201, - "auditd.log.ses": "4294967295", - "auditd.log.src": "192.168.2.0", - "auditd.log.src_prefixlen": "24", - "fileset.module": "auditd", - "fileset.name": "log", - "input.type": "log", - "offset": 0, - "prospector.type": "log" - }, + "@timestamp": "2017-01-31T20:17:14.891Z", + "auditd.log.auid": "4294967295", + "auditd.log.dst": "192.168.0.0", + "auditd.log.dst_prefixlen": "16", + "auditd.log.op": "SPD-delete", + "auditd.log.record_type": "MAC_IPSEC_EVENT", + "auditd.log.res": "1", + "auditd.log.sequence": 18877201, + "auditd.log.ses": "4294967295", + "auditd.log.src": "192.168.2.0", + "auditd.log.src_prefixlen": "24", + "fileset.module": "auditd", + "fileset.name": "log", + "input.type": "log", + "offset": 0 + }, { - "@timestamp": "2017-01-31T20:17:14.891Z", - "auditd.log.a0": "9", - "auditd.log.a1": "7f564b2672a0", - "auditd.log.a2": "b8", - "auditd.log.a3": "0", - "auditd.log.arch": "x86_64", - "auditd.log.auid": "4294967295", - "auditd.log.comm": "charon", - "auditd.log.egid": "0", - "auditd.log.euid": "0", - "auditd.log.exe": "/usr/libexec/strongswan/charon (deleted)", - "auditd.log.exit": "184", - "auditd.log.fsgid": "0", - "auditd.log.fsuid": "0", - "auditd.log.gid": "0", - "auditd.log.items": "0", - "auditd.log.pid": "1281", - "auditd.log.ppid": "1240", - "auditd.log.record_type": "SYSCALL", - "auditd.log.sequence": 18877199, - "auditd.log.ses": "4294967295", - "auditd.log.sgid": "0", - "auditd.log.success": "yes", - "auditd.log.suid": "0", - "auditd.log.syscall": "44", - "auditd.log.tty": "(none)", - "auditd.log.uid": "0", - "fileset.module": "auditd", - "fileset.name": "log", - "input.type": "log", - "offset": 174, - "prospector.type": "log" + "@timestamp": "2017-01-31T20:17:14.891Z", + "auditd.log.a0": "9", + "auditd.log.a1": "7f564b2672a0", + "auditd.log.a2": "b8", + "auditd.log.a3": "0", + "auditd.log.arch": "x86_64", + "auditd.log.auid": "4294967295", + "auditd.log.comm": "charon", + "auditd.log.egid": "0", + "auditd.log.euid": "0", + "auditd.log.exe": "/usr/libexec/strongswan/charon (deleted)", + "auditd.log.exit": "184", + "auditd.log.fsgid": "0", + "auditd.log.fsuid": "0", + "auditd.log.gid": "0", + "auditd.log.items": "0", + "auditd.log.pid": "1281", + "auditd.log.ppid": "1240", + "auditd.log.record_type": "SYSCALL", + "auditd.log.sequence": 18877199, + "auditd.log.ses": "4294967295", + "auditd.log.sgid": "0", + "auditd.log.success": "yes", + "auditd.log.suid": "0", + "auditd.log.syscall": "44", + "auditd.log.tty": "(none)", + "auditd.log.uid": "0", + "fileset.module": "auditd", + "fileset.name": "log", + "input.type": "log", + "offset": 174 } -] \ No newline at end of file +] diff --git a/filebeat/module/elasticsearch/audit/test/test.log-expected.json b/filebeat/module/elasticsearch/audit/test/test.log-expected.json index 77948ecc89fc..9da193b9b8e6 100644 --- a/filebeat/module/elasticsearch/audit/test/test.log-expected.json +++ b/filebeat/module/elasticsearch/audit/test/test.log-expected.json @@ -1,114 +1,107 @@ [ { - "@timestamp": "2018-06-19T05:16:15,549", - "elasticsearch.audit.event_type": "authentication_failed", - "elasticsearch.audit.layer": "rest", - "elasticsearch.audit.origin_address": "147.107.128.77", - "elasticsearch.audit.principal": "i030648", - "elasticsearch.audit.uri": "/_xpack/security/_authenticate", - "fileset.module": "elasticsearch", - "fileset.name": "audit", - "input.type": "log", - "message": "[2018-06-19T05:16:15,549] [rest] [authentication_failed] origin_address=[147.107.128.77], principal=[i030648], uri=[/_xpack/security/_authenticate]", - "offset": 0, - "prospector.type": "log", + "@timestamp": "2018-06-19T05:16:15,549", + "elasticsearch.audit.event_type": "authentication_failed", + "elasticsearch.audit.layer": "rest", + "elasticsearch.audit.origin_address": "147.107.128.77", + "elasticsearch.audit.principal": "i030648", + "elasticsearch.audit.uri": "/_xpack/security/_authenticate", + "fileset.module": "elasticsearch", + "fileset.name": "audit", + "input.type": "log", + "message": "[2018-06-19T05:16:15,549] [rest] [authentication_failed] origin_address=[147.107.128.77], principal=[i030648], uri=[/_xpack/security/_authenticate]", + "offset": 0, "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-19T05:07:52,304", - "elasticsearch.audit.event_type": "authentication_failed", - "elasticsearch.audit.layer": "rest", - "elasticsearch.audit.origin_address": "172.22.0.3", - "elasticsearch.audit.principal": "rado", - "elasticsearch.audit.uri": "/_xpack/security/_authenticate", - "elasticsearch.node.name": "v_VJhjV", - "fileset.module": "elasticsearch", - "fileset.name": "audit", - "input.type": "log", - "message": "[2018-06-19T05:07:52,304] [v_VJhjV] [rest] [authentication_failed]\torigin_address=[172.22.0.3], principal=[rado], uri=[/_xpack/security/_authenticate]", - "offset": 155, - "prospector.type": "log", + "@timestamp": "2018-06-19T05:07:52,304", + "elasticsearch.audit.event_type": "authentication_failed", + "elasticsearch.audit.layer": "rest", + "elasticsearch.audit.origin_address": "172.22.0.3", + "elasticsearch.audit.principal": "rado", + "elasticsearch.audit.uri": "/_xpack/security/_authenticate", + "elasticsearch.node.name": "v_VJhjV", + "fileset.module": "elasticsearch", + "fileset.name": "audit", + "input.type": "log", + "message": "[2018-06-19T05:07:52,304] [v_VJhjV] [rest] [authentication_failed]\torigin_address=[172.22.0.3], principal=[rado], uri=[/_xpack/security/_authenticate]", + "offset": 155, "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-19T05:00:15,778", - "elasticsearch.audit.action": "indices:data/read/scroll/clear", - "elasticsearch.audit.event_type": "access_granted", - "elasticsearch.audit.layer": "transport", - "elasticsearch.audit.origin_address": "192.168.1.165", - "elasticsearch.audit.origin_type": "local_node", - "elasticsearch.audit.principal": "_xpack_security", - "elasticsearch.audit.request": "ClearScrollRequest", - "fileset.module": "elasticsearch", - "fileset.name": "audit", - "input.type": "log", - "message": "[2018-06-19T05:00:15,778] [transport] [access_granted] origin_type=[local_node], origin_address=[192.168.1.165], principal=[_xpack_security], action=[indices:data/read/scroll/clear], request=[ClearScrollRequest]", - "offset": 306, - "prospector.type": "log", + "@timestamp": "2018-06-19T05:00:15,778", + "elasticsearch.audit.action": "indices:data/read/scroll/clear", + "elasticsearch.audit.event_type": "access_granted", + "elasticsearch.audit.layer": "transport", + "elasticsearch.audit.origin_address": "192.168.1.165", + "elasticsearch.audit.origin_type": "local_node", + "elasticsearch.audit.principal": "_xpack_security", + "elasticsearch.audit.request": "ClearScrollRequest", + "fileset.module": "elasticsearch", + "fileset.name": "audit", + "input.type": "log", + "message": "[2018-06-19T05:00:15,778] [transport] [access_granted] origin_type=[local_node], origin_address=[192.168.1.165], principal=[_xpack_security], action=[indices:data/read/scroll/clear], request=[ClearScrollRequest]", + "offset": 306, "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-19T05:07:45,544", - "elasticsearch.audit.event_type": "anonymous_access_denied", - "elasticsearch.audit.layer": "rest", - "elasticsearch.audit.origin_address": "172.22.0.3", - "elasticsearch.audit.uri": "/_xpack/security/_authenticate", - "elasticsearch.node.name": "v_VJhjV", - "fileset.module": "elasticsearch", - "fileset.name": "audit", - "input.type": "log", - "message": "[2018-06-19T05:07:45,544] [v_VJhjV] [rest] [anonymous_access_denied]\torigin_address=[172.22.0.3], uri=[/_xpack/security/_authenticate]", - "offset": 519, - "prospector.type": "log", + "@timestamp": "2018-06-19T05:07:45,544", + "elasticsearch.audit.event_type": "anonymous_access_denied", + "elasticsearch.audit.layer": "rest", + "elasticsearch.audit.origin_address": "172.22.0.3", + "elasticsearch.audit.uri": "/_xpack/security/_authenticate", + "elasticsearch.node.name": "v_VJhjV", + "fileset.module": "elasticsearch", + "fileset.name": "audit", + "input.type": "log", + "message": "[2018-06-19T05:07:45,544] [v_VJhjV] [rest] [anonymous_access_denied]\torigin_address=[172.22.0.3], uri=[/_xpack/security/_authenticate]", + "offset": 519, "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-19T05:26:27,268", - "elasticsearch.audit.event_type": "authentication_failed", - "elasticsearch.audit.layer": "rest", - "elasticsearch.audit.origin_address": "147.107.128.77", - "elasticsearch.audit.principal": "N078801", - "elasticsearch.audit.uri": "/_xpack/security/_authenticate", - "fileset.module": "elasticsearch", - "fileset.name": "audit", - "input.type": "log", - "message": "[2018-06-19T05:26:27,268] [rest] [authentication_failed]\torigin_address=[147.107.128.77], principal=[N078801], uri=[/_xpack/security/_authenticate]", - "offset": 654, - "prospector.type": "log", + "@timestamp": "2018-06-19T05:26:27,268", + "elasticsearch.audit.event_type": "authentication_failed", + "elasticsearch.audit.layer": "rest", + "elasticsearch.audit.origin_address": "147.107.128.77", + "elasticsearch.audit.principal": "N078801", + "elasticsearch.audit.uri": "/_xpack/security/_authenticate", + "fileset.module": "elasticsearch", + "fileset.name": "audit", + "input.type": "log", + "message": "[2018-06-19T05:26:27,268] [rest] [authentication_failed]\torigin_address=[147.107.128.77], principal=[N078801], uri=[/_xpack/security/_authenticate]", + "offset": 654, "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-19T05:55:26,898", - "elasticsearch.audit.action": "cluster:monitor/main", - "elasticsearch.audit.event_type": "access_denied", - "elasticsearch.audit.layer": "transport", - "elasticsearch.audit.origin_address": "147.107.128.77", - "elasticsearch.audit.origin_type": "rest", - "elasticsearch.audit.principal": "_anonymous", - "elasticsearch.audit.request": "MainRequest", - "fileset.module": "elasticsearch", - "fileset.name": "audit", - "input.type": "log", - "message": "[2018-06-19T05:55:26,898] [transport] [access_denied]\torigin_type=[rest], origin_address=[147.107.128.77], principal=[_anonymous], action=[cluster:monitor/main], request=[MainRequest]", - "offset": 802, - "prospector.type": "log", + "@timestamp": "2018-06-19T05:55:26,898", + "elasticsearch.audit.action": "cluster:monitor/main", + "elasticsearch.audit.event_type": "access_denied", + "elasticsearch.audit.layer": "transport", + "elasticsearch.audit.origin_address": "147.107.128.77", + "elasticsearch.audit.origin_type": "rest", + "elasticsearch.audit.principal": "_anonymous", + "elasticsearch.audit.request": "MainRequest", + "fileset.module": "elasticsearch", + "fileset.name": "audit", + "input.type": "log", + "message": "[2018-06-19T05:55:26,898] [transport] [access_denied]\torigin_type=[rest], origin_address=[147.107.128.77], principal=[_anonymous], action=[cluster:monitor/main], request=[MainRequest]", + "offset": 802, "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-19T05:24:15,190", - "elasticsearch.audit.event_type": "authentication_failed", - "elasticsearch.audit.layer": "rest", - "elasticsearch.audit.origin_address": "172.18.0.3", - "elasticsearch.audit.principal": "elastic", - "elasticsearch.audit.request_body": "body", - "elasticsearch.audit.uri": "/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip", - "elasticsearch.node.name": "v_VJhjV", - "fileset.module": "elasticsearch", - "fileset.name": "audit", - "input.type": "log", - "message": "[2018-06-19T05:24:15,190] [v_VJhjV] [rest] [authentication_failed]\torigin_address=[172.18.0.3], principal=[elastic], uri=[/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip], request_body=[body]", - "offset": 986, - "prospector.type": "log", + "@timestamp": "2018-06-19T05:24:15,190", + "elasticsearch.audit.event_type": "authentication_failed", + "elasticsearch.audit.layer": "rest", + "elasticsearch.audit.origin_address": "172.18.0.3", + "elasticsearch.audit.principal": "elastic", + "elasticsearch.audit.request_body": "body", + "elasticsearch.audit.uri": "/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip", + "elasticsearch.node.name": "v_VJhjV", + "fileset.module": "elasticsearch", + "fileset.name": "audit", + "input.type": "log", + "message": "[2018-06-19T05:24:15,190] [v_VJhjV] [rest] [authentication_failed]\torigin_address=[172.18.0.3], principal=[elastic], uri=[/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip], request_body=[body]", + "offset": 986, "service.name": "elasticsearch" } -] \ No newline at end of file +] diff --git a/filebeat/module/elasticsearch/deprecation/manifest.yml b/filebeat/module/elasticsearch/deprecation/manifest.yml index 63bc20cb74e0..4b84f379cda8 100644 --- a/filebeat/module/elasticsearch/deprecation/manifest.yml +++ b/filebeat/module/elasticsearch/deprecation/manifest.yml @@ -10,4 +10,4 @@ var: - c:/ProgramData/Elastic/Elasticsearch/logs/*_deprecation.log ingest_pipeline: ingest/pipeline.json -prospector: config/log.yml +input: config/log.yml diff --git a/filebeat/module/elasticsearch/gc/test/test.log-expected.json b/filebeat/module/elasticsearch/gc/test/test.log-expected.json index c9d0621afc95..07f751bc0fa0 100644 --- a/filebeat/module/elasticsearch/gc/test/test.log-expected.json +++ b/filebeat/module/elasticsearch/gc/test/test.log-expected.json @@ -1,62 +1,59 @@ [ { - "@timestamp": "2018-03-03T14:37:06.157Z", - "elasticsearch.gc.heap.size_kb": "253440", - "elasticsearch.gc.heap.used_kb": "142444", - "elasticsearch.gc.jvm_runtime_sec": "14597.826", - "elasticsearch.gc.old_gen.size_kb": "174784", - "elasticsearch.gc.old_gen.used_kb": "131804", - "elasticsearch.gc.phase.cpu_time.real_sec": "0.00", - "elasticsearch.gc.phase.cpu_time.sys_sec": "0.00", - "elasticsearch.gc.phase.cpu_time.user_sec": "0.01", - "elasticsearch.gc.phase.duration_sec": "0.0021716", - "elasticsearch.gc.phase.name": "CMS Initial Mark", - "fileset.module": "elasticsearch", - "fileset.name": "gc", - "input.type": "log", - "message": "2018-03-03T19:37:06.157+0500: 14597.826: [GC (CMS Initial Mark) [1 CMS-initial-mark: 131804K(174784K)] 142444K(253440K), 0.0021716 secs] [Times: user=0.01 sys=0.00, real=0.00 secs]", - "offset": 0, - "prospector.type": "log", + "@timestamp": "2018-03-03T14:37:06.157Z", + "elasticsearch.gc.heap.size_kb": "253440", + "elasticsearch.gc.heap.used_kb": "142444", + "elasticsearch.gc.jvm_runtime_sec": "14597.826", + "elasticsearch.gc.old_gen.size_kb": "174784", + "elasticsearch.gc.old_gen.used_kb": "131804", + "elasticsearch.gc.phase.cpu_time.real_sec": "0.00", + "elasticsearch.gc.phase.cpu_time.sys_sec": "0.00", + "elasticsearch.gc.phase.cpu_time.user_sec": "0.01", + "elasticsearch.gc.phase.duration_sec": "0.0021716", + "elasticsearch.gc.phase.name": "CMS Initial Mark", + "fileset.module": "elasticsearch", + "fileset.name": "gc", + "input.type": "log", + "message": "2018-03-03T19:37:06.157+0500: 14597.826: [GC (CMS Initial Mark) [1 CMS-initial-mark: 131804K(174784K)] 142444K(253440K), 0.0021716 secs] [Times: user=0.01 sys=0.00, real=0.00 secs]", + "offset": 0, "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-11T01:53:11.382Z", - "elasticsearch.gc.jvm_runtime_sec": "1396138.752", - "elasticsearch.gc.stopping_threads_time_sec": "0.0000702", - "elasticsearch.gc.threads_total_stop_time_sec": "0.0083760", - "fileset.module": "elasticsearch", - "fileset.name": "gc", - "input.type": "log", - "message": "2018-06-11T01:53:11.382+0000: 1396138.752: Total time for which application threads were stopped: 0.0083760 seconds, Stopping threads took: 0.0000702 seconds", - "offset": 181, - "prospector.type": "log", + "@timestamp": "2018-06-11T01:53:11.382Z", + "elasticsearch.gc.jvm_runtime_sec": "1396138.752", + "elasticsearch.gc.stopping_threads_time_sec": "0.0000702", + "elasticsearch.gc.threads_total_stop_time_sec": "0.0083760", + "fileset.module": "elasticsearch", + "fileset.name": "gc", + "input.type": "log", + "message": "2018-06-11T01:53:11.382+0000: 1396138.752: Total time for which application threads were stopped: 0.0083760 seconds, Stopping threads took: 0.0000702 seconds", + "offset": 181, "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-30T11:35:26.632Z", - "elasticsearch.gc.heap.size_kb": "506816", - "elasticsearch.gc.heap.used_kb": "391020", - "elasticsearch.gc.jvm_runtime_sec": "224.671", - "elasticsearch.gc.old_gen.size_kb": "349568", - "elasticsearch.gc.old_gen.used_kb": "277821", - "elasticsearch.gc.phase.class_unload_time_sec": "0.0188407", - "elasticsearch.gc.phase.cpu_time.real_sec": "0.04", - "elasticsearch.gc.phase.cpu_time.sys_sec": "0.00", - "elasticsearch.gc.phase.cpu_time.user_sec": "0.12", - "elasticsearch.gc.phase.duration_sec": "0.0457689", - "elasticsearch.gc.phase.name": "CMS Final Remark", - "elasticsearch.gc.phase.parallel_rescan_time_sec": "0.0148273", - "elasticsearch.gc.phase.scrub_string_table_time_sec": "0.0005253", - "elasticsearch.gc.phase.scrub_symbol_table_time_sec": "0.0100207", - "elasticsearch.gc.phase.weak_refs_processing_time_sec": "0.0003647", - "elasticsearch.gc.young_gen.size_kb": "157248", - "elasticsearch.gc.young_gen.used_kb": "113198", - "fileset.module": "elasticsearch", - "fileset.name": "gc", - "input.type": "log", - "message": "2018-06-30T16:35:26.632+0500: 224.671: [GC (CMS Final Remark) [YG occupancy: 113198 K (157248 K)]224.671: [Rescan (parallel) , 0.0148273 secs]224.686: [weak refs processing, 0.0003647 secs]224.687: [class unloading, 0.0188407 secs]224.705: [scrub symbol table, 0.0100207 secs]224.715: [scrub string table, 0.0005253 secs][1 CMS-remark: 277821K(349568K)] 391020K(506816K), 0.0457689 secs] [Times: user=0.12 sys=0.00, real=0.04 secs]", - "offset": 339, - "prospector.type": "log", + "@timestamp": "2018-06-30T11:35:26.632Z", + "elasticsearch.gc.heap.size_kb": "506816", + "elasticsearch.gc.heap.used_kb": "391020", + "elasticsearch.gc.jvm_runtime_sec": "224.671", + "elasticsearch.gc.old_gen.size_kb": "349568", + "elasticsearch.gc.old_gen.used_kb": "277821", + "elasticsearch.gc.phase.class_unload_time_sec": "0.0188407", + "elasticsearch.gc.phase.cpu_time.real_sec": "0.04", + "elasticsearch.gc.phase.cpu_time.sys_sec": "0.00", + "elasticsearch.gc.phase.cpu_time.user_sec": "0.12", + "elasticsearch.gc.phase.duration_sec": "0.0457689", + "elasticsearch.gc.phase.name": "CMS Final Remark", + "elasticsearch.gc.phase.parallel_rescan_time_sec": "0.0148273", + "elasticsearch.gc.phase.scrub_string_table_time_sec": "0.0005253", + "elasticsearch.gc.phase.scrub_symbol_table_time_sec": "0.0100207", + "elasticsearch.gc.phase.weak_refs_processing_time_sec": "0.0003647", + "elasticsearch.gc.young_gen.size_kb": "157248", + "elasticsearch.gc.young_gen.used_kb": "113198", + "fileset.module": "elasticsearch", + "fileset.name": "gc", + "input.type": "log", + "message": "2018-06-30T16:35:26.632+0500: 224.671: [GC (CMS Final Remark) [YG occupancy: 113198 K (157248 K)]224.671: [Rescan (parallel) , 0.0148273 secs]224.686: [weak refs processing, 0.0003647 secs]224.687: [class unloading, 0.0188407 secs]224.705: [scrub symbol table, 0.0100207 secs]224.715: [scrub string table, 0.0005253 secs][1 CMS-remark: 277821K(349568K)] 391020K(506816K), 0.0457689 secs] [Times: user=0.12 sys=0.00, real=0.04 secs]", + "offset": 339, "service.name": "elasticsearch" } -] \ No newline at end of file +] diff --git a/filebeat/module/elasticsearch/server/manifest.yml b/filebeat/module/elasticsearch/server/manifest.yml index 23c6cec8b1b0..7c15fd828647 100644 --- a/filebeat/module/elasticsearch/server/manifest.yml +++ b/filebeat/module/elasticsearch/server/manifest.yml @@ -8,4 +8,4 @@ var: os.windows: [] ingest_pipeline: ingest/pipeline.json -prospector: config/log.yml +input: config/log.yml diff --git a/filebeat/module/elasticsearch/server/test/test.log-expected.json b/filebeat/module/elasticsearch/server/test/test.log-expected.json index f53a28cf9fb4..b5a82677e2fa 100644 --- a/filebeat/module/elasticsearch/server/test/test.log-expected.json +++ b/filebeat/module/elasticsearch/server/test/test.log-expected.json @@ -1,270 +1,251 @@ [ { - "@timestamp": "2018-05-17T08:29:12,177", - "elasticsearch.index.name": "test-filebeat-modules", - "elasticsearch.node.name": "vWNJsZ3", - "elasticsearch.server.component": "o.e.c.m.MetaDataCreateIndexService", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", - "log.level": "INFO", - "message": "creating index, cause [auto(bulk api)], templates [test-filebeat-modules], shards [5]/[1], mappings [doc]", - "offset": 0, - "prospector.type": "log", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-05-17T08:19:35,939", - "elasticsearch.node.name": "", - "elasticsearch.server.component": "o.e.n.Node", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", - "log.level": "INFO", - "message": "initializing ...", - "offset": 209, - "prospector.type": "log", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-05-17T08:19:36,089", - "elasticsearch.node.name": "vWNJsZ3", - "elasticsearch.server.component": "o.e.e.NodeEnvironment", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", - "log.level": "INFO", - "message": "using [1] data paths, mounts [[/ (/dev/disk1s1)]], net usable_space [32.4gb], net total_space [233.5gb], types [apfs]", - "offset": 289, - "prospector.type": "log", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-05-17T08:19:36,090", - "elasticsearch.node.name": "vWNJsZ3", - "elasticsearch.server.component": "o.e.e.NodeEnvironment", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", - "log.level": "INFO", - "message": "heap size [990.7mb], compressed ordinary object pointers [true]", - "offset": 477, - "prospector.type": "log", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-05-17T08:19:36,116", - "elasticsearch.server.component": "o.e.n.Node", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", - "log.level": "INFO", - "message": "node name [vWNJsZ3] derived from node ID [vWNJsZ3nTIKh5a1ai-ftYQ]; set [node.name] to override", - "offset": 611, - "prospector.type": "log", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-05-17T08:23:48,941", - "elasticsearch.node.name": "vWNJsZ3", - "elasticsearch.server.component": "o.e.c.r.a.DiskThresholdMonitor", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", - "log.level": "INFO", - "message": "low disk watermark [85%] exceeded on [vWNJsZ3nTIKh5a1ai-ftYQ][vWNJsZ3][/Users/ruflin/Downloads/elasticsearch-6.2.4/data/nodes/0] free: 33.4gb[14.3%], replicas will not be assigned to this node", - "offset": 766, - "prospector.type": "log", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-05-17T08:29:09,245", - "elasticsearch.index.name": "filebeat-test-input", - "elasticsearch.node.name": "vWNJsZ3", - "elasticsearch.server.component": "o.e.c.m.MetaDataCreateIndexService", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", - "log.level": "INFO", - "message": "creating index, cause [auto(bulk api)], templates [filebeat-test-input], shards [5]/[1], mappings [doc]", - "offset": 1034, - "prospector.type": "log", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-05-17T08:29:09,576", - "elasticsearch.index.id": "aOGgDwbURfCV57AScqbCgw", - "elasticsearch.index.name": "filebeat-test-input", - "elasticsearch.node.name": "vWNJsZ3", - "elasticsearch.server.component": "o.e.c.m.MetaDataMappingService", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", - "log.level": "INFO", - "message": "update_mapping [doc]", - "offset": 1239, - "prospector.type": "log", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-07-09T12:47:33,959", - "elasticsearch.index.id": "3tWftqb4RLKdyCAga9syGA", - "elasticsearch.index.name": ".kibana", - "elasticsearch.node.name": "QGY1F5P", - "elasticsearch.server.component": "o.e.c.m.MetaDataMappingService", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", - "log.level": "INFO", - "message": "update_mapping [doc]", - "offset": 1380, - "prospector.type": "log", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-05-17T08:29:25,598", - "elasticsearch.node.name": "vWNJsZ3", - "elasticsearch.server.component": "o.e.n.Node", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", - "log.level": "INFO", - "message": "closing ...", - "offset": 1509, - "prospector.type": "log", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-05-17T08:29:25,612", - "elasticsearch.node.name": "vWNJsZ3", - "elasticsearch.server.component": "o.e.n.Node", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", - "log.level": "INFO", - "message": "closed", - "offset": 1591, - "prospector.type": "log", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-07-03T11:45:48,548", - "elasticsearch.node.name": "srvmulpvlsk252_md", - "elasticsearch.server.component": "o.e.d.z.ZenDiscovery", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", - "log.level": "INFO", - "message": "master_left [{srvmulpvlsk250_md}{igrwSoPGSJ6u_5b8k26tgQ}{PuRqciBFRbiQvL2_lS7LrQ}{srvmulpvlsk250.loganalytics.santanderuk.corp}{180.39.9.91:9300}{ml.max_open_jobs=10, ml.enabled=true}], reason [failed to ping, tried [3] times, each with maximum [30s] timeout]", - "offset": 1668, - "prospector.type": "log", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-07-03T11:45:48,548", - "elasticsearch.node.name": "srvmulpvlsk252_md", - "elasticsearch.server.component": "o.e.d.z.ZenDiscovery", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", + "@timestamp": "2018-05-17T08:29:12,177", + "elasticsearch.index.name": "test-filebeat-modules", + "elasticsearch.node.name": "vWNJsZ3", + "elasticsearch.server.component": "o.e.c.m.MetaDataCreateIndexService", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", + "log.level": "INFO", + "message": "creating index, cause [auto(bulk api)], templates [test-filebeat-modules], shards [5]/[1], mappings [doc]", + "offset": 0, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-05-17T08:19:35,939", + "elasticsearch.node.name": "", + "elasticsearch.server.component": "o.e.n.Node", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", + "log.level": "INFO", + "message": "initializing ...", + "offset": 209, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-05-17T08:19:36,089", + "elasticsearch.node.name": "vWNJsZ3", + "elasticsearch.server.component": "o.e.e.NodeEnvironment", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", + "log.level": "INFO", + "message": "using [1] data paths, mounts [[/ (/dev/disk1s1)]], net usable_space [32.4gb], net total_space [233.5gb], types [apfs]", + "offset": 289, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-05-17T08:19:36,090", + "elasticsearch.node.name": "vWNJsZ3", + "elasticsearch.server.component": "o.e.e.NodeEnvironment", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", + "log.level": "INFO", + "message": "heap size [990.7mb], compressed ordinary object pointers [true]", + "offset": 477, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-05-17T08:19:36,116", + "elasticsearch.server.component": "o.e.n.Node", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", + "log.level": "INFO", + "message": "node name [vWNJsZ3] derived from node ID [vWNJsZ3nTIKh5a1ai-ftYQ]; set [node.name] to override", + "offset": 611, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-05-17T08:23:48,941", + "elasticsearch.node.name": "vWNJsZ3", + "elasticsearch.server.component": "o.e.c.r.a.DiskThresholdMonitor", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", + "log.level": "INFO", + "message": "low disk watermark [85%] exceeded on [vWNJsZ3nTIKh5a1ai-ftYQ][vWNJsZ3][/Users/ruflin/Downloads/elasticsearch-6.2.4/data/nodes/0] free: 33.4gb[14.3%], replicas will not be assigned to this node", + "offset": 766, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-05-17T08:29:09,245", + "elasticsearch.index.name": "filebeat-test-input", + "elasticsearch.node.name": "vWNJsZ3", + "elasticsearch.server.component": "o.e.c.m.MetaDataCreateIndexService", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", + "log.level": "INFO", + "message": "creating index, cause [auto(bulk api)], templates [filebeat-test-input], shards [5]/[1], mappings [doc]", + "offset": 1034, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-05-17T08:29:09,576", + "elasticsearch.index.id": "aOGgDwbURfCV57AScqbCgw", + "elasticsearch.index.name": "filebeat-test-input", + "elasticsearch.node.name": "vWNJsZ3", + "elasticsearch.server.component": "o.e.c.m.MetaDataMappingService", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", + "log.level": "INFO", + "message": "update_mapping [doc]", + "offset": 1239, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-07-09T12:47:33,959", + "elasticsearch.index.id": "3tWftqb4RLKdyCAga9syGA", + "elasticsearch.index.name": ".kibana", + "elasticsearch.node.name": "QGY1F5P", + "elasticsearch.server.component": "o.e.c.m.MetaDataMappingService", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", + "log.level": "INFO", + "message": "update_mapping [doc]", + "offset": 1380, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-05-17T08:29:25,598", + "elasticsearch.node.name": "vWNJsZ3", + "elasticsearch.server.component": "o.e.n.Node", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", + "log.level": "INFO", + "message": "closing ...", + "offset": 1509, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-05-17T08:29:25,612", + "elasticsearch.node.name": "vWNJsZ3", + "elasticsearch.server.component": "o.e.n.Node", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", + "log.level": "INFO", + "message": "closed", + "offset": 1591, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-07-03T11:45:48,548", + "elasticsearch.node.name": "srvmulpvlsk252_md", + "elasticsearch.server.component": "o.e.d.z.ZenDiscovery", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", + "log.level": "INFO", + "message": "master_left [{srvmulpvlsk250_md}{igrwSoPGSJ6u_5b8k26tgQ}{PuRqciBFRbiQvL2_lS7LrQ}{srvmulpvlsk250.loganalytics.santanderuk.corp}{180.39.9.91:9300}{ml.max_open_jobs=10, ml.enabled=true}], reason [failed to ping, tried [3] times, each with maximum [30s] timeout]", + "offset": 1668, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-07-03T11:45:48,548", + "elasticsearch.node.name": "srvmulpvlsk252_md", + "elasticsearch.server.component": "o.e.d.z.ZenDiscovery", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", "log.flags": [ "multiline" - ], - "log.level": "WARN", - "message": "master left (reason = failed to ping, tried [3] times, each with maximum [30s] timeout), current nodes: nodes:\n {srvmulpvlsk252_md}{uc5xdiQgRhaBIY-sszgjvQ}{X9pC0t1UQQix_NNOM0J6JQ}{srvmulpvlsk252.loganalytics.santanderuk.corp}{180.39.9.93:9300}{ml.max_open_jobs=10, ml.enabled=true}, local\n {srvmulpvlsk258_md}{HgW6EDn5QCmWVmICy4saHw}{o8zku7OJR4CTp0IjY8Ag4Q}{srvmulpvlsk258.loganalytics.santanderuk.corp}{180.39.9.99:9300}{ml.max_open_jobs=10, ml.enabled=true}\n {srvmulpvlsk250_md}{igrwSoPGSJ6u_5b8k26tgQ}{PuRqciBFRbiQvL2_lS7LrQ}{srvmulpvlsk250.loganalytics.santanderuk.corp}{180.39.9.91:9300}{ml.max_open_jobs=10, ml.enabled=true}, master\n {srvmulpvlsk254_id}{wZYeAh2URc2NwBIHZolLWQ}{3nduupo-TzSPaXjQaNu4Sg}{srvmulpvlsk254.loganalytics.santanderuk.corp}{180.39.9.95:9300}{ml.max_open_jobs=10, ml.enabled=true}", - "offset": 2008, - "prospector.type": "log", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-07-03T11:45:52,666", - "elasticsearch.server.component": "r.suppressed", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", + ], + "log.level": "WARN", + "message": "master left (reason = failed to ping, tried [3] times, each with maximum [30s] timeout), current nodes: nodes:\n {srvmulpvlsk252_md}{uc5xdiQgRhaBIY-sszgjvQ}{X9pC0t1UQQix_NNOM0J6JQ}{srvmulpvlsk252.loganalytics.santanderuk.corp}{180.39.9.93:9300}{ml.max_open_jobs=10, ml.enabled=true}, local\n {srvmulpvlsk258_md}{HgW6EDn5QCmWVmICy4saHw}{o8zku7OJR4CTp0IjY8Ag4Q}{srvmulpvlsk258.loganalytics.santanderuk.corp}{180.39.9.99:9300}{ml.max_open_jobs=10, ml.enabled=true}\n {srvmulpvlsk250_md}{igrwSoPGSJ6u_5b8k26tgQ}{PuRqciBFRbiQvL2_lS7LrQ}{srvmulpvlsk250.loganalytics.santanderuk.corp}{180.39.9.91:9300}{ml.max_open_jobs=10, ml.enabled=true}, master\n {srvmulpvlsk254_id}{wZYeAh2URc2NwBIHZolLWQ}{3nduupo-TzSPaXjQaNu4Sg}{srvmulpvlsk254.loganalytics.santanderuk.corp}{180.39.9.95:9300}{ml.max_open_jobs=10, ml.enabled=true}", + "offset": 2008, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-07-03T11:45:52,666", + "elasticsearch.server.component": "r.suppressed", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", "log.flags": [ "multiline" - ], - "log.level": "WARN", - "message": "path: /_xpack/monitoring/_bulk, params: {system_id=logstash, system_api_version=2, interval=1s}\norg.elasticsearch.cluster.block.ClusterBlockException: blocked by: [SERVICE_UNAVAILABLE/2/no master];\n at org.elasticsearch.cluster.block.ClusterBlocks.globalBlockedException(ClusterBlocks.java:165) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.cluster.block.ClusterBlocks.globalBlockedRaiseException(ClusterBlocks.java:151) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.monitoring.action.TransportMonitoringBulkAction.doExecute(TransportMonitoringBulkAction.java:57) ~[?:?]\n at org.elasticsearch.xpack.monitoring.action.TransportMonitoringBulkAction.doExecute(TransportMonitoringBulkAction.java:40) ~[?:?]\n at org.elasticsearch.action.support.TransportAction.doExecute(TransportAction.java:146) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:170) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$apply$1(SecurityActionFilter.java:133) ~[?:?]\n at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:59) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$authorizeRequest$4(SecurityActionFilter.java:208) ~[?:?]\n at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.maybeRun(AuthorizationUtils.java:127) ~[?:?]\n at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.setRunAsRoles(AuthorizationUtils.java:121) ~[?:?]\n at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.authorize(AuthorizationUtils.java:109) ~[?:?]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.authorizeRequest(SecurityActionFilter.java:210) ~[?:?]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$applyInternal$3(SecurityActionFilter.java:186) ~[?:?]\n at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:59) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$authenticateAsync$2(AuthenticationService.java:212) ~[?:?]\n at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$lookForExistingAuthentication$4(AuthenticationService.java:246) ~[?:?]\n at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lookForExistingAuthentication(AuthenticationService.java:257) ~[?:?]\n at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.authenticateAsync(AuthenticationService.java:210) ~[?:?]\n at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.access$000(AuthenticationService.java:159) ~[?:?]\n at org.elasticsearch.xpack.security.authc.AuthenticationService.authenticate(AuthenticationService.java:122) ~[?:?]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.applyInternal(SecurityActionFilter.java:185) ~[?:?]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.apply(SecurityActionFilter.java:145) ~[?:?]\n at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:168) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:142) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:84) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.node.NodeClient.executeLocally(NodeClient.java:83) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.node.NodeClient.doExecute(NodeClient.java:72) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:408) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.ActionRequestBuilder.execute(ActionRequestBuilder.java:80) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.monitoring.rest.action.RestMonitoringBulkAction.lambda$doPrepareRequest$0(RestMonitoringBulkAction.java:77) ~[?:?]\n at org.elasticsearch.rest.BaseRestHandler.handleReques", - "offset": 2907, - "prospector.type": "log", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-07-03T11:48:02,552", - "elasticsearch.server.component": "r.suppressed", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", + ], + "log.level": "WARN", + "message": "path: /_xpack/monitoring/_bulk, params: {system_id=logstash, system_api_version=2, interval=1s}\norg.elasticsearch.cluster.block.ClusterBlockException: blocked by: [SERVICE_UNAVAILABLE/2/no master];\n at org.elasticsearch.cluster.block.ClusterBlocks.globalBlockedException(ClusterBlocks.java:165) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.cluster.block.ClusterBlocks.globalBlockedRaiseException(ClusterBlocks.java:151) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.monitoring.action.TransportMonitoringBulkAction.doExecute(TransportMonitoringBulkAction.java:57) ~[?:?]\n at org.elasticsearch.xpack.monitoring.action.TransportMonitoringBulkAction.doExecute(TransportMonitoringBulkAction.java:40) ~[?:?]\n at org.elasticsearch.action.support.TransportAction.doExecute(TransportAction.java:146) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:170) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$apply$1(SecurityActionFilter.java:133) ~[?:?]\n at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:59) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$authorizeRequest$4(SecurityActionFilter.java:208) ~[?:?]\n at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.maybeRun(AuthorizationUtils.java:127) ~[?:?]\n at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.setRunAsRoles(AuthorizationUtils.java:121) ~[?:?]\n at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.authorize(AuthorizationUtils.java:109) ~[?:?]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.authorizeRequest(SecurityActionFilter.java:210) ~[?:?]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$applyInternal$3(SecurityActionFilter.java:186) ~[?:?]\n at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:59) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$authenticateAsync$2(AuthenticationService.java:212) ~[?:?]\n at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$lookForExistingAuthentication$4(AuthenticationService.java:246) ~[?:?]\n at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lookForExistingAuthentication(AuthenticationService.java:257) ~[?:?]\n at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.authenticateAsync(AuthenticationService.java:210) ~[?:?]\n at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.access$000(AuthenticationService.java:159) ~[?:?]\n at org.elasticsearch.xpack.security.authc.AuthenticationService.authenticate(AuthenticationService.java:122) ~[?:?]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.applyInternal(SecurityActionFilter.java:185) ~[?:?]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.apply(SecurityActionFilter.java:145) ~[?:?]\n at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:168) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:142) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:84) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.node.NodeClient.executeLocally(NodeClient.java:83) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.node.NodeClient.doExecute(NodeClient.java:72) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:408) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.ActionRequestBuilder.execute(ActionRequestBuilder.java:80) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.monitoring.rest.action.RestMonitoringBulkAction.lambda$doPrepareRequest$0(RestMonitoringBulkAction.java:77) ~[?:?]\n at org.elasticsearch.rest.BaseRestHandler.handleReques", + "offset": 2907, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-07-03T11:48:02,552", + "elasticsearch.server.component": "r.suppressed", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", "log.flags": [ "multiline" - ], - "log.level": "WARN", - "message": "path: /_xpack/license, params: {}\norg.elasticsearch.discovery.MasterNotDiscoveredException: NodeDisconnectedException[[srvmulpvlsk250_md][180.39.9.91:9300][cluster:monitor/xpack/license/get] disconnected]\n at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction$4.onTimeout(TransportMasterNodeAction.java:209) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.cluster.ClusterStateObserver$ContextPreservingListener.onTimeout(ClusterStateObserver.java:311) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.cluster.ClusterStateObserver.waitForNextChange(ClusterStateObserver.java:139) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.cluster.ClusterStateObserver.waitForNextChange(ClusterStateObserver.java:111) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction.retry(TransportMasterNodeAction.java:194) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction.access$500(TransportMasterNodeAction.java:107) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction$3.handleException(TransportMasterNodeAction.java:183) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.transport.TransportService$ContextRestoreResponseHandler.handleException(TransportService.java:1067) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.transport.TransportService$ContextRestoreResponseHandler.handleException(TransportService.java:1067) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.transport.TransportService$Adapter.lambda$onConnectionClosed$6(TransportService.java:893) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:569) [elasticsearch-5.6.3.jar:5.6.3]\n at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_161]\n at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_161]\n at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]\nCaused by: org.elasticsearch.transport.NodeDisconnectedException: [srvmulpvlsk250_md][180.39.9.91:9300][cluster:monitor/xpack/license/get] disconnected", - "offset": 7412, - "prospector.type": "log", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-07-03T11:45:27,896", - "elasticsearch.node.name": "srvmulpvlsk252_md", - "elasticsearch.server.component": "o.e.m.j.JvmGcMonitorService", - "elasticsearch.server.gc.young.one": "3449979", - "elasticsearch.server.gc.young.two": "986594", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", + ], + "log.level": "WARN", + "message": "path: /_xpack/license, params: {}\norg.elasticsearch.discovery.MasterNotDiscoveredException: NodeDisconnectedException[[srvmulpvlsk250_md][180.39.9.91:9300][cluster:monitor/xpack/license/get] disconnected]\n at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction$4.onTimeout(TransportMasterNodeAction.java:209) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.cluster.ClusterStateObserver$ContextPreservingListener.onTimeout(ClusterStateObserver.java:311) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.cluster.ClusterStateObserver.waitForNextChange(ClusterStateObserver.java:139) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.cluster.ClusterStateObserver.waitForNextChange(ClusterStateObserver.java:111) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction.retry(TransportMasterNodeAction.java:194) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction.access$500(TransportMasterNodeAction.java:107) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction$3.handleException(TransportMasterNodeAction.java:183) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.transport.TransportService$ContextRestoreResponseHandler.handleException(TransportService.java:1067) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.transport.TransportService$ContextRestoreResponseHandler.handleException(TransportService.java:1067) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.transport.TransportService$Adapter.lambda$onConnectionClosed$6(TransportService.java:893) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:569) [elasticsearch-5.6.3.jar:5.6.3]\n at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_161]\n at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_161]\n at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]\nCaused by: org.elasticsearch.transport.NodeDisconnectedException: [srvmulpvlsk250_md][180.39.9.91:9300][cluster:monitor/xpack/license/get] disconnected", + "offset": 7412, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-07-03T11:45:27,896", + "elasticsearch.node.name": "srvmulpvlsk252_md", + "elasticsearch.server.component": "o.e.m.j.JvmGcMonitorService", + "elasticsearch.server.gc.young.one": "3449979", + "elasticsearch.server.gc.young.two": "986594", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", "log.flags": [ "multiline" - ], - "log.level": "WARN", - "message": "duration [3.8s], collections [1]/[4.3s], total [3.8s]/[8.8h], memory [16.5gb]->[15.7gb]/[30.8gb], all_po\nols {[young] [1.2gb]->[24mb]/[1.4gb]}{[survivor] [191.3mb]->[191.3mb]/[191.3mb]}{[old] [15.1gb]->[15.5gb]/[29.1gb]}", - "offset": 9873, - "prospector.type": "log", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-07-03T11:45:45,604", - "elasticsearch.node.name": "srvmulpvlsk252_md", - "elasticsearch.server.component": "o.e.m.j.JvmGcMonitorService", - "elasticsearch.server.gc_overhead": "3449992", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", - "log.level": "WARN", - "message": "overhead, spent [1.6s] collecting in the last [1.8s]", - "offset": 10205, - "prospector.type": "log", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-07-03T11:48:02,541", - "elasticsearch.node.name": "srvmulpvlsk252_md", - "elasticsearch.server.component": "o.e.a.b.TransportShardBulkAction", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", - "log.level": "WARN", - "message": "[[pro_neocrmbigdata_paas-2018-27][0]] failed to perform indices:data/write/bulk[s] on replica [pro_neocrmbigdata_paas-2018-27][0], node[igrwSoPGSJ6u_5b8k26tgQ], [R], s[STARTED], a[id=DKK34YLHRMmJMkWg8jQH6w]", - "offset": 10354, - "prospector.type": "log", - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-07-03T20:10:07,376", - "elasticsearch.node.name": "srvmulpvlsk252_md", - "elasticsearch.server.component": "o.e.x.m.MonitoringService", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", + ], + "log.level": "WARN", + "message": "duration [3.8s], collections [1]/[4.3s], total [3.8s]/[8.8h], memory [16.5gb]->[15.7gb]/[30.8gb], all_po\nols {[young] [1.2gb]->[24mb]/[1.4gb]}{[survivor] [191.3mb]->[191.3mb]/[191.3mb]}{[old] [15.1gb]->[15.5gb]/[29.1gb]}", + "offset": 9873, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-07-03T11:45:45,604", + "elasticsearch.node.name": "srvmulpvlsk252_md", + "elasticsearch.server.component": "o.e.m.j.JvmGcMonitorService", + "elasticsearch.server.gc_overhead": "3449992", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", + "log.level": "WARN", + "message": "overhead, spent [1.6s] collecting in the last [1.8s]", + "offset": 10205, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-07-03T11:48:02,541", + "elasticsearch.node.name": "srvmulpvlsk252_md", + "elasticsearch.server.component": "o.e.a.b.TransportShardBulkAction", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", + "log.level": "WARN", + "message": "[[pro_neocrmbigdata_paas-2018-27][0]] failed to perform indices:data/write/bulk[s] on replica [pro_neocrmbigdata_paas-2018-27][0], node[igrwSoPGSJ6u_5b8k26tgQ], [R], s[STARTED], a[id=DKK34YLHRMmJMkWg8jQH6w]", + "offset": 10354, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-07-03T20:10:07,376", + "elasticsearch.node.name": "srvmulpvlsk252_md", + "elasticsearch.server.component": "o.e.x.m.MonitoringService", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", "log.flags": [ "multiline" - ], - "log.level": "WARN", - "message": "monitoring execution failed\norg.elasticsearch.xpack.monitoring.exporter.ExportException: Exception when closing export bulk\n at org.elasticsearch.xpack.monitoring.exporter.ExportBulk$1$1.(ExportBulk.java:106) ~[?:?]\n at org.elasticsearch.xpack.monitoring.exporter.ExportBulk$1.onFailure(ExportBulk.java:104) ~[?:?]\n at org.elasticsearch.xpack.monitoring.exporter.ExportBulk$Compound$1.onResponse(ExportBulk.java:217) ~[?:?]\n at org.elasticsearch.xpack.monitoring.exporter.ExportBulk$Compound$1.onResponse(ExportBulk.java:211) ~[?:?]\n at org.elasticsearch.xpack.common.IteratingActionListener.onResponse(IteratingActionListener.java:108) ~[?:?]\n at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:59) [elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.monitoring.exporter.http.HttpExportBulk$1.onSuccess(HttpExportBulk.java:115) [x-pack-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.RestClient$FailureTrackingResponseListener.onSuccess(RestClient.java:597) [elasticsearch-rest-client-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.RestClient$1.completed(RestClient.java:352) [elasticsearch-rest-client-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.RestClient$1.completed(RestClient.java:343) [elasticsearch-rest-client-5.6.3.jar:5.6.3]\n at org.apache.http.concurrent.BasicFuture.completed(BasicFuture.java:119) [httpcore-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.client.DefaultClientExchangeHandlerImpl.responseCompleted(DefaultClientExchangeHandlerImpl.java:177) [httpasyncclient-4.1.2.jar:4.1.2]\n at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.processResponse(HttpAsyncRequestExecutor.java:436) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.inputReady(HttpAsyncRequestExecutor.java:326) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.DefaultNHttpClientConnection.consumeInput(DefaultNHttpClientConnection.java:265) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:81) [httpasyncclient-4.1.2.jar:4.1.2]\n at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:39) [httpasyncclient-4.1.2.jar:4.1.2]\n at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:114) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:588) [httpcore-nio-4.4.5.jar:4.4.5]\n at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]\n", - "offset": 10648, - "prospector.type": "log", + ], + "log.level": "WARN", + "message": "monitoring execution failed\norg.elasticsearch.xpack.monitoring.exporter.ExportException: Exception when closing export bulk\n at org.elasticsearch.xpack.monitoring.exporter.ExportBulk$1$1.(ExportBulk.java:106) ~[?:?]\n at org.elasticsearch.xpack.monitoring.exporter.ExportBulk$1.onFailure(ExportBulk.java:104) ~[?:?]\n at org.elasticsearch.xpack.monitoring.exporter.ExportBulk$Compound$1.onResponse(ExportBulk.java:217) ~[?:?]\n at org.elasticsearch.xpack.monitoring.exporter.ExportBulk$Compound$1.onResponse(ExportBulk.java:211) ~[?:?]\n at org.elasticsearch.xpack.common.IteratingActionListener.onResponse(IteratingActionListener.java:108) ~[?:?]\n at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:59) [elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.monitoring.exporter.http.HttpExportBulk$1.onSuccess(HttpExportBulk.java:115) [x-pack-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.RestClient$FailureTrackingResponseListener.onSuccess(RestClient.java:597) [elasticsearch-rest-client-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.RestClient$1.completed(RestClient.java:352) [elasticsearch-rest-client-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.RestClient$1.completed(RestClient.java:343) [elasticsearch-rest-client-5.6.3.jar:5.6.3]\n at org.apache.http.concurrent.BasicFuture.completed(BasicFuture.java:119) [httpcore-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.client.DefaultClientExchangeHandlerImpl.responseCompleted(DefaultClientExchangeHandlerImpl.java:177) [httpasyncclient-4.1.2.jar:4.1.2]\n at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.processResponse(HttpAsyncRequestExecutor.java:436) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.inputReady(HttpAsyncRequestExecutor.java:326) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.DefaultNHttpClientConnection.consumeInput(DefaultNHttpClientConnection.java:265) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:81) [httpasyncclient-4.1.2.jar:4.1.2]\n at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:39) [httpasyncclient-4.1.2.jar:4.1.2]\n at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:114) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:588) [httpcore-nio-4.4.5.jar:4.4.5]\n at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]\n", + "offset": 10648, "service.name": "elasticsearch" } -] \ No newline at end of file +] diff --git a/filebeat/module/elasticsearch/slowlog/test/test.log-expected.json b/filebeat/module/elasticsearch/slowlog/test/test.log-expected.json index c2a6ba286342..359197ab2faa 100644 --- a/filebeat/module/elasticsearch/slowlog/test/test.log-expected.json +++ b/filebeat/module/elasticsearch/slowlog/test/test.log-expected.json @@ -1,139 +1,133 @@ [ { - "@timestamp": "2018-06-29T10:06:14,933", - "elasticsearch.index.name": "metricbeat-6.3.0-2018.06.26", - "elasticsearch.node.name": "v_VJhjV", - "elasticsearch.shard.id": "0", - "elasticsearch.slowlog.logger": "index.search.slowlog.query", - "elasticsearch.slowlog.search_type": "QUERY_THEN_FETCH", - "elasticsearch.slowlog.source_query": "{\"query\":{\"match_all\":{\"boost\":1.0}}}", - "elasticsearch.slowlog.stats": "", - "elasticsearch.slowlog.took": "4.5ms", - "elasticsearch.slowlog.took_millis": 4, - "elasticsearch.slowlog.total_hits": 19435, - "elasticsearch.slowlog.total_shards": 1, - "elasticsearch.slowlog.types": "", - "fileset.module": "elasticsearch", - "fileset.name": "slowlog", - "input.type": "log", - "log.level": "INFO", - "message": "[2018-06-29T10:06:14,933][INFO ][index.search.slowlog.query] [v_VJhjV] [metricbeat-6.3.0-2018.06.26][0] took[4.5ms], took_millis[4], total_hits[19435], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[1], source[{\"query\":{\"match_all\":{\"boost\":1.0}}}],", - "offset": 0, - "prospector.type": "log", + "@timestamp": "2018-06-29T10:06:14,933", + "elasticsearch.index.name": "metricbeat-6.3.0-2018.06.26", + "elasticsearch.node.name": "v_VJhjV", + "elasticsearch.shard.id": "0", + "elasticsearch.slowlog.logger": "index.search.slowlog.query", + "elasticsearch.slowlog.search_type": "QUERY_THEN_FETCH", + "elasticsearch.slowlog.source_query": "{\"query\":{\"match_all\":{\"boost\":1.0}}}", + "elasticsearch.slowlog.stats": "", + "elasticsearch.slowlog.took": "4.5ms", + "elasticsearch.slowlog.took_millis": 4, + "elasticsearch.slowlog.total_hits": 19435, + "elasticsearch.slowlog.total_shards": 1, + "elasticsearch.slowlog.types": "", + "fileset.module": "elasticsearch", + "fileset.name": "slowlog", + "input.type": "log", + "log.level": "INFO", + "message": "[2018-06-29T10:06:14,933][INFO ][index.search.slowlog.query] [v_VJhjV] [metricbeat-6.3.0-2018.06.26][0] took[4.5ms], took_millis[4], total_hits[19435], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[1], source[{\"query\":{\"match_all\":{\"boost\":1.0}}}],", + "offset": 0, "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-29T10:06:14,943", - "elasticsearch.index.name": "metricbeat-6.3.0-2018.06.26", - "elasticsearch.node.name": "v_VJhjV", - "elasticsearch.shard.id": "0", - "elasticsearch.slowlog.logger": "index.search.slowlog.fetch", - "elasticsearch.slowlog.search_type": "QUERY_THEN_FETCH", - "elasticsearch.slowlog.source_query": "{\"query\":{\"match_all\":{\"boost\":1.0}}}", - "elasticsearch.slowlog.stats": "", - "elasticsearch.slowlog.took": "10.8ms", - "elasticsearch.slowlog.took_millis": 10, - "elasticsearch.slowlog.total_hits": 19435, - "elasticsearch.slowlog.total_shards": 1, - "elasticsearch.slowlog.types": "", - "fileset.module": "elasticsearch", - "fileset.name": "slowlog", - "input.type": "log", - "log.level": "INFO", - "message": "[2018-06-29T10:06:14,943][INFO ][index.search.slowlog.fetch] [v_VJhjV] [metricbeat-6.3.0-2018.06.26][0] took[10.8ms], took_millis[10], total_hits[19435], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[1], source[{\"query\":{\"match_all\":{\"boost\":1.0}}}],", - "offset": 265, - "prospector.type": "log", + "@timestamp": "2018-06-29T10:06:14,943", + "elasticsearch.index.name": "metricbeat-6.3.0-2018.06.26", + "elasticsearch.node.name": "v_VJhjV", + "elasticsearch.shard.id": "0", + "elasticsearch.slowlog.logger": "index.search.slowlog.fetch", + "elasticsearch.slowlog.search_type": "QUERY_THEN_FETCH", + "elasticsearch.slowlog.source_query": "{\"query\":{\"match_all\":{\"boost\":1.0}}}", + "elasticsearch.slowlog.stats": "", + "elasticsearch.slowlog.took": "10.8ms", + "elasticsearch.slowlog.took_millis": 10, + "elasticsearch.slowlog.total_hits": 19435, + "elasticsearch.slowlog.total_shards": 1, + "elasticsearch.slowlog.types": "", + "fileset.module": "elasticsearch", + "fileset.name": "slowlog", + "input.type": "log", + "log.level": "INFO", + "message": "[2018-06-29T10:06:14,943][INFO ][index.search.slowlog.fetch] [v_VJhjV] [metricbeat-6.3.0-2018.06.26][0] took[10.8ms], took_millis[10], total_hits[19435], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[1], source[{\"query\":{\"match_all\":{\"boost\":1.0}}}],", + "offset": 265, "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-29T09:01:01,821", - "elasticsearch.index.name": "metricbeat-6.3.0-2018.06.26", - "elasticsearch.node.name": "v_VJhjV", - "elasticsearch.shard.id": "0", - "elasticsearch.slowlog.logger": "index.search.slowlog.query", - "elasticsearch.slowlog.search_type": "QUERY_THEN_FETCH", - "elasticsearch.slowlog.source_query": "{\"size\":500,\"query\":{\"match_none\":{\"boost\":1.0}},\"version\":true,\"_source\":{\"includes\":[],\"excludes\":[]},\"stored_fields\":\"*\",\"docvalue_fields\":[\"@timestamp\",\"ceph.monitor_health.last_updated\",\"docker.container.created\",\"docker.healthcheck.event.end_date\",\"docker.healthcheck.event.start_date\",\"docker.image.created\",\"kubernetes.container.start_time\",\"kubernetes.event.metadata.timestamp.created\",\"kubernetes.node.start_time\",\"kubernetes.pod.start_time\",\"kubernetes.system.start_time\",\"mongodb.status.background_flushing.last_finished\",\"mongodb.status.local_time\",\"php_fpm.pool.start_time\",\"postgresql.activity.backend_start\",\"postgresql.activity.query_start\",\"postgresql.activity.state_change\",\"postgresql.activity.transaction_start\",\"postgresql.bgwriter.stats_reset\",\"postgresql.database.stats_reset\",\"system.process.cpu.start_time\"],\"script_fields\":{},\"sort\":[{\"@timestamp\":{\"order\":\"desc\",\"unmapped_type\":\"boolean\"}}],\"aggregations\":{\"2\":{\"date_histogram\":{\"field\":\"@timestamp\",\"time_zone\":\"Europe/Berlin\",\"interval\":\"30s\",\"offset\":0,\"order\":{\"_key\":\"asc\"},\"keyed\":false,\"min_doc_count\":1}}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fragment_size\":2147483647,\"fields\":{\"*\":{}}}}", - "elasticsearch.slowlog.stats": "", - "elasticsearch.slowlog.took": "124.3ms", - "elasticsearch.slowlog.took_millis": 124, - "elasticsearch.slowlog.total_hits": 0, - "elasticsearch.slowlog.total_shards": 1, - "elasticsearch.slowlog.types": "", - "fileset.module": "elasticsearch", - "fileset.name": "slowlog", - "input.type": "log", - "log.level": "INFO", - "message": "[2018-06-29T09:01:01,821][INFO ][index.search.slowlog.query] [v_VJhjV] [metricbeat-6.3.0-2018.06.26][0] took[124.3ms], took_millis[124], total_hits[0], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[1], source[{\"size\":500,\"query\":{\"match_none\":{\"boost\":1.0}},\"version\":true,\"_source\":{\"includes\":[],\"excludes\":[]},\"stored_fields\":\"*\",\"docvalue_fields\":[\"@timestamp\",\"ceph.monitor_health.last_updated\",\"docker.container.created\",\"docker.healthcheck.event.end_date\",\"docker.healthcheck.event.start_date\",\"docker.image.created\",\"kubernetes.container.start_time\",\"kubernetes.event.metadata.timestamp.created\",\"kubernetes.node.start_time\",\"kubernetes.pod.start_time\",\"kubernetes.system.start_time\",\"mongodb.status.background_flushing.last_finished\",\"mongodb.status.local_time\",\"php_fpm.pool.start_time\",\"postgresql.activity.backend_start\",\"postgresql.activity.query_start\",\"postgresql.activity.state_change\",\"postgresql.activity.transaction_start\",\"postgresql.bgwriter.stats_reset\",\"postgresql.database.stats_reset\",\"system.process.cpu.start_time\"],\"script_fields\":{},\"sort\":[{\"@timestamp\":{\"order\":\"desc\",\"unmapped_type\":\"boolean\"}}],\"aggregations\":{\"2\":{\"date_histogram\":{\"field\":\"@timestamp\",\"time_zone\":\"Europe/Berlin\",\"interval\":\"30s\",\"offset\":0,\"order\":{\"_key\":\"asc\"},\"keyed\":false,\"min_doc_count\":1}}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fragment_size\":2147483647,\"fields\":{\"*\":{}}}}],", - "offset": 532, - "prospector.type": "log", + "@timestamp": "2018-06-29T09:01:01,821", + "elasticsearch.index.name": "metricbeat-6.3.0-2018.06.26", + "elasticsearch.node.name": "v_VJhjV", + "elasticsearch.shard.id": "0", + "elasticsearch.slowlog.logger": "index.search.slowlog.query", + "elasticsearch.slowlog.search_type": "QUERY_THEN_FETCH", + "elasticsearch.slowlog.source_query": "{\"size\":500,\"query\":{\"match_none\":{\"boost\":1.0}},\"version\":true,\"_source\":{\"includes\":[],\"excludes\":[]},\"stored_fields\":\"*\",\"docvalue_fields\":[\"@timestamp\",\"ceph.monitor_health.last_updated\",\"docker.container.created\",\"docker.healthcheck.event.end_date\",\"docker.healthcheck.event.start_date\",\"docker.image.created\",\"kubernetes.container.start_time\",\"kubernetes.event.metadata.timestamp.created\",\"kubernetes.node.start_time\",\"kubernetes.pod.start_time\",\"kubernetes.system.start_time\",\"mongodb.status.background_flushing.last_finished\",\"mongodb.status.local_time\",\"php_fpm.pool.start_time\",\"postgresql.activity.backend_start\",\"postgresql.activity.query_start\",\"postgresql.activity.state_change\",\"postgresql.activity.transaction_start\",\"postgresql.bgwriter.stats_reset\",\"postgresql.database.stats_reset\",\"system.process.cpu.start_time\"],\"script_fields\":{},\"sort\":[{\"@timestamp\":{\"order\":\"desc\",\"unmapped_type\":\"boolean\"}}],\"aggregations\":{\"2\":{\"date_histogram\":{\"field\":\"@timestamp\",\"time_zone\":\"Europe/Berlin\",\"interval\":\"30s\",\"offset\":0,\"order\":{\"_key\":\"asc\"},\"keyed\":false,\"min_doc_count\":1}}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fragment_size\":2147483647,\"fields\":{\"*\":{}}}}", + "elasticsearch.slowlog.stats": "", + "elasticsearch.slowlog.took": "124.3ms", + "elasticsearch.slowlog.took_millis": 124, + "elasticsearch.slowlog.total_hits": 0, + "elasticsearch.slowlog.total_shards": 1, + "elasticsearch.slowlog.types": "", + "fileset.module": "elasticsearch", + "fileset.name": "slowlog", + "input.type": "log", + "log.level": "INFO", + "message": "[2018-06-29T09:01:01,821][INFO ][index.search.slowlog.query] [v_VJhjV] [metricbeat-6.3.0-2018.06.26][0] took[124.3ms], took_millis[124], total_hits[0], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[1], source[{\"size\":500,\"query\":{\"match_none\":{\"boost\":1.0}},\"version\":true,\"_source\":{\"includes\":[],\"excludes\":[]},\"stored_fields\":\"*\",\"docvalue_fields\":[\"@timestamp\",\"ceph.monitor_health.last_updated\",\"docker.container.created\",\"docker.healthcheck.event.end_date\",\"docker.healthcheck.event.start_date\",\"docker.image.created\",\"kubernetes.container.start_time\",\"kubernetes.event.metadata.timestamp.created\",\"kubernetes.node.start_time\",\"kubernetes.pod.start_time\",\"kubernetes.system.start_time\",\"mongodb.status.background_flushing.last_finished\",\"mongodb.status.local_time\",\"php_fpm.pool.start_time\",\"postgresql.activity.backend_start\",\"postgresql.activity.query_start\",\"postgresql.activity.state_change\",\"postgresql.activity.transaction_start\",\"postgresql.bgwriter.stats_reset\",\"postgresql.database.stats_reset\",\"system.process.cpu.start_time\"],\"script_fields\":{},\"sort\":[{\"@timestamp\":{\"order\":\"desc\",\"unmapped_type\":\"boolean\"}}],\"aggregations\":{\"2\":{\"date_histogram\":{\"field\":\"@timestamp\",\"time_zone\":\"Europe/Berlin\",\"interval\":\"30s\",\"offset\":0,\"order\":{\"_key\":\"asc\"},\"keyed\":false,\"min_doc_count\":1}}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fragment_size\":2147483647,\"fields\":{\"*\":{}}}}],", + "offset": 532, "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-29T09:01:01,827", - "elasticsearch.index.name": "metricbeat-6.3.0-2018.06.26", - "elasticsearch.node.name": "v_VJhjV", - "elasticsearch.shard.id": "0", - "elasticsearch.slowlog.logger": "index.search.slowlog.fetch", - "elasticsearch.slowlog.search_type": "QUERY_THEN_FETCH", - "elasticsearch.slowlog.source_query": "{\"size\":500,\"query\":{\"match_none\":{\"boost\":1.0}},\"version\":true,\"_source\":{\"includes\":[],\"excludes\":[]},\"stored_fields\":\"*\",\"docvalue_fields\":[\"@timestamp\",\"ceph.monitor_health.last_updated\",\"docker.container.created\",\"docker.healthcheck.event.end_date\",\"docker.healthcheck.event.start_date\",\"docker.image.created\",\"kubernetes.container.start_time\",\"kubernetes.event.metadata.timestamp.created\",\"kubernetes.node.start_time\",\"kubernetes.pod.start_time\",\"kubernetes.system.start_time\",\"mongodb.status.background_flushing.last_finished\",\"mongodb.status.local_time\",\"php_fpm.pool.start_time\",\"postgresql.activity.backend_start\",\"postgresql.activity.query_start\",\"postgresql.activity.state_change\",\"postgresql.activity.transaction_start\",\"postgresql.bgwriter.stats_reset\",\"postgresql.database.stats_reset\",\"system.process.cpu.start_time\"],\"script_fields\":{},\"sort\":[{\"@timestamp\":{\"order\":\"desc\",\"unmapped_type\":\"boolean\"}}],\"aggregations\":{\"2\":{\"date_histogram\":{\"field\":\"@timestamp\",\"time_zone\":\"Europe/Berlin\",\"interval\":\"30s\",\"offset\":0,\"order\":{\"_key\":\"asc\"},\"keyed\":false,\"min_doc_count\":1}}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fragment_size\":2147483647,\"fields\":{\"*\":{}}}}", - "elasticsearch.slowlog.stats": "", - "elasticsearch.slowlog.took": "7.2ms", - "elasticsearch.slowlog.took_millis": 7, - "elasticsearch.slowlog.total_hits": 0, - "elasticsearch.slowlog.total_shards": 1, - "elasticsearch.slowlog.types": "", - "fileset.module": "elasticsearch", - "fileset.name": "slowlog", - "input.type": "log", - "log.level": "INFO", - "message": "[2018-06-29T09:01:01,827][INFO ][index.search.slowlog.fetch] [v_VJhjV] [metricbeat-6.3.0-2018.06.26][0] took[7.2ms], took_millis[7], total_hits[0], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[1], source[{\"size\":500,\"query\":{\"match_none\":{\"boost\":1.0}},\"version\":true,\"_source\":{\"includes\":[],\"excludes\":[]},\"stored_fields\":\"*\",\"docvalue_fields\":[\"@timestamp\",\"ceph.monitor_health.last_updated\",\"docker.container.created\",\"docker.healthcheck.event.end_date\",\"docker.healthcheck.event.start_date\",\"docker.image.created\",\"kubernetes.container.start_time\",\"kubernetes.event.metadata.timestamp.created\",\"kubernetes.node.start_time\",\"kubernetes.pod.start_time\",\"kubernetes.system.start_time\",\"mongodb.status.background_flushing.last_finished\",\"mongodb.status.local_time\",\"php_fpm.pool.start_time\",\"postgresql.activity.backend_start\",\"postgresql.activity.query_start\",\"postgresql.activity.state_change\",\"postgresql.activity.transaction_start\",\"postgresql.bgwriter.stats_reset\",\"postgresql.database.stats_reset\",\"system.process.cpu.start_time\"],\"script_fields\":{},\"sort\":[{\"@timestamp\":{\"order\":\"desc\",\"unmapped_type\":\"boolean\"}}],\"aggregations\":{\"2\":{\"date_histogram\":{\"field\":\"@timestamp\",\"time_zone\":\"Europe/Berlin\",\"interval\":\"30s\",\"offset\":0,\"order\":{\"_key\":\"asc\"},\"keyed\":false,\"min_doc_count\":1}}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fragment_size\":2147483647,\"fields\":{\"*\":{}}}}],", - "offset": 1999, - "prospector.type": "log", + "@timestamp": "2018-06-29T09:01:01,827", + "elasticsearch.index.name": "metricbeat-6.3.0-2018.06.26", + "elasticsearch.node.name": "v_VJhjV", + "elasticsearch.shard.id": "0", + "elasticsearch.slowlog.logger": "index.search.slowlog.fetch", + "elasticsearch.slowlog.search_type": "QUERY_THEN_FETCH", + "elasticsearch.slowlog.source_query": "{\"size\":500,\"query\":{\"match_none\":{\"boost\":1.0}},\"version\":true,\"_source\":{\"includes\":[],\"excludes\":[]},\"stored_fields\":\"*\",\"docvalue_fields\":[\"@timestamp\",\"ceph.monitor_health.last_updated\",\"docker.container.created\",\"docker.healthcheck.event.end_date\",\"docker.healthcheck.event.start_date\",\"docker.image.created\",\"kubernetes.container.start_time\",\"kubernetes.event.metadata.timestamp.created\",\"kubernetes.node.start_time\",\"kubernetes.pod.start_time\",\"kubernetes.system.start_time\",\"mongodb.status.background_flushing.last_finished\",\"mongodb.status.local_time\",\"php_fpm.pool.start_time\",\"postgresql.activity.backend_start\",\"postgresql.activity.query_start\",\"postgresql.activity.state_change\",\"postgresql.activity.transaction_start\",\"postgresql.bgwriter.stats_reset\",\"postgresql.database.stats_reset\",\"system.process.cpu.start_time\"],\"script_fields\":{},\"sort\":[{\"@timestamp\":{\"order\":\"desc\",\"unmapped_type\":\"boolean\"}}],\"aggregations\":{\"2\":{\"date_histogram\":{\"field\":\"@timestamp\",\"time_zone\":\"Europe/Berlin\",\"interval\":\"30s\",\"offset\":0,\"order\":{\"_key\":\"asc\"},\"keyed\":false,\"min_doc_count\":1}}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fragment_size\":2147483647,\"fields\":{\"*\":{}}}}", + "elasticsearch.slowlog.stats": "", + "elasticsearch.slowlog.took": "7.2ms", + "elasticsearch.slowlog.took_millis": 7, + "elasticsearch.slowlog.total_hits": 0, + "elasticsearch.slowlog.total_shards": 1, + "elasticsearch.slowlog.types": "", + "fileset.module": "elasticsearch", + "fileset.name": "slowlog", + "input.type": "log", + "log.level": "INFO", + "message": "[2018-06-29T09:01:01,827][INFO ][index.search.slowlog.fetch] [v_VJhjV] [metricbeat-6.3.0-2018.06.26][0] took[7.2ms], took_millis[7], total_hits[0], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[1], source[{\"size\":500,\"query\":{\"match_none\":{\"boost\":1.0}},\"version\":true,\"_source\":{\"includes\":[],\"excludes\":[]},\"stored_fields\":\"*\",\"docvalue_fields\":[\"@timestamp\",\"ceph.monitor_health.last_updated\",\"docker.container.created\",\"docker.healthcheck.event.end_date\",\"docker.healthcheck.event.start_date\",\"docker.image.created\",\"kubernetes.container.start_time\",\"kubernetes.event.metadata.timestamp.created\",\"kubernetes.node.start_time\",\"kubernetes.pod.start_time\",\"kubernetes.system.start_time\",\"mongodb.status.background_flushing.last_finished\",\"mongodb.status.local_time\",\"php_fpm.pool.start_time\",\"postgresql.activity.backend_start\",\"postgresql.activity.query_start\",\"postgresql.activity.state_change\",\"postgresql.activity.transaction_start\",\"postgresql.bgwriter.stats_reset\",\"postgresql.database.stats_reset\",\"system.process.cpu.start_time\"],\"script_fields\":{},\"sort\":[{\"@timestamp\":{\"order\":\"desc\",\"unmapped_type\":\"boolean\"}}],\"aggregations\":{\"2\":{\"date_histogram\":{\"field\":\"@timestamp\",\"time_zone\":\"Europe/Berlin\",\"interval\":\"30s\",\"offset\":0,\"order\":{\"_key\":\"asc\"},\"keyed\":false,\"min_doc_count\":1}}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fragment_size\":2147483647,\"fields\":{\"*\":{}}}}],", + "offset": 1999, "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-07-04T13:48:07,452", - "elasticsearch.index.id": "VLKxBLvUSYuIMKzpacGjRg", - "elasticsearch.index.name": "metricbeat-6.3.0-2018.07.04", - "elasticsearch.node.name": "v_VJhjV", - "elasticsearch.slowlog.id": "KUyMZWQBk9jw4gtg2y5-", - "elasticsearch.slowlog.logger": "index.indexing.slowlog.index", - "elasticsearch.slowlog.routing": "", - "elasticsearch.slowlog.source_query": "{\"@timestamp\":\"2018-07-04T13:47:50.747Z\",\"system\":{\"process\":{\"ppid\":34526,\"state\":\"running\",\"cpu\":{\"total\":{\"value\":734879,\"pct\":0.0173,\"norm\":{\"pct\":0.0043}},\"start_time\":\"2018-07-04T06:56:34.863Z\"},\"pgid\":34526,\"cmdline\":\"/Applications/Firefox.app/Contents/MacOS/plugin-container.app/Contents/MacOS/plugin-container -childID 1 -isForBrowser -prefsLen 22119 -schedulerPrefs 0001,2 -greomni /Applications/Firefox.app/Contents/Resources/omni.ja -appomni /Applications/Firefox.app/Contents/Resources/browser/omni.ja -appdir /Applications/Firefox.app/Contents/Resources/browser -profile /Users/rado/Library/Application Support/Firefox/Profiles/pt6eoq1j.default-1484133908360 34526 gecko-crash-server-pipe.34526 org.mozilla.machname.231926932 tab\",\"name\":\"plugin-containe\",\"memory\":{\"size\":7489249280,\"rss\":{\"bytes\":567619584,\"pct\":0.033},\"share\":0},\"pid\":34528,\"username\":\"rado\"}},\"metricset\":{\"name\":\"process\",\"module\":\"system\",\"rtt\":43856},\"beat\":{\"hostname\":\"Rados-MacBook-Pro.local\",\"version\":\"6.3.0\",\"name\":\"Rados-MacBook-Pro.local\"},\"host\":{\"name\":\"Rados-MacBook-Pro.local\"}}", - "elasticsearch.slowlog.took": "1.4ms", - "elasticsearch.slowlog.took_millis": 1, - "elasticsearch.slowlog.type": "doc", - "fileset.module": "elasticsearch", - "fileset.name": "slowlog", - "input.type": "log", - "log.level": "INFO", - "message": "[2018-07-04T13:48:07,452][INFO ][index.indexing.slowlog.index] [v_VJhjV] [metricbeat-6.3.0-2018.07.04/VLKxBLvUSYuIMKzpacGjRg] took[1.4ms], took_millis[1], type[doc], id[KUyMZWQBk9jw4gtg2y5-], routing[], source[{\"@timestamp\":\"2018-07-04T13:47:50.747Z\",\"system\":{\"process\":{\"ppid\":34526,\"state\":\"running\",\"cpu\":{\"total\":{\"value\":734879,\"pct\":0.0173,\"norm\":{\"pct\":0.0043}},\"start_time\":\"2018-07-04T06:56:34.863Z\"},\"pgid\":34526,\"cmdline\":\"/Applications/Firefox.app/Contents/MacOS/plugin-container.app/Contents/MacOS/plugin-container -childID 1 -isForBrowser -prefsLen 22119 -schedulerPrefs 0001,2 -greomni /Applications/Firefox.app/Contents/Resources/omni.ja -appomni /Applications/Firefox.app/Contents/Resources/browser/omni.ja -appdir /Applications/Firefox.app/Contents/Resources/browser -profile /Users/rado/Library/Application Support/Firefox/Profiles/pt6eoq1j.default-1484133908360 34526 gecko-crash-server-pipe.34526 org.mozilla.machname.231926932 tab\",\"name\":\"plugin-containe\",\"memory\":{\"size\":7489249280,\"rss\":{\"bytes\":567619584,\"pct\":0.033},\"share\":0},\"pid\":34528,\"username\":\"rado\"}},\"metricset\":{\"name\":\"process\",\"module\":\"system\",\"rtt\":43856},\"beat\":{\"hostname\":\"Rados-MacBook-Pro.local\",\"version\":\"6.3.0\",\"name\":\"Rados-MacBook-Pro.local\"},\"host\":{\"name\":\"Rados-MacBook-Pro.local\"}}]", - "offset": 3462, - "prospector.type": "log", + "@timestamp": "2018-07-04T13:48:07,452", + "elasticsearch.index.id": "VLKxBLvUSYuIMKzpacGjRg", + "elasticsearch.index.name": "metricbeat-6.3.0-2018.07.04", + "elasticsearch.node.name": "v_VJhjV", + "elasticsearch.slowlog.id": "KUyMZWQBk9jw4gtg2y5-", + "elasticsearch.slowlog.logger": "index.indexing.slowlog.index", + "elasticsearch.slowlog.routing": "", + "elasticsearch.slowlog.source_query": "{\"@timestamp\":\"2018-07-04T13:47:50.747Z\",\"system\":{\"process\":{\"ppid\":34526,\"state\":\"running\",\"cpu\":{\"total\":{\"value\":734879,\"pct\":0.0173,\"norm\":{\"pct\":0.0043}},\"start_time\":\"2018-07-04T06:56:34.863Z\"},\"pgid\":34526,\"cmdline\":\"/Applications/Firefox.app/Contents/MacOS/plugin-container.app/Contents/MacOS/plugin-container -childID 1 -isForBrowser -prefsLen 22119 -schedulerPrefs 0001,2 -greomni /Applications/Firefox.app/Contents/Resources/omni.ja -appomni /Applications/Firefox.app/Contents/Resources/browser/omni.ja -appdir /Applications/Firefox.app/Contents/Resources/browser -profile /Users/rado/Library/Application Support/Firefox/Profiles/pt6eoq1j.default-1484133908360 34526 gecko-crash-server-pipe.34526 org.mozilla.machname.231926932 tab\",\"name\":\"plugin-containe\",\"memory\":{\"size\":7489249280,\"rss\":{\"bytes\":567619584,\"pct\":0.033},\"share\":0},\"pid\":34528,\"username\":\"rado\"}},\"metricset\":{\"name\":\"process\",\"module\":\"system\",\"rtt\":43856},\"beat\":{\"hostname\":\"Rados-MacBook-Pro.local\",\"version\":\"6.3.0\",\"name\":\"Rados-MacBook-Pro.local\"},\"host\":{\"name\":\"Rados-MacBook-Pro.local\"}}", + "elasticsearch.slowlog.took": "1.4ms", + "elasticsearch.slowlog.took_millis": 1, + "elasticsearch.slowlog.type": "doc", + "fileset.module": "elasticsearch", + "fileset.name": "slowlog", + "input.type": "log", + "log.level": "INFO", + "message": "[2018-07-04T13:48:07,452][INFO ][index.indexing.slowlog.index] [v_VJhjV] [metricbeat-6.3.0-2018.07.04/VLKxBLvUSYuIMKzpacGjRg] took[1.4ms], took_millis[1], type[doc], id[KUyMZWQBk9jw4gtg2y5-], routing[], source[{\"@timestamp\":\"2018-07-04T13:47:50.747Z\",\"system\":{\"process\":{\"ppid\":34526,\"state\":\"running\",\"cpu\":{\"total\":{\"value\":734879,\"pct\":0.0173,\"norm\":{\"pct\":0.0043}},\"start_time\":\"2018-07-04T06:56:34.863Z\"},\"pgid\":34526,\"cmdline\":\"/Applications/Firefox.app/Contents/MacOS/plugin-container.app/Contents/MacOS/plugin-container -childID 1 -isForBrowser -prefsLen 22119 -schedulerPrefs 0001,2 -greomni /Applications/Firefox.app/Contents/Resources/omni.ja -appomni /Applications/Firefox.app/Contents/Resources/browser/omni.ja -appdir /Applications/Firefox.app/Contents/Resources/browser -profile /Users/rado/Library/Application Support/Firefox/Profiles/pt6eoq1j.default-1484133908360 34526 gecko-crash-server-pipe.34526 org.mozilla.machname.231926932 tab\",\"name\":\"plugin-containe\",\"memory\":{\"size\":7489249280,\"rss\":{\"bytes\":567619584,\"pct\":0.033},\"share\":0},\"pid\":34528,\"username\":\"rado\"}},\"metricset\":{\"name\":\"process\",\"module\":\"system\",\"rtt\":43856},\"beat\":{\"hostname\":\"Rados-MacBook-Pro.local\",\"version\":\"6.3.0\",\"name\":\"Rados-MacBook-Pro.local\"},\"host\":{\"name\":\"Rados-MacBook-Pro.local\"}}]", + "offset": 3462, "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-07-04T21:51:30,411", - "elasticsearch.index.id": "VLKxBLvUSYuIMKzpacGjRg", - "elasticsearch.index.name": "metricbeat-6.3.0-2018.07.04", - "elasticsearch.node.name": "v_VJhjV", - "elasticsearch.slowlog.id": "s01HZ2QBk9jw4gtgaFtn", - "elasticsearch.slowlog.logger": "index.indexing.slowlog.index", - "elasticsearch.slowlog.routing": "", - "elasticsearch.slowlog.source_query": "\n{\n \"@timestamp\":\"2018-07-04T21:27:30.730Z\",\n \"metricset\":{\n \"name\":\"network\",\n \"module\":\"system\",\n \"rtt\":7264},\n \"system\":{\n \"network\":{\n \"name\":\"lo0\",\n \"in\":{\n \"errors\":0,\n \"dropped\":0,\n \"bytes\":77666873,\n \"packets\":244595},\n \"out\":{\n \"packets\":244595,\n \"bytes\":77666873,\n \"errors\":0,\n \"dropped\":0\n }\n }\n },\n \"beat\":{\n \"name\":\"Rados-MacBook-Pro.local\",\n \"hostname\":\"Rados-MacBook-Pro.local\",\n \"version\":\"6.3.0\"\n },\n \"host\":{\n \"name\":\"Rados-MacBook-Pro.local\"\n }\n }", - "elasticsearch.slowlog.took": "1.7ms", - "elasticsearch.slowlog.took_millis": 1, - "elasticsearch.slowlog.type": "doc", - "fileset.module": "elasticsearch", - "fileset.name": "slowlog", - "input.type": "log", + "@timestamp": "2018-07-04T21:51:30,411", + "elasticsearch.index.id": "VLKxBLvUSYuIMKzpacGjRg", + "elasticsearch.index.name": "metricbeat-6.3.0-2018.07.04", + "elasticsearch.node.name": "v_VJhjV", + "elasticsearch.slowlog.id": "s01HZ2QBk9jw4gtgaFtn", + "elasticsearch.slowlog.logger": "index.indexing.slowlog.index", + "elasticsearch.slowlog.routing": "", + "elasticsearch.slowlog.source_query": "\n{\n \"@timestamp\":\"2018-07-04T21:27:30.730Z\",\n \"metricset\":{\n \"name\":\"network\",\n \"module\":\"system\",\n \"rtt\":7264},\n \"system\":{\n \"network\":{\n \"name\":\"lo0\",\n \"in\":{\n \"errors\":0,\n \"dropped\":0,\n \"bytes\":77666873,\n \"packets\":244595},\n \"out\":{\n \"packets\":244595,\n \"bytes\":77666873,\n \"errors\":0,\n \"dropped\":0\n }\n }\n },\n \"beat\":{\n \"name\":\"Rados-MacBook-Pro.local\",\n \"hostname\":\"Rados-MacBook-Pro.local\",\n \"version\":\"6.3.0\"\n },\n \"host\":{\n \"name\":\"Rados-MacBook-Pro.local\"\n }\n }", + "elasticsearch.slowlog.took": "1.7ms", + "elasticsearch.slowlog.took_millis": 1, + "elasticsearch.slowlog.type": "doc", + "fileset.module": "elasticsearch", + "fileset.name": "slowlog", + "input.type": "log", "log.flags": [ "multiline" - ], - "log.level": "INFO", - "message": "[2018-07-04T21:51:30,411][INFO ][index.indexing.slowlog.index] [v_VJhjV] [metricbeat-6.3.0-2018.07.04/VLKxBLvUSYuIMKzpacGjRg] took[1.7ms], took_millis[1], type[doc], id[s01HZ2QBk9jw4gtgaFtn], routing[], source[\n{\n \"@timestamp\":\"2018-07-04T21:27:30.730Z\",\n \"metricset\":{\n \"name\":\"network\",\n \"module\":\"system\",\n \"rtt\":7264},\n \"system\":{\n \"network\":{\n \"name\":\"lo0\",\n \"in\":{\n \"errors\":0,\n \"dropped\":0,\n \"bytes\":77666873,\n \"packets\":244595},\n \"out\":{\n \"packets\":244595,\n \"bytes\":77666873,\n \"errors\":0,\n \"dropped\":0\n }\n }\n },\n \"beat\":{\n \"name\":\"Rados-MacBook-Pro.local\",\n \"hostname\":\"Rados-MacBook-Pro.local\",\n \"version\":\"6.3.0\"\n },\n \"host\":{\n \"name\":\"Rados-MacBook-Pro.local\"\n }\n }]", - "offset": 4753, - "prospector.type": "log", + ], + "log.level": "INFO", + "message": "[2018-07-04T21:51:30,411][INFO ][index.indexing.slowlog.index] [v_VJhjV] [metricbeat-6.3.0-2018.07.04/VLKxBLvUSYuIMKzpacGjRg] took[1.7ms], took_millis[1], type[doc], id[s01HZ2QBk9jw4gtgaFtn], routing[], source[\n{\n \"@timestamp\":\"2018-07-04T21:27:30.730Z\",\n \"metricset\":{\n \"name\":\"network\",\n \"module\":\"system\",\n \"rtt\":7264},\n \"system\":{\n \"network\":{\n \"name\":\"lo0\",\n \"in\":{\n \"errors\":0,\n \"dropped\":0,\n \"bytes\":77666873,\n \"packets\":244595},\n \"out\":{\n \"packets\":244595,\n \"bytes\":77666873,\n \"errors\":0,\n \"dropped\":0\n }\n }\n },\n \"beat\":{\n \"name\":\"Rados-MacBook-Pro.local\",\n \"hostname\":\"Rados-MacBook-Pro.local\",\n \"version\":\"6.3.0\"\n },\n \"host\":{\n \"name\":\"Rados-MacBook-Pro.local\"\n }\n }]", + "offset": 4753, "service.name": "elasticsearch" } -] \ No newline at end of file +] diff --git a/filebeat/module/haproxy/log/test/default.log-expected.json b/filebeat/module/haproxy/log/test/default.log-expected.json index e5fcd3fea904..e797847d7d58 100644 --- a/filebeat/module/haproxy/log/test/default.log-expected.json +++ b/filebeat/module/haproxy/log/test/default.log-expected.json @@ -1,23 +1,22 @@ [ { - "@timestamp": "2018-09-20T15:42:59.000Z", - "fileset.module": "haproxy", - "fileset.name": "log", - "haproxy.client.ip": "1.2.3.4", - "haproxy.client.port": "40780", - "haproxy.destination.ip": "1.2.3.4", - "haproxy.destination.port": "5000", - "haproxy.frontend_name": "main", - "haproxy.geoip.continent_name": "North America", - "haproxy.geoip.country_iso_code": "US", - "haproxy.geoip.location.lat": 37.751, - "haproxy.geoip.location.lon": -97.822, - "haproxy.mode": "HTTP", - "haproxy.pid": "24551", - "haproxy.process_name": "haproxy", - "haproxy.source": "1.2.3.4", - "input.type": "log", - "offset": 0, - "prospector.type": "log" + "@timestamp": "2018-09-20T15:42:59.000Z", + "fileset.module": "haproxy", + "fileset.name": "log", + "haproxy.client.ip": "1.2.3.4", + "haproxy.client.port": "40780", + "haproxy.destination.ip": "1.2.3.4", + "haproxy.destination.port": "5000", + "haproxy.frontend_name": "main", + "haproxy.geoip.continent_name": "North America", + "haproxy.geoip.country_iso_code": "US", + "haproxy.geoip.location.lat": 37.751, + "haproxy.geoip.location.lon": -97.822, + "haproxy.mode": "HTTP", + "haproxy.pid": "24551", + "haproxy.process_name": "haproxy", + "haproxy.source": "1.2.3.4", + "input.type": "log", + "offset": 0 } -] \ No newline at end of file +] diff --git a/filebeat/module/haproxy/log/test/haproxy.log-expected.json b/filebeat/module/haproxy/log/test/haproxy.log-expected.json index de4f3ffeff3e..5f8e384dfc2a 100644 --- a/filebeat/module/haproxy/log/test/haproxy.log-expected.json +++ b/filebeat/module/haproxy/log/test/haproxy.log-expected.json @@ -1,43 +1,42 @@ [ { - "@timestamp": "2018-07-30T09:03:52.726Z", - "fileset.module": "haproxy", - "fileset.name": "log", - "haproxy.backend_name": "docs_microservice", - "haproxy.backend_queue": 0, - "haproxy.bytes_read": 168, - "haproxy.client.ip": "1.2.3.4", - "haproxy.client.port": 38862, - "haproxy.connection_wait_time_ms": 1, - "haproxy.connections.active": 6, - "haproxy.connections.backend": 0, - "haproxy.connections.frontend": 6, - "haproxy.connections.retries": 0, - "haproxy.connections.server": 0, - "haproxy.frontend_name": "incoming~", - "haproxy.geoip.continent_name": "North America", - "haproxy.geoip.country_iso_code": "US", - "haproxy.geoip.location.lat": 37.751, - "haproxy.geoip.location.lon": -97.822, - "haproxy.http.request.captured_cookie": "-", + "@timestamp": "2018-07-30T09:03:52.726Z", + "fileset.module": "haproxy", + "fileset.name": "log", + "haproxy.backend_name": "docs_microservice", + "haproxy.backend_queue": 0, + "haproxy.bytes_read": 168, + "haproxy.client.ip": "1.2.3.4", + "haproxy.client.port": 38862, + "haproxy.connection_wait_time_ms": 1, + "haproxy.connections.active": 6, + "haproxy.connections.backend": 0, + "haproxy.connections.frontend": 6, + "haproxy.connections.retries": 0, + "haproxy.connections.server": 0, + "haproxy.frontend_name": "incoming~", + "haproxy.geoip.continent_name": "North America", + "haproxy.geoip.country_iso_code": "US", + "haproxy.geoip.location.lat": 37.751, + "haproxy.geoip.location.lon": -97.822, + "haproxy.http.request.captured_cookie": "-", "haproxy.http.request.captured_headers": [ "docs.example.internal" - ], - "haproxy.http.request.raw_request_line": "GET /component---src-pages-index-js-4b15624544f97cf0bb8f.js HTTP/1.1", - "haproxy.http.request.time_active_ms": 2, - "haproxy.http.request.time_wait_ms": 0, - "haproxy.http.request.time_wait_without_data_ms": 0, - "haproxy.http.response.captured_cookie": "-", - "haproxy.http.response.captured_headers": [], - "haproxy.http.response.status_code": 304, - "haproxy.pid": 32450, - "haproxy.process_name": "haproxy", - "haproxy.server_name": "docs", - "haproxy.server_queue": 0, - "haproxy.termination_state": "----", - "haproxy.total_waiting_time_ms": 0, - "input.type": "log", - "offset": 0, - "prospector.type": "log" + ], + "haproxy.http.request.raw_request_line": "GET /component---src-pages-index-js-4b15624544f97cf0bb8f.js HTTP/1.1", + "haproxy.http.request.time_active_ms": 2, + "haproxy.http.request.time_wait_ms": 0, + "haproxy.http.request.time_wait_without_data_ms": 0, + "haproxy.http.response.captured_cookie": "-", + "haproxy.http.response.captured_headers": [], + "haproxy.http.response.status_code": 304, + "haproxy.pid": 32450, + "haproxy.process_name": "haproxy", + "haproxy.server_name": "docs", + "haproxy.server_queue": 0, + "haproxy.termination_state": "----", + "haproxy.total_waiting_time_ms": 0, + "input.type": "log", + "offset": 0 } -] \ No newline at end of file +] diff --git a/filebeat/module/haproxy/log/test/tcplog.log-expected.json b/filebeat/module/haproxy/log/test/tcplog.log-expected.json index 28b0cea58bd2..48dde8738862 100644 --- a/filebeat/module/haproxy/log/test/tcplog.log-expected.json +++ b/filebeat/module/haproxy/log/test/tcplog.log-expected.json @@ -1,30 +1,29 @@ [ { - "@timestamp": "2018-09-20T15:44:23.285Z", - "fileset.module": "haproxy", - "fileset.name": "log", - "haproxy.backend_name": "app", - "haproxy.backend_queue": 0, - "haproxy.bytes_read": 212, - "haproxy.client.ip": "127.0.0.1", - "haproxy.client.port": 40962, - "haproxy.connection_wait_time_ms": -1, - "haproxy.connections.active": 1, - "haproxy.connections.backend": 0, - "haproxy.connections.frontend": 1, - "haproxy.connections.retries": 0, - "haproxy.connections.server": 0, - "haproxy.frontend_name": "main", - "haproxy.pid": 25457, - "haproxy.process_name": "haproxy", - "haproxy.server_name": "", - "haproxy.server_queue": 0, - "haproxy.source": "127.0.0.1", - "haproxy.tcp.processing_time_ms": 0, - "haproxy.termination_state": "SC", - "haproxy.total_waiting_time_ms": -1, - "input.type": "log", - "offset": 0, - "prospector.type": "log" + "@timestamp": "2018-09-20T15:44:23.285Z", + "fileset.module": "haproxy", + "fileset.name": "log", + "haproxy.backend_name": "app", + "haproxy.backend_queue": 0, + "haproxy.bytes_read": 212, + "haproxy.client.ip": "127.0.0.1", + "haproxy.client.port": 40962, + "haproxy.connection_wait_time_ms": -1, + "haproxy.connections.active": 1, + "haproxy.connections.backend": 0, + "haproxy.connections.frontend": 1, + "haproxy.connections.retries": 0, + "haproxy.connections.server": 0, + "haproxy.frontend_name": "main", + "haproxy.pid": 25457, + "haproxy.process_name": "haproxy", + "haproxy.server_name": "", + "haproxy.server_queue": 0, + "haproxy.source": "127.0.0.1", + "haproxy.tcp.processing_time_ms": 0, + "haproxy.termination_state": "SC", + "haproxy.total_waiting_time_ms": -1, + "input.type": "log", + "offset": 0 } -] \ No newline at end of file +] diff --git a/filebeat/module/icinga/debug/test/test.log-expected.json b/filebeat/module/icinga/debug/test/test.log-expected.json index 2a8ec5dbb7db..90881595eda5 100644 --- a/filebeat/module/icinga/debug/test/test.log-expected.json +++ b/filebeat/module/icinga/debug/test/test.log-expected.json @@ -1,35 +1,32 @@ [ { - "@timestamp": "2017-04-04T11:43:09.000Z", - "fileset.module": "icinga", - "fileset.name": "debug", - "icinga.debug.facility": "GraphiteWriter", - "icinga.debug.message": "Add to metric list:'icinga2.demo.services.procs.procs.perfdata.procs.warn 250 1491306189'.", - "icinga.debug.severity": "debug", - "input.type": "log", - "offset": 0, - "prospector.type": "log" - }, + "@timestamp": "2017-04-04T11:43:09.000Z", + "fileset.module": "icinga", + "fileset.name": "debug", + "icinga.debug.facility": "GraphiteWriter", + "icinga.debug.message": "Add to metric list:'icinga2.demo.services.procs.procs.perfdata.procs.warn 250 1491306189'.", + "icinga.debug.severity": "debug", + "input.type": "log", + "offset": 0 + }, { - "@timestamp": "2017-04-04T11:43:09.000Z", - "fileset.module": "icinga", - "fileset.name": "debug", - "icinga.debug.facility": "IdoMysqlConnection", - "icinga.debug.message": "Query: UPDATE icinga_servicestatus SET acknowledgement_type = '0', active_checks_enabled = '1', check_command = 'mysql_health', check_source = 'demo', check_type = '0', current_check_attempt = '1', current_notification_number = '180', current_state = '2', endpoint_object_id = 242, event_handler = '', event_handler_enabled = '1', execution_time = '0.355594', flap_detection_enabled = '0', has_been_checked = '1', instance_id = 1, is_flapping = '0', is_reachable = '1', last_check = FROM_UNIXTIME(1491306189), last_hard_state = '2', last_hard_state_change = FROM_UNIXTIME(1491290599), last_notification = FROM_UNIXTIME(1491304989), last_state_change = FROM_UNIXTIME(1491290599), last_time_critical = FROM_UNIXTIME(1491306189), last_time_unknown = FROM_UNIXTIME(1491290589), latency = '0.001466', long_output = '', max_check_attempts = '5', next_check = FROM_UNIXTIME(1491306198), next_notification = FROM_UNIXTIME(1491306789), normal_check_interval = '0.166667', notifications_enabled = '1', original_attributes = 'null', output = 'CRITICAL - cannot connect to information_schema. Access denied for user \\'test1\\'@\\'blerims-mbp.int.netways.de\\' (using password: YES)', passive_checks_enabled = '1', percent_state_change = '0', perfdata = '', problem_has_been_acknowledged = '0', process_performance_data = '1', retry_check_interval = '0.166667', scheduled_downtime_depth = '0', service_object_id = 333, should_be_scheduled = '1', state_type = '1', status_update_time = FROM_UNIXTIME(1491306189) WHERE service_object_id = 333", - "icinga.debug.severity": "debug", - "input.type": "log", - "offset": 141, - "prospector.type": "log" - }, + "@timestamp": "2017-04-04T11:43:09.000Z", + "fileset.module": "icinga", + "fileset.name": "debug", + "icinga.debug.facility": "IdoMysqlConnection", + "icinga.debug.message": "Query: UPDATE icinga_servicestatus SET acknowledgement_type = '0', active_checks_enabled = '1', check_command = 'mysql_health', check_source = 'demo', check_type = '0', current_check_attempt = '1', current_notification_number = '180', current_state = '2', endpoint_object_id = 242, event_handler = '', event_handler_enabled = '1', execution_time = '0.355594', flap_detection_enabled = '0', has_been_checked = '1', instance_id = 1, is_flapping = '0', is_reachable = '1', last_check = FROM_UNIXTIME(1491306189), last_hard_state = '2', last_hard_state_change = FROM_UNIXTIME(1491290599), last_notification = FROM_UNIXTIME(1491304989), last_state_change = FROM_UNIXTIME(1491290599), last_time_critical = FROM_UNIXTIME(1491306189), last_time_unknown = FROM_UNIXTIME(1491290589), latency = '0.001466', long_output = '', max_check_attempts = '5', next_check = FROM_UNIXTIME(1491306198), next_notification = FROM_UNIXTIME(1491306789), normal_check_interval = '0.166667', notifications_enabled = '1', original_attributes = 'null', output = 'CRITICAL - cannot connect to information_schema. Access denied for user \\'test1\\'@\\'blerims-mbp.int.netways.de\\' (using password: YES)', passive_checks_enabled = '1', percent_state_change = '0', perfdata = '', problem_has_been_acknowledged = '0', process_performance_data = '1', retry_check_interval = '0.166667', scheduled_downtime_depth = '0', service_object_id = 333, should_be_scheduled = '1', state_type = '1', status_update_time = FROM_UNIXTIME(1491306189) WHERE service_object_id = 333", + "icinga.debug.severity": "debug", + "input.type": "log", + "offset": 141 + }, { - "@timestamp": "2017-04-04T11:43:11.000Z", - "fileset.module": "icinga", - "fileset.name": "debug", - "icinga.debug.facility": "Process", - "icinga.debug.message": "Running command '/usr/lib/nagios/plugins/check_ping' '-H' 'mysql.icinga.com' '-c' '5000,100%' '-w' '3000,80%': PID 8288", - "icinga.debug.severity": "notice", - "input.type": "log", - "offset": 1763, - "prospector.type": "log" + "@timestamp": "2017-04-04T11:43:11.000Z", + "fileset.module": "icinga", + "fileset.name": "debug", + "icinga.debug.facility": "Process", + "icinga.debug.message": "Running command '/usr/lib/nagios/plugins/check_ping' '-H' 'mysql.icinga.com' '-c' '5000,100%' '-w' '3000,80%': PID 8288", + "icinga.debug.severity": "notice", + "input.type": "log", + "offset": 1763 } -] \ No newline at end of file +] diff --git a/filebeat/module/icinga/main/test/test.log-expected.json b/filebeat/module/icinga/main/test/test.log-expected.json index 59d4822ce5d8..9cb2bce46313 100644 --- a/filebeat/module/icinga/main/test/test.log-expected.json +++ b/filebeat/module/icinga/main/test/test.log-expected.json @@ -1,38 +1,35 @@ [ { - "@timestamp": "2017-04-04T09:16:34.000Z", - "fileset.module": "icinga", - "fileset.name": "main", - "icinga.main.facility": "Notification", - "icinga.main.message": "Sending 'Recovery' notification 'demo!load!mail-icingaadmin for user 'on-call'", - "icinga.main.severity": "information", - "input.type": "log", - "offset": 0, - "prospector.type": "log" - }, + "@timestamp": "2017-04-04T09:16:34.000Z", + "fileset.module": "icinga", + "fileset.name": "main", + "icinga.main.facility": "Notification", + "icinga.main.message": "Sending 'Recovery' notification 'demo!load!mail-icingaadmin for user 'on-call'", + "icinga.main.severity": "information", + "input.type": "log", + "offset": 0 + }, { - "@timestamp": "2017-04-04T09:16:34.000Z", - "fileset.module": "icinga", - "fileset.name": "main", - "icinga.main.facility": "PluginNotificationTask", - "icinga.main.message": "Notification command for object 'demo!load' (PID: 19401, arguments: '/etc/icinga2/scripts/mail-service-notification.sh') terminated with exit code 127, output: /etc/icinga2/scripts/mail-service-notification.sh: 20: /etc/icinga2/scripts/mail-service-notification.sh: mail: not found\n/usr/bin/printf: write error: Broken pipe\n", - "icinga.main.severity": "warning", - "input.type": "log", + "@timestamp": "2017-04-04T09:16:34.000Z", + "fileset.module": "icinga", + "fileset.name": "main", + "icinga.main.facility": "PluginNotificationTask", + "icinga.main.message": "Notification command for object 'demo!load' (PID: 19401, arguments: '/etc/icinga2/scripts/mail-service-notification.sh') terminated with exit code 127, output: /etc/icinga2/scripts/mail-service-notification.sh: 20: /etc/icinga2/scripts/mail-service-notification.sh: mail: not found\n/usr/bin/printf: write error: Broken pipe\n", + "icinga.main.severity": "warning", + "input.type": "log", "log.flags": [ "multiline" - ], - "offset": 133, - "prospector.type": "log" - }, + ], + "offset": 133 + }, { - "@timestamp": "2017-04-04T09:16:48.000Z", - "fileset.module": "icinga", - "fileset.name": "main", - "icinga.main.facility": "IdoMysqlConnection", - "icinga.main.message": "Query queue items: 0, query rate: 5.38333/s (323/min 1610/5min 4778/15min);", - "icinga.main.severity": "information", - "input.type": "log", - "offset": 518, - "prospector.type": "log" + "@timestamp": "2017-04-04T09:16:48.000Z", + "fileset.module": "icinga", + "fileset.name": "main", + "icinga.main.facility": "IdoMysqlConnection", + "icinga.main.message": "Query queue items: 0, query rate: 5.38333/s (323/min 1610/5min 4778/15min);", + "icinga.main.severity": "information", + "input.type": "log", + "offset": 518 } -] \ No newline at end of file +] diff --git a/filebeat/module/icinga/startup/test/test.log-expected.json b/filebeat/module/icinga/startup/test/test.log-expected.json index 2f8cd6198c4e..f441c034ae52 100644 --- a/filebeat/module/icinga/startup/test/test.log-expected.json +++ b/filebeat/module/icinga/startup/test/test.log-expected.json @@ -1,24 +1,22 @@ [ { - "@timestamp": "2018-07-23T11:50:38.896Z", - "fileset.module": "icinga", - "fileset.name": "startup", - "icinga.startup.facility": "cli", - "icinga.startup.message": "Icinga application loader (version: r2.6.3-1)", - "icinga.startup.severity": "information", - "input.type": "log", - "offset": 0, - "prospector.type": "log" - }, + "@timestamp": "2018-07-23T11:50:38.896Z", + "fileset.module": "icinga", + "fileset.name": "startup", + "icinga.startup.facility": "cli", + "icinga.startup.message": "Icinga application loader (version: r2.6.3-1)", + "icinga.startup.severity": "information", + "input.type": "log", + "offset": 0 + }, { - "@timestamp": "2018-07-23T11:50:38.896Z", - "fileset.module": "icinga", - "fileset.name": "startup", - "icinga.startup.facility": "cli", - "icinga.startup.message": "Loading configuration file(s).", - "icinga.startup.severity": "information", - "input.type": "log", - "offset": 63, - "prospector.type": "log" + "@timestamp": "2018-07-23T11:50:38.896Z", + "fileset.module": "icinga", + "fileset.name": "startup", + "icinga.startup.facility": "cli", + "icinga.startup.message": "Loading configuration file(s).", + "icinga.startup.severity": "information", + "input.type": "log", + "offset": 63 } -] \ No newline at end of file +] diff --git a/filebeat/module/iis/access/test/test.log-expected.json b/filebeat/module/iis/access/test/test.log-expected.json index 6ee8518bf834..a823fec9de7a 100644 --- a/filebeat/module/iis/access/test/test.log-expected.json +++ b/filebeat/module/iis/access/test/test.log-expected.json @@ -1,108 +1,105 @@ [ { - "@timestamp": "2018-01-01T08:09:10.000Z", - "fileset.module": "iis", - "fileset.name": "access", - "iis.access.geoip.city_name": "Berlin", - "iis.access.geoip.continent_name": "Europe", - "iis.access.geoip.country_iso_code": "DE", - "iis.access.geoip.location.lat": 52.4908, - "iis.access.geoip.location.lon": 13.3275, - "iis.access.geoip.region_iso_code": "DE-BE", - "iis.access.geoip.region_name": "Land Berlin", - "iis.access.method": "GET", - "iis.access.port": "80", - "iis.access.query_string": "q=100", - "iis.access.referrer": "-", - "iis.access.remote_ip": "85.181.35.98", - "iis.access.request_time_ms": "123", - "iis.access.response_code": "200", - "iis.access.server_ip": "127.0.0.1", - "iis.access.sub_status": "0", - "iis.access.url": "/", - "iis.access.user_agent.device": "Other", - "iis.access.user_agent.major": "57", - "iis.access.user_agent.minor": "0", - "iis.access.user_agent.name": "Firefox", - "iis.access.user_agent.original": "Mozilla/5.0+(Windows+NT+6.1;+Win64;+x64;+rv:57.0)+Gecko/20100101+Firefox/57.0", - "iis.access.user_agent.os": "Windows", - "iis.access.user_agent.os_name": "Windows", - "iis.access.user_name": "-", - "iis.access.win32_status": "0", - "input.type": "log", - "offset": 257, - "prospector.type": "log" - }, + "@timestamp": "2018-01-01T08:09:10.000Z", + "fileset.module": "iis", + "fileset.name": "access", + "iis.access.geoip.city_name": "Berlin", + "iis.access.geoip.continent_name": "Europe", + "iis.access.geoip.country_iso_code": "DE", + "iis.access.geoip.location.lat": 52.4908, + "iis.access.geoip.location.lon": 13.3275, + "iis.access.geoip.region_iso_code": "DE-BE", + "iis.access.geoip.region_name": "Land Berlin", + "iis.access.method": "GET", + "iis.access.port": "80", + "iis.access.query_string": "q=100", + "iis.access.referrer": "-", + "iis.access.remote_ip": "85.181.35.98", + "iis.access.request_time_ms": "123", + "iis.access.response_code": "200", + "iis.access.server_ip": "127.0.0.1", + "iis.access.sub_status": "0", + "iis.access.url": "/", + "iis.access.user_agent.device": "Other", + "iis.access.user_agent.major": "57", + "iis.access.user_agent.minor": "0", + "iis.access.user_agent.name": "Firefox", + "iis.access.user_agent.original": "Mozilla/5.0+(Windows+NT+6.1;+Win64;+x64;+rv:57.0)+Gecko/20100101+Firefox/57.0", + "iis.access.user_agent.os": "Windows", + "iis.access.user_agent.os_name": "Windows", + "iis.access.user_name": "-", + "iis.access.win32_status": "0", + "input.type": "log", + "offset": 257 + }, { - "@timestamp": "2018-01-01T09:10:11.000Z", - "fileset.module": "iis", - "fileset.name": "access", - "iis.access.body_received.bytes": "456", - "iis.access.body_sent.bytes": "123", - "iis.access.cookie": "-", - "iis.access.hostname": "example.com", - "iis.access.method": "GET", - "iis.access.port": "80", - "iis.access.query_string": "-", - "iis.access.referrer": "-", - "iis.access.remote_ip": "127.0.0.1", - "iis.access.request_time_ms": "789", - "iis.access.response_code": "200", - "iis.access.site_name": "W3SVC1", - "iis.access.sub_status": "0", - "iis.access.url": "/", - "iis.access.user_agent.device": "Other", - "iis.access.user_agent.major": "57", - "iis.access.user_agent.minor": "0", - "iis.access.user_agent.name": "Firefox", - "iis.access.user_agent.original": "Mozilla/5.0+(Windows+NT+6.1;+Win64;+x64;+rv:57.0)+Gecko/20100101+Firefox/57.0", - "iis.access.user_agent.os": "Windows", - "iis.access.user_agent.os_name": "Windows", - "iis.access.user_name": "-", - "iis.access.win32_status": "0", - "input.type": "log", - "offset": 709, - "prospector.type": "log" - }, + "@timestamp": "2018-01-01T09:10:11.000Z", + "fileset.module": "iis", + "fileset.name": "access", + "iis.access.body_received.bytes": "456", + "iis.access.body_sent.bytes": "123", + "iis.access.cookie": "-", + "iis.access.hostname": "example.com", + "iis.access.method": "GET", + "iis.access.port": "80", + "iis.access.query_string": "-", + "iis.access.referrer": "-", + "iis.access.remote_ip": "127.0.0.1", + "iis.access.request_time_ms": "789", + "iis.access.response_code": "200", + "iis.access.site_name": "W3SVC1", + "iis.access.sub_status": "0", + "iis.access.url": "/", + "iis.access.user_agent.device": "Other", + "iis.access.user_agent.major": "57", + "iis.access.user_agent.minor": "0", + "iis.access.user_agent.name": "Firefox", + "iis.access.user_agent.original": "Mozilla/5.0+(Windows+NT+6.1;+Win64;+x64;+rv:57.0)+Gecko/20100101+Firefox/57.0", + "iis.access.user_agent.os": "Windows", + "iis.access.user_agent.os_name": "Windows", + "iis.access.user_name": "-", + "iis.access.win32_status": "0", + "input.type": "log", + "offset": 709 + }, { - "@timestamp": "2018-01-01T10:11:12.000Z", - "fileset.module": "iis", - "fileset.name": "access", - "iis.access.body_received.bytes": "456", - "iis.access.body_sent.bytes": "123", - "iis.access.cookie": "-", - "iis.access.geoip.city_name": "Berlin", - "iis.access.geoip.continent_name": "Europe", - "iis.access.geoip.country_iso_code": "DE", - "iis.access.geoip.location.lat": 52.4908, - "iis.access.geoip.location.lon": 13.3275, - "iis.access.geoip.region_iso_code": "DE-BE", - "iis.access.geoip.region_name": "Land Berlin", - "iis.access.hostname": "example.com", - "iis.access.http_version": "1.1", - "iis.access.method": "GET", - "iis.access.port": "80", - "iis.access.query_string": "-", - "iis.access.referrer": "-", - "iis.access.remote_ip": "85.181.35.98", - "iis.access.request_time_ms": "789", - "iis.access.response_code": "200", - "iis.access.server_ip": "127.0.0.1", - "iis.access.server_name": "MACHINE-NAME", - "iis.access.site_name": "W3SVC1", - "iis.access.sub_status": "0", - "iis.access.url": "/", - "iis.access.user_agent.device": "Other", - "iis.access.user_agent.major": "57", - "iis.access.user_agent.minor": "0", - "iis.access.user_agent.name": "Firefox", - "iis.access.user_agent.original": "Mozilla/5.0+(Windows+NT+6.1;+Win64;+x64;+rv:57.0)+Gecko/20100101+Firefox/57.0", - "iis.access.user_agent.os": "Windows", - "iis.access.user_agent.os_name": "Windows", - "iis.access.user_name": "-", - "iis.access.win32_status": "0", - "input.type": "log", - "offset": 1204, - "prospector.type": "log" + "@timestamp": "2018-01-01T10:11:12.000Z", + "fileset.module": "iis", + "fileset.name": "access", + "iis.access.body_received.bytes": "456", + "iis.access.body_sent.bytes": "123", + "iis.access.cookie": "-", + "iis.access.geoip.city_name": "Berlin", + "iis.access.geoip.continent_name": "Europe", + "iis.access.geoip.country_iso_code": "DE", + "iis.access.geoip.location.lat": 52.4908, + "iis.access.geoip.location.lon": 13.3275, + "iis.access.geoip.region_iso_code": "DE-BE", + "iis.access.geoip.region_name": "Land Berlin", + "iis.access.hostname": "example.com", + "iis.access.http_version": "1.1", + "iis.access.method": "GET", + "iis.access.port": "80", + "iis.access.query_string": "-", + "iis.access.referrer": "-", + "iis.access.remote_ip": "85.181.35.98", + "iis.access.request_time_ms": "789", + "iis.access.response_code": "200", + "iis.access.server_ip": "127.0.0.1", + "iis.access.server_name": "MACHINE-NAME", + "iis.access.site_name": "W3SVC1", + "iis.access.sub_status": "0", + "iis.access.url": "/", + "iis.access.user_agent.device": "Other", + "iis.access.user_agent.major": "57", + "iis.access.user_agent.minor": "0", + "iis.access.user_agent.name": "Firefox", + "iis.access.user_agent.original": "Mozilla/5.0+(Windows+NT+6.1;+Win64;+x64;+rv:57.0)+Gecko/20100101+Firefox/57.0", + "iis.access.user_agent.os": "Windows", + "iis.access.user_agent.os_name": "Windows", + "iis.access.user_name": "-", + "iis.access.win32_status": "0", + "input.type": "log", + "offset": 1204 } -] \ No newline at end of file +] diff --git a/filebeat/module/iis/error/test/test.log-expected.json b/filebeat/module/iis/error/test/test.log-expected.json index ad14babac556..bd41a0815b75 100644 --- a/filebeat/module/iis/error/test/test.log-expected.json +++ b/filebeat/module/iis/error/test/test.log-expected.json @@ -1,91 +1,87 @@ [ { - "@timestamp": "2018-01-01T08:09:10.000Z", - "fileset.module": "iis", - "fileset.name": "error", - "iis.error.http_version": "1.1", - "iis.error.method": "GET", - "iis.error.queue_name": "-", - "iis.error.reason_phrase": "ConnLimit", - "iis.error.remote_ip": "172.31.77.6", - "iis.error.remote_port": "2094", - "iis.error.response_code": "503", - "iis.error.server_ip": "172.31.77.6", - "iis.error.server_port": "80", - "iis.error.url": "/qos/1kbfile.txt", - "input.type": "log", - "offset": 186, - "prospector.type": "log" - }, + "@timestamp": "2018-01-01T08:09:10.000Z", + "fileset.module": "iis", + "fileset.name": "error", + "iis.error.http_version": "1.1", + "iis.error.method": "GET", + "iis.error.queue_name": "-", + "iis.error.reason_phrase": "ConnLimit", + "iis.error.remote_ip": "172.31.77.6", + "iis.error.remote_port": "2094", + "iis.error.response_code": "503", + "iis.error.server_ip": "172.31.77.6", + "iis.error.server_port": "80", + "iis.error.url": "/qos/1kbfile.txt", + "input.type": "log", + "offset": 186 + }, { - "@timestamp": "2018-01-01T09:10:11.000Z", - "fileset.module": "iis", - "fileset.name": "error", - "iis.error.geoip.city_name": "Berlin", - "iis.error.geoip.continent_name": "Europe", - "iis.error.geoip.country_iso_code": "DE", - "iis.error.geoip.location.lat": 52.4908, - "iis.error.geoip.location.lon": 13.3275, - "iis.error.geoip.region_iso_code": "DE-BE", - "iis.error.geoip.region_name": "Land Berlin", - "iis.error.http_version": "1.1", - "iis.error.method": "GET", - "iis.error.queue_name": "-", - "iis.error.reason_phrase": "Hostname", - "iis.error.remote_ip": "85.181.35.98", - "iis.error.remote_port": "2780", - "iis.error.response_code": "400", - "iis.error.server_ip": "127.0.0.1", - "iis.error.server_port": "80", - "iis.error.url": "/ThisIsMyUrl.htm", - "input.type": "log", - "offset": 286, - "prospector.type": "log" - }, + "@timestamp": "2018-01-01T09:10:11.000Z", + "fileset.module": "iis", + "fileset.name": "error", + "iis.error.geoip.city_name": "Berlin", + "iis.error.geoip.continent_name": "Europe", + "iis.error.geoip.country_iso_code": "DE", + "iis.error.geoip.location.lat": 52.4908, + "iis.error.geoip.location.lon": 13.3275, + "iis.error.geoip.region_iso_code": "DE-BE", + "iis.error.geoip.region_name": "Land Berlin", + "iis.error.http_version": "1.1", + "iis.error.method": "GET", + "iis.error.queue_name": "-", + "iis.error.reason_phrase": "Hostname", + "iis.error.remote_ip": "85.181.35.98", + "iis.error.remote_port": "2780", + "iis.error.response_code": "400", + "iis.error.server_ip": "127.0.0.1", + "iis.error.server_port": "80", + "iis.error.url": "/ThisIsMyUrl.htm", + "input.type": "log", + "offset": 286 + }, { - "@timestamp": "2018-01-01T10:11:12.000Z", - "fileset.module": "iis", - "fileset.name": "error", - "iis.error.geoip.city_name": "Berlin", - "iis.error.geoip.continent_name": "Europe", - "iis.error.geoip.country_iso_code": "DE", - "iis.error.geoip.location.lat": 52.4908, - "iis.error.geoip.location.lon": 13.3275, - "iis.error.geoip.region_iso_code": "DE-BE", - "iis.error.geoip.region_name": "Land Berlin", - "iis.error.http_version": "2.0", - "iis.error.method": "GET", - "iis.error.queue_name": "-", - "iis.error.reason_phrase": "Version_N/S", - "iis.error.remote_ip": "85.181.35.98", - "iis.error.remote_port": "2894", - "iis.error.response_code": "505", - "iis.error.server_ip": "127.0.0.1", - "iis.error.server_port": "80", - "iis.error.url": "/", - "input.type": "log", - "offset": 384, - "prospector.type": "log" - }, + "@timestamp": "2018-01-01T10:11:12.000Z", + "fileset.module": "iis", + "fileset.name": "error", + "iis.error.geoip.city_name": "Berlin", + "iis.error.geoip.continent_name": "Europe", + "iis.error.geoip.country_iso_code": "DE", + "iis.error.geoip.location.lat": 52.4908, + "iis.error.geoip.location.lon": 13.3275, + "iis.error.geoip.region_iso_code": "DE-BE", + "iis.error.geoip.region_name": "Land Berlin", + "iis.error.http_version": "2.0", + "iis.error.method": "GET", + "iis.error.queue_name": "-", + "iis.error.reason_phrase": "Version_N/S", + "iis.error.remote_ip": "85.181.35.98", + "iis.error.remote_port": "2894", + "iis.error.response_code": "505", + "iis.error.server_ip": "127.0.0.1", + "iis.error.server_port": "80", + "iis.error.url": "/", + "input.type": "log", + "offset": 384 + }, { - "@timestamp": "2018-01-01T11:12:13.000Z", - "fileset.module": "iis", - "fileset.name": "error", - "iis.error.geoip.city_name": "Berlin", - "iis.error.geoip.continent_name": "Europe", - "iis.error.geoip.country_iso_code": "DE", - "iis.error.geoip.location.lat": 52.4908, - "iis.error.geoip.location.lon": 13.3275, - "iis.error.geoip.region_iso_code": "DE-BE", - "iis.error.geoip.region_name": "Land Berlin", - "iis.error.queue_name": "-", - "iis.error.reason_phrase": "Timer_MinBytesPerSecond", - "iis.error.remote_ip": "85.181.35.98", - "iis.error.remote_port": "64388", - "iis.error.server_ip": "127.0.0.1", - "iis.error.server_port": "80", - "input.type": "log", - "offset": 470, - "prospector.type": "log" + "@timestamp": "2018-01-01T11:12:13.000Z", + "fileset.module": "iis", + "fileset.name": "error", + "iis.error.geoip.city_name": "Berlin", + "iis.error.geoip.continent_name": "Europe", + "iis.error.geoip.country_iso_code": "DE", + "iis.error.geoip.location.lat": 52.4908, + "iis.error.geoip.location.lon": 13.3275, + "iis.error.geoip.region_iso_code": "DE-BE", + "iis.error.geoip.region_name": "Land Berlin", + "iis.error.queue_name": "-", + "iis.error.reason_phrase": "Timer_MinBytesPerSecond", + "iis.error.remote_ip": "85.181.35.98", + "iis.error.remote_port": "64388", + "iis.error.server_ip": "127.0.0.1", + "iis.error.server_port": "80", + "input.type": "log", + "offset": 470 } -] \ No newline at end of file +] diff --git a/filebeat/module/kafka/log/test/controller.log-expected.json b/filebeat/module/kafka/log/test/controller.log-expected.json index 698fde1e230e..52e59a07ff34 100644 --- a/filebeat/module/kafka/log/test/controller.log-expected.json +++ b/filebeat/module/kafka/log/test/controller.log-expected.json @@ -1,262 +1,242 @@ [ { - "@timestamp": "2017-08-04T10:48:21.048Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.ControllerEventManager$ControllerEventThread", - "kafka.log.component": "controller-event-thread", - "kafka.log.level": "INFO", - "kafka.log.message": "Starting", - "message": "[2017-08-04 10:48:21,048] INFO [controller-event-thread]: Starting (kafka.controller.ControllerEventManager$ControllerEventThread)", - "offset": 0, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T10:48:21.063Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.KafkaController", - "kafka.log.component": "Controller 0", - "kafka.log.level": "INFO", - "kafka.log.message": "0 successfully elected as the controller", - "message": "[2017-08-04 10:48:21,063] INFO [Controller 0]: 0 successfully elected as the controller (kafka.controller.KafkaController)", - "offset": 131, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T10:48:21.064Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.KafkaController", - "kafka.log.component": "Controller 0", - "kafka.log.level": "INFO", - "kafka.log.message": "Broker 0 starting become controller state transition", - "message": "[2017-08-04 10:48:21,064] INFO [Controller 0]: Broker 0 starting become controller state transition (kafka.controller.KafkaController)", - "offset": 254, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T10:48:21.082Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.KafkaController", - "kafka.log.component": "Controller 0", - "kafka.log.level": "INFO", - "kafka.log.message": "Controller 0 incremented epoch to 1", - "message": "[2017-08-04 10:48:21,082] INFO [Controller 0]: Controller 0 incremented epoch to 1 (kafka.controller.KafkaController)", - "offset": 389, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T10:48:21.085Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.KafkaController", - "kafka.log.component": "Controller 0", - "kafka.log.level": "DEBUG", - "kafka.log.message": "Registering IsrChangeNotificationListener", - "message": "[2017-08-04 10:48:21,085] DEBUG [Controller 0]: Registering IsrChangeNotificationListener (kafka.controller.KafkaController)", - "offset": 507, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T10:48:21.154Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.ReplicaStateMachine", - "kafka.log.component": "Replica state machine on controller 0", - "kafka.log.level": "INFO", - "kafka.log.message": "Started replica state machine with initial state -> Map()", - "message": "[2017-08-04 10:48:21,154] INFO [Replica state machine on controller 0]: Started replica state machine with initial state -> Map() (kafka.controller.ReplicaStateMachine)", - "offset": 632, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T10:48:21.156Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.PartitionStateMachine", - "kafka.log.component": "Partition state machine on Controller 0", - "kafka.log.level": "INFO", - "kafka.log.message": "Started partition state machine with initial state -> Map()", - "message": "[2017-08-04 10:48:21,156] INFO [Partition state machine on Controller 0]: Started partition state machine with initial state -> Map() (kafka.controller.PartitionStateMachine)", - "offset": 801, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T10:48:21.157Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.KafkaController", - "kafka.log.component": "Controller 0", - "kafka.log.level": "INFO", - "kafka.log.message": "Broker 0 is ready to serve as the new controller with epoch 1", - "message": "[2017-08-04 10:48:21,157] INFO [Controller 0]: Broker 0 is ready to serve as the new controller with epoch 1 (kafka.controller.KafkaController)", - "offset": 976, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T10:48:21.165Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.PartitionStateMachine", - "kafka.log.component": "Partition state machine on Controller 0", - "kafka.log.level": "INFO", - "kafka.log.message": "Invoking state change to OnlinePartition for partitions ", - "message": "[2017-08-04 10:48:21,165] INFO [Partition state machine on Controller 0]: Invoking state change to OnlinePartition for partitions (kafka.controller.PartitionStateMachine)", - "offset": 1120, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T11:44:22.588Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.KafkaController", - "kafka.log.component": "Controller 0", - "kafka.log.level": "DEBUG", - "kafka.log.message": "Live brokers: ", - "message": "[2017-08-04 11:44:22,588] DEBUG [Controller 0]: Live brokers: (kafka.controller.KafkaController)", - "offset": 1292, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T11:44:25.094Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.ControllerEventManager$ControllerEventThread", - "kafka.log.component": "controller-event-thread", - "kafka.log.level": "INFO", - "kafka.log.message": "Shutting down", - "message": "[2017-08-04 11:44:25,094] INFO [controller-event-thread]: Shutting down (kafka.controller.ControllerEventManager$ControllerEventThread)", - "offset": 1390, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T11:44:25.095Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.ControllerEventManager$ControllerEventThread", - "kafka.log.component": "controller-event-thread", - "kafka.log.level": "INFO", - "kafka.log.message": "Stopped", - "message": "[2017-08-04 11:44:25,095] INFO [controller-event-thread]: Stopped (kafka.controller.ControllerEventManager$ControllerEventThread)", - "offset": 1526, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T11:44:25.097Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.ControllerEventManager$ControllerEventThread", - "kafka.log.component": "controller-event-thread", - "kafka.log.level": "INFO", - "kafka.log.message": "Shutdown completed", - "message": "[2017-08-04 11:44:25,097] INFO [controller-event-thread]: Shutdown completed (kafka.controller.ControllerEventManager$ControllerEventThread)", - "offset": 1656, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T11:44:25.099Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.KafkaController", - "kafka.log.component": "Controller 0", - "kafka.log.level": "DEBUG", - "kafka.log.message": "Controller resigning, broker id 0", - "message": "[2017-08-04 11:44:25,099] DEBUG [Controller 0]: Controller resigning, broker id 0 (kafka.controller.KafkaController)", - "offset": 1797, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T11:44:25.100Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.KafkaController", - "kafka.log.component": "Controller 0", - "kafka.log.level": "DEBUG", - "kafka.log.message": "De-registering IsrChangeNotificationListener", - "message": "[2017-08-04 11:44:25,100] DEBUG [Controller 0]: De-registering IsrChangeNotificationListener (kafka.controller.KafkaController)", - "offset": 1914, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T11:44:25.105Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.PartitionStateMachine", - "kafka.log.component": "Partition state machine on Controller 0", - "kafka.log.level": "INFO", - "kafka.log.message": "Stopped partition state machine", - "message": "[2017-08-04 11:44:25,105] INFO [Partition state machine on Controller 0]: Stopped partition state machine (kafka.controller.PartitionStateMachine)", - "offset": 2042, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T11:44:25.111Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.ReplicaStateMachine", - "kafka.log.component": "Replica state machine on controller 0", - "kafka.log.level": "INFO", - "kafka.log.message": "Stopped replica state machine", - "message": "[2017-08-04 11:44:25,111] INFO [Replica state machine on controller 0]: Stopped replica state machine (kafka.controller.ReplicaStateMachine)", - "offset": 2189, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T11:44:25.112Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.RequestSendThread", - "kafka.log.component": "Controller-0-to-broker-0-send-thread", - "kafka.log.level": "INFO", - "kafka.log.message": "Shutting down", - "message": "[2017-08-04 11:44:25,112] INFO [Controller-0-to-broker-0-send-thread]: Shutting down (kafka.controller.RequestSendThread)", - "offset": 2330, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T11:44:25.112Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.RequestSendThread", - "kafka.log.component": "Controller-0-to-broker-0-send-thread", - "kafka.log.level": "INFO", - "kafka.log.message": "Stopped", - "message": "[2017-08-04 11:44:25,112] INFO [Controller-0-to-broker-0-send-thread]: Stopped (kafka.controller.RequestSendThread)", - "offset": 2452, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T11:44:25.113Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.RequestSendThread", - "kafka.log.component": "Controller-0-to-broker-0-send-thread", - "kafka.log.level": "INFO", - "kafka.log.message": "Shutdown completed", - "message": "[2017-08-04 11:44:25,113] INFO [Controller-0-to-broker-0-send-thread]: Shutdown completed (kafka.controller.RequestSendThread)", - "offset": 2568, - "prospector.type": "log" + "@timestamp": "2017-08-04T10:48:21.048Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.ControllerEventManager$ControllerEventThread", + "kafka.log.component": "controller-event-thread", + "kafka.log.level": "INFO", + "kafka.log.message": "Starting", + "message": "[2017-08-04 10:48:21,048] INFO [controller-event-thread]: Starting (kafka.controller.ControllerEventManager$ControllerEventThread)", + "offset": 0 + }, + { + "@timestamp": "2017-08-04T10:48:21.063Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.KafkaController", + "kafka.log.component": "Controller 0", + "kafka.log.level": "INFO", + "kafka.log.message": "0 successfully elected as the controller", + "message": "[2017-08-04 10:48:21,063] INFO [Controller 0]: 0 successfully elected as the controller (kafka.controller.KafkaController)", + "offset": 131 + }, + { + "@timestamp": "2017-08-04T10:48:21.064Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.KafkaController", + "kafka.log.component": "Controller 0", + "kafka.log.level": "INFO", + "kafka.log.message": "Broker 0 starting become controller state transition", + "message": "[2017-08-04 10:48:21,064] INFO [Controller 0]: Broker 0 starting become controller state transition (kafka.controller.KafkaController)", + "offset": 254 + }, + { + "@timestamp": "2017-08-04T10:48:21.082Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.KafkaController", + "kafka.log.component": "Controller 0", + "kafka.log.level": "INFO", + "kafka.log.message": "Controller 0 incremented epoch to 1", + "message": "[2017-08-04 10:48:21,082] INFO [Controller 0]: Controller 0 incremented epoch to 1 (kafka.controller.KafkaController)", + "offset": 389 + }, + { + "@timestamp": "2017-08-04T10:48:21.085Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.KafkaController", + "kafka.log.component": "Controller 0", + "kafka.log.level": "DEBUG", + "kafka.log.message": "Registering IsrChangeNotificationListener", + "message": "[2017-08-04 10:48:21,085] DEBUG [Controller 0]: Registering IsrChangeNotificationListener (kafka.controller.KafkaController)", + "offset": 507 + }, + { + "@timestamp": "2017-08-04T10:48:21.154Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.ReplicaStateMachine", + "kafka.log.component": "Replica state machine on controller 0", + "kafka.log.level": "INFO", + "kafka.log.message": "Started replica state machine with initial state -> Map()", + "message": "[2017-08-04 10:48:21,154] INFO [Replica state machine on controller 0]: Started replica state machine with initial state -> Map() (kafka.controller.ReplicaStateMachine)", + "offset": 632 + }, + { + "@timestamp": "2017-08-04T10:48:21.156Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.PartitionStateMachine", + "kafka.log.component": "Partition state machine on Controller 0", + "kafka.log.level": "INFO", + "kafka.log.message": "Started partition state machine with initial state -> Map()", + "message": "[2017-08-04 10:48:21,156] INFO [Partition state machine on Controller 0]: Started partition state machine with initial state -> Map() (kafka.controller.PartitionStateMachine)", + "offset": 801 + }, + { + "@timestamp": "2017-08-04T10:48:21.157Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.KafkaController", + "kafka.log.component": "Controller 0", + "kafka.log.level": "INFO", + "kafka.log.message": "Broker 0 is ready to serve as the new controller with epoch 1", + "message": "[2017-08-04 10:48:21,157] INFO [Controller 0]: Broker 0 is ready to serve as the new controller with epoch 1 (kafka.controller.KafkaController)", + "offset": 976 + }, + { + "@timestamp": "2017-08-04T10:48:21.165Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.PartitionStateMachine", + "kafka.log.component": "Partition state machine on Controller 0", + "kafka.log.level": "INFO", + "kafka.log.message": "Invoking state change to OnlinePartition for partitions ", + "message": "[2017-08-04 10:48:21,165] INFO [Partition state machine on Controller 0]: Invoking state change to OnlinePartition for partitions (kafka.controller.PartitionStateMachine)", + "offset": 1120 + }, + { + "@timestamp": "2017-08-04T11:44:22.588Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.KafkaController", + "kafka.log.component": "Controller 0", + "kafka.log.level": "DEBUG", + "kafka.log.message": "Live brokers: ", + "message": "[2017-08-04 11:44:22,588] DEBUG [Controller 0]: Live brokers: (kafka.controller.KafkaController)", + "offset": 1292 + }, + { + "@timestamp": "2017-08-04T11:44:25.094Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.ControllerEventManager$ControllerEventThread", + "kafka.log.component": "controller-event-thread", + "kafka.log.level": "INFO", + "kafka.log.message": "Shutting down", + "message": "[2017-08-04 11:44:25,094] INFO [controller-event-thread]: Shutting down (kafka.controller.ControllerEventManager$ControllerEventThread)", + "offset": 1390 + }, + { + "@timestamp": "2017-08-04T11:44:25.095Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.ControllerEventManager$ControllerEventThread", + "kafka.log.component": "controller-event-thread", + "kafka.log.level": "INFO", + "kafka.log.message": "Stopped", + "message": "[2017-08-04 11:44:25,095] INFO [controller-event-thread]: Stopped (kafka.controller.ControllerEventManager$ControllerEventThread)", + "offset": 1526 + }, + { + "@timestamp": "2017-08-04T11:44:25.097Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.ControllerEventManager$ControllerEventThread", + "kafka.log.component": "controller-event-thread", + "kafka.log.level": "INFO", + "kafka.log.message": "Shutdown completed", + "message": "[2017-08-04 11:44:25,097] INFO [controller-event-thread]: Shutdown completed (kafka.controller.ControllerEventManager$ControllerEventThread)", + "offset": 1656 + }, + { + "@timestamp": "2017-08-04T11:44:25.099Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.KafkaController", + "kafka.log.component": "Controller 0", + "kafka.log.level": "DEBUG", + "kafka.log.message": "Controller resigning, broker id 0", + "message": "[2017-08-04 11:44:25,099] DEBUG [Controller 0]: Controller resigning, broker id 0 (kafka.controller.KafkaController)", + "offset": 1797 + }, + { + "@timestamp": "2017-08-04T11:44:25.100Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.KafkaController", + "kafka.log.component": "Controller 0", + "kafka.log.level": "DEBUG", + "kafka.log.message": "De-registering IsrChangeNotificationListener", + "message": "[2017-08-04 11:44:25,100] DEBUG [Controller 0]: De-registering IsrChangeNotificationListener (kafka.controller.KafkaController)", + "offset": 1914 + }, + { + "@timestamp": "2017-08-04T11:44:25.105Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.PartitionStateMachine", + "kafka.log.component": "Partition state machine on Controller 0", + "kafka.log.level": "INFO", + "kafka.log.message": "Stopped partition state machine", + "message": "[2017-08-04 11:44:25,105] INFO [Partition state machine on Controller 0]: Stopped partition state machine (kafka.controller.PartitionStateMachine)", + "offset": 2042 + }, + { + "@timestamp": "2017-08-04T11:44:25.111Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.ReplicaStateMachine", + "kafka.log.component": "Replica state machine on controller 0", + "kafka.log.level": "INFO", + "kafka.log.message": "Stopped replica state machine", + "message": "[2017-08-04 11:44:25,111] INFO [Replica state machine on controller 0]: Stopped replica state machine (kafka.controller.ReplicaStateMachine)", + "offset": 2189 + }, + { + "@timestamp": "2017-08-04T11:44:25.112Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.RequestSendThread", + "kafka.log.component": "Controller-0-to-broker-0-send-thread", + "kafka.log.level": "INFO", + "kafka.log.message": "Shutting down", + "message": "[2017-08-04 11:44:25,112] INFO [Controller-0-to-broker-0-send-thread]: Shutting down (kafka.controller.RequestSendThread)", + "offset": 2330 + }, + { + "@timestamp": "2017-08-04T11:44:25.112Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.RequestSendThread", + "kafka.log.component": "Controller-0-to-broker-0-send-thread", + "kafka.log.level": "INFO", + "kafka.log.message": "Stopped", + "message": "[2017-08-04 11:44:25,112] INFO [Controller-0-to-broker-0-send-thread]: Stopped (kafka.controller.RequestSendThread)", + "offset": 2452 + }, + { + "@timestamp": "2017-08-04T11:44:25.113Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.RequestSendThread", + "kafka.log.component": "Controller-0-to-broker-0-send-thread", + "kafka.log.level": "INFO", + "kafka.log.message": "Shutdown completed", + "message": "[2017-08-04 11:44:25,113] INFO [Controller-0-to-broker-0-send-thread]: Shutdown completed (kafka.controller.RequestSendThread)", + "offset": 2568 } -] \ No newline at end of file +] diff --git a/filebeat/module/kafka/log/test/server.log-expected.json b/filebeat/module/kafka/log/test/server.log-expected.json index 15b904ad3437..a9d711eecca5 100644 --- a/filebeat/module/kafka/log/test/server.log-expected.json +++ b/filebeat/module/kafka/log/test/server.log-expected.json @@ -1,262 +1,242 @@ [ { - "@timestamp": "2017-08-04T10:48:20.377Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.server.KafkaServer", - "kafka.log.component": "unknown", - "kafka.log.level": "INFO", - "kafka.log.message": "starting", - "message": "[2017-08-04 10:48:20,377] INFO starting (kafka.server.KafkaServer)", - "offset": 0, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T10:48:20.379Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.server.KafkaServer", - "kafka.log.component": "unknown", - "kafka.log.level": "INFO", - "kafka.log.message": "Connecting to zookeeper on localhost:2181", - "message": "[2017-08-04 10:48:20,379] INFO Connecting to zookeeper on localhost:2181 (kafka.server.KafkaServer)", - "offset": 67, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T10:48:20.400Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "org.apache.zookeeper.ZooKeeper", - "kafka.log.component": "unknown", - "kafka.log.level": "INFO", - "kafka.log.message": "Client environment:java.io.tmpdir=/tmp", - "message": "[2017-08-04 10:48:20,400] INFO Client environment:java.io.tmpdir=/tmp (org.apache.zookeeper.ZooKeeper)", - "offset": 167, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T10:48:20.400Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "org.apache.zookeeper.ZooKeeper", - "kafka.log.component": "unknown", - "kafka.log.level": "INFO", - "kafka.log.message": "Client environment:java.compiler=", - "message": "[2017-08-04 10:48:20,400] INFO Client environment:java.compiler= (org.apache.zookeeper.ZooKeeper)", - "offset": 270, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T10:48:20.401Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "org.apache.zookeeper.ZooKeeper", - "kafka.log.component": "unknown", - "kafka.log.level": "INFO", - "kafka.log.message": "Initiating client connection, connectString=localhost:2181 sessionTimeout=6000 watcher=org.I0Itec.zkclient.ZkClient@5ffead27", - "message": "[2017-08-04 10:48:20,401] INFO Initiating client connection, connectString=localhost:2181 sessionTimeout=6000 watcher=org.I0Itec.zkclient.ZkClient@5ffead27 (org.apache.zookeeper.ZooKeeper)", - "offset": 372, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T10:48:20.413Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "org.I0Itec.zkclient.ZkClient", - "kafka.log.component": "unknown", - "kafka.log.level": "INFO", - "kafka.log.message": "Waiting for keeper state SyncConnected", - "message": "[2017-08-04 10:48:20,413] INFO Waiting for keeper state SyncConnected (org.I0Itec.zkclient.ZkClient)", - "offset": 561, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T10:48:20.415Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "org.apache.zookeeper.ClientCnxn", - "kafka.log.component": "unknown", - "kafka.log.level": "INFO", - "kafka.log.message": "Opening socket connection to server localhost/0:0:0:0:0:0:0:1:2181. Will not attempt to authenticate using SASL (unknown error)", - "message": "[2017-08-04 10:48:20,415] INFO Opening socket connection to server localhost/0:0:0:0:0:0:0:1:2181. Will not attempt to authenticate using SASL (unknown error) (org.apache.zookeeper.ClientCnxn)", - "offset": 662, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T10:48:20.420Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "org.apache.zookeeper.ClientCnxn", - "kafka.log.component": "unknown", - "kafka.log.level": "INFO", - "kafka.log.message": "Socket connection established to localhost/0:0:0:0:0:0:0:1:2181, initiating session", - "message": "[2017-08-04 10:48:20,420] INFO Socket connection established to localhost/0:0:0:0:0:0:0:1:2181, initiating session (org.apache.zookeeper.ClientCnxn)", - "offset": 855, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T10:48:20.457Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "org.apache.zookeeper.ClientCnxn", - "kafka.log.component": "unknown", - "kafka.log.level": "INFO", - "kafka.log.message": "Session establishment complete on server localhost/0:0:0:0:0:0:0:1:2181, sessionid = 0x15dabf8d4140000, negotiated timeout = 6000", - "message": "[2017-08-04 10:48:20,457] INFO Session establishment complete on server localhost/0:0:0:0:0:0:0:1:2181, sessionid = 0x15dabf8d4140000, negotiated timeout = 6000 (org.apache.zookeeper.ClientCnxn)", - "offset": 1004, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T10:48:20.458Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "org.I0Itec.zkclient.ZkClient", - "kafka.log.component": "unknown", - "kafka.log.level": "INFO", - "kafka.log.message": "zookeeper state changed (SyncConnected)", - "message": "[2017-08-04 10:48:20,458] INFO zookeeper state changed (SyncConnected) (org.I0Itec.zkclient.ZkClient)", - "offset": 1199, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T10:48:20.748Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.server.BrokerMetadataCheckpoint", - "kafka.log.component": "unknown", - "kafka.log.level": "WARN", - "kafka.log.message": "No meta.properties file under dir /tmp/kafka-logs/meta.properties", - "message": "[2017-08-04 10:48:20,748] WARN No meta.properties file under dir /tmp/kafka-logs/meta.properties (kafka.server.BrokerMetadataCheckpoint)", - "offset": 1301, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T10:48:20.800Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.server.ClientQuotaManager$ThrottledRequestReaper", - "kafka.log.component": "ThrottledRequestReaper-Fetch", - "kafka.log.level": "INFO", - "kafka.log.message": "Starting", - "message": "[2017-08-04 10:48:20,800] INFO [ThrottledRequestReaper-Fetch]: Starting (kafka.server.ClientQuotaManager$ThrottledRequestReaper)", - "offset": 1438, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T10:48:20.866Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.log.LogManager", - "kafka.log.component": "unknown", - "kafka.log.level": "INFO", - "kafka.log.message": "Log directory '/tmp/kafka-logs' not found, creating it.", - "message": "[2017-08-04 10:48:20,866] INFO Log directory '/tmp/kafka-logs' not found, creating it. (kafka.log.LogManager)", - "offset": 1567, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T10:48:20.873Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.log.LogManager", - "kafka.log.component": "unknown", - "kafka.log.level": "INFO", - "kafka.log.message": "Loading logs.", - "message": "[2017-08-04 10:48:20,873] INFO Loading logs. (kafka.log.LogManager)", - "offset": 1677, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T10:48:21.062Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper", - "kafka.log.component": "ExpirationReaper-0-Heartbeat", - "kafka.log.level": "INFO", - "kafka.log.message": "Starting", - "message": "[2017-08-04 10:48:21,062] INFO [ExpirationReaper-0-Heartbeat]: Starting (kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper)", - "offset": 1745, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T10:48:21.063Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.utils.ZKCheckedEphemeral", - "kafka.log.component": "unknown", - "kafka.log.level": "INFO", - "kafka.log.message": "Result of znode creation is: OK", - "message": "[2017-08-04 10:48:21,063] INFO Result of znode creation is: OK (kafka.utils.ZKCheckedEphemeral)", - "offset": 1881, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T10:48:21.095Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.coordinator.group.GroupMetadataManager", - "kafka.log.component": "Group Metadata Manager on Broker 0", - "kafka.log.level": "INFO", - "kafka.log.message": "Removed 0 expired offsets in 1 milliseconds.", - "message": "[2017-08-04 10:48:21,095] INFO [Group Metadata Manager on Broker 0]: Removed 0 expired offsets in 1 milliseconds. (kafka.coordinator.group.GroupMetadataManager)", - "offset": 1977, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T10:48:21.127Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.coordinator.transaction.ProducerIdManager", - "kafka.log.component": "ProducerId Manager 0", - "kafka.log.level": "INFO", - "kafka.log.message": "Acquired new producerId block (brokerId:0,blockStartProducerId:0,blockEndProducerId:999) by writing to Zk with path version 1", - "message": "[2017-08-04 10:48:21,127] INFO [ProducerId Manager 0]: Acquired new producerId block (brokerId:0,blockStartProducerId:0,blockEndProducerId:999) by writing to Zk with path version 1 (kafka.coordinator.transaction.ProducerIdManager)", - "offset": 2138, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T10:48:21.162Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.coordinator.transaction.TransactionCoordinator", - "kafka.log.component": "Transaction Coordinator 0", - "kafka.log.level": "INFO", - "kafka.log.message": "Starting up.", - "message": "[2017-08-04 10:48:21,162] INFO [Transaction Coordinator 0]: Starting up. (kafka.coordinator.transaction.TransactionCoordinator)", - "offset": 2369, - "prospector.type": "log" - }, - { - "@timestamp": "2017-08-04T10:48:21.167Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.coordinator.transaction.TransactionMarkerChannelManager", - "kafka.log.component": "Transaction Marker Channel Manager 0", - "kafka.log.level": "INFO", - "kafka.log.message": "Starting", - "message": "[2017-08-04 10:48:21,167] INFO [Transaction Marker Channel Manager 0]: Starting (kafka.coordinator.transaction.TransactionMarkerChannelManager)", - "offset": 2497, - "prospector.type": "log" + "@timestamp": "2017-08-04T10:48:20.377Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.server.KafkaServer", + "kafka.log.component": "unknown", + "kafka.log.level": "INFO", + "kafka.log.message": "starting", + "message": "[2017-08-04 10:48:20,377] INFO starting (kafka.server.KafkaServer)", + "offset": 0 + }, + { + "@timestamp": "2017-08-04T10:48:20.379Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.server.KafkaServer", + "kafka.log.component": "unknown", + "kafka.log.level": "INFO", + "kafka.log.message": "Connecting to zookeeper on localhost:2181", + "message": "[2017-08-04 10:48:20,379] INFO Connecting to zookeeper on localhost:2181 (kafka.server.KafkaServer)", + "offset": 67 + }, + { + "@timestamp": "2017-08-04T10:48:20.400Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "org.apache.zookeeper.ZooKeeper", + "kafka.log.component": "unknown", + "kafka.log.level": "INFO", + "kafka.log.message": "Client environment:java.io.tmpdir=/tmp", + "message": "[2017-08-04 10:48:20,400] INFO Client environment:java.io.tmpdir=/tmp (org.apache.zookeeper.ZooKeeper)", + "offset": 167 + }, + { + "@timestamp": "2017-08-04T10:48:20.400Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "org.apache.zookeeper.ZooKeeper", + "kafka.log.component": "unknown", + "kafka.log.level": "INFO", + "kafka.log.message": "Client environment:java.compiler=", + "message": "[2017-08-04 10:48:20,400] INFO Client environment:java.compiler= (org.apache.zookeeper.ZooKeeper)", + "offset": 270 + }, + { + "@timestamp": "2017-08-04T10:48:20.401Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "org.apache.zookeeper.ZooKeeper", + "kafka.log.component": "unknown", + "kafka.log.level": "INFO", + "kafka.log.message": "Initiating client connection, connectString=localhost:2181 sessionTimeout=6000 watcher=org.I0Itec.zkclient.ZkClient@5ffead27", + "message": "[2017-08-04 10:48:20,401] INFO Initiating client connection, connectString=localhost:2181 sessionTimeout=6000 watcher=org.I0Itec.zkclient.ZkClient@5ffead27 (org.apache.zookeeper.ZooKeeper)", + "offset": 372 + }, + { + "@timestamp": "2017-08-04T10:48:20.413Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "org.I0Itec.zkclient.ZkClient", + "kafka.log.component": "unknown", + "kafka.log.level": "INFO", + "kafka.log.message": "Waiting for keeper state SyncConnected", + "message": "[2017-08-04 10:48:20,413] INFO Waiting for keeper state SyncConnected (org.I0Itec.zkclient.ZkClient)", + "offset": 561 + }, + { + "@timestamp": "2017-08-04T10:48:20.415Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "org.apache.zookeeper.ClientCnxn", + "kafka.log.component": "unknown", + "kafka.log.level": "INFO", + "kafka.log.message": "Opening socket connection to server localhost/0:0:0:0:0:0:0:1:2181. Will not attempt to authenticate using SASL (unknown error)", + "message": "[2017-08-04 10:48:20,415] INFO Opening socket connection to server localhost/0:0:0:0:0:0:0:1:2181. Will not attempt to authenticate using SASL (unknown error) (org.apache.zookeeper.ClientCnxn)", + "offset": 662 + }, + { + "@timestamp": "2017-08-04T10:48:20.420Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "org.apache.zookeeper.ClientCnxn", + "kafka.log.component": "unknown", + "kafka.log.level": "INFO", + "kafka.log.message": "Socket connection established to localhost/0:0:0:0:0:0:0:1:2181, initiating session", + "message": "[2017-08-04 10:48:20,420] INFO Socket connection established to localhost/0:0:0:0:0:0:0:1:2181, initiating session (org.apache.zookeeper.ClientCnxn)", + "offset": 855 + }, + { + "@timestamp": "2017-08-04T10:48:20.457Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "org.apache.zookeeper.ClientCnxn", + "kafka.log.component": "unknown", + "kafka.log.level": "INFO", + "kafka.log.message": "Session establishment complete on server localhost/0:0:0:0:0:0:0:1:2181, sessionid = 0x15dabf8d4140000, negotiated timeout = 6000", + "message": "[2017-08-04 10:48:20,457] INFO Session establishment complete on server localhost/0:0:0:0:0:0:0:1:2181, sessionid = 0x15dabf8d4140000, negotiated timeout = 6000 (org.apache.zookeeper.ClientCnxn)", + "offset": 1004 + }, + { + "@timestamp": "2017-08-04T10:48:20.458Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "org.I0Itec.zkclient.ZkClient", + "kafka.log.component": "unknown", + "kafka.log.level": "INFO", + "kafka.log.message": "zookeeper state changed (SyncConnected)", + "message": "[2017-08-04 10:48:20,458] INFO zookeeper state changed (SyncConnected) (org.I0Itec.zkclient.ZkClient)", + "offset": 1199 + }, + { + "@timestamp": "2017-08-04T10:48:20.748Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.server.BrokerMetadataCheckpoint", + "kafka.log.component": "unknown", + "kafka.log.level": "WARN", + "kafka.log.message": "No meta.properties file under dir /tmp/kafka-logs/meta.properties", + "message": "[2017-08-04 10:48:20,748] WARN No meta.properties file under dir /tmp/kafka-logs/meta.properties (kafka.server.BrokerMetadataCheckpoint)", + "offset": 1301 + }, + { + "@timestamp": "2017-08-04T10:48:20.800Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.server.ClientQuotaManager$ThrottledRequestReaper", + "kafka.log.component": "ThrottledRequestReaper-Fetch", + "kafka.log.level": "INFO", + "kafka.log.message": "Starting", + "message": "[2017-08-04 10:48:20,800] INFO [ThrottledRequestReaper-Fetch]: Starting (kafka.server.ClientQuotaManager$ThrottledRequestReaper)", + "offset": 1438 + }, + { + "@timestamp": "2017-08-04T10:48:20.866Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.log.LogManager", + "kafka.log.component": "unknown", + "kafka.log.level": "INFO", + "kafka.log.message": "Log directory '/tmp/kafka-logs' not found, creating it.", + "message": "[2017-08-04 10:48:20,866] INFO Log directory '/tmp/kafka-logs' not found, creating it. (kafka.log.LogManager)", + "offset": 1567 + }, + { + "@timestamp": "2017-08-04T10:48:20.873Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.log.LogManager", + "kafka.log.component": "unknown", + "kafka.log.level": "INFO", + "kafka.log.message": "Loading logs.", + "message": "[2017-08-04 10:48:20,873] INFO Loading logs. (kafka.log.LogManager)", + "offset": 1677 + }, + { + "@timestamp": "2017-08-04T10:48:21.062Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper", + "kafka.log.component": "ExpirationReaper-0-Heartbeat", + "kafka.log.level": "INFO", + "kafka.log.message": "Starting", + "message": "[2017-08-04 10:48:21,062] INFO [ExpirationReaper-0-Heartbeat]: Starting (kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper)", + "offset": 1745 + }, + { + "@timestamp": "2017-08-04T10:48:21.063Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.utils.ZKCheckedEphemeral", + "kafka.log.component": "unknown", + "kafka.log.level": "INFO", + "kafka.log.message": "Result of znode creation is: OK", + "message": "[2017-08-04 10:48:21,063] INFO Result of znode creation is: OK (kafka.utils.ZKCheckedEphemeral)", + "offset": 1881 + }, + { + "@timestamp": "2017-08-04T10:48:21.095Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.coordinator.group.GroupMetadataManager", + "kafka.log.component": "Group Metadata Manager on Broker 0", + "kafka.log.level": "INFO", + "kafka.log.message": "Removed 0 expired offsets in 1 milliseconds.", + "message": "[2017-08-04 10:48:21,095] INFO [Group Metadata Manager on Broker 0]: Removed 0 expired offsets in 1 milliseconds. (kafka.coordinator.group.GroupMetadataManager)", + "offset": 1977 + }, + { + "@timestamp": "2017-08-04T10:48:21.127Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.coordinator.transaction.ProducerIdManager", + "kafka.log.component": "ProducerId Manager 0", + "kafka.log.level": "INFO", + "kafka.log.message": "Acquired new producerId block (brokerId:0,blockStartProducerId:0,blockEndProducerId:999) by writing to Zk with path version 1", + "message": "[2017-08-04 10:48:21,127] INFO [ProducerId Manager 0]: Acquired new producerId block (brokerId:0,blockStartProducerId:0,blockEndProducerId:999) by writing to Zk with path version 1 (kafka.coordinator.transaction.ProducerIdManager)", + "offset": 2138 + }, + { + "@timestamp": "2017-08-04T10:48:21.162Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.coordinator.transaction.TransactionCoordinator", + "kafka.log.component": "Transaction Coordinator 0", + "kafka.log.level": "INFO", + "kafka.log.message": "Starting up.", + "message": "[2017-08-04 10:48:21,162] INFO [Transaction Coordinator 0]: Starting up. (kafka.coordinator.transaction.TransactionCoordinator)", + "offset": 2369 + }, + { + "@timestamp": "2017-08-04T10:48:21.167Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.coordinator.transaction.TransactionMarkerChannelManager", + "kafka.log.component": "Transaction Marker Channel Manager 0", + "kafka.log.level": "INFO", + "kafka.log.message": "Starting", + "message": "[2017-08-04 10:48:21,167] INFO [Transaction Marker Channel Manager 0]: Starting (kafka.coordinator.transaction.TransactionMarkerChannelManager)", + "offset": 2497 } -] \ No newline at end of file +] diff --git a/filebeat/module/kafka/log/test/state-change-1.1.0.log-expected.json b/filebeat/module/kafka/log/test/state-change-1.1.0.log-expected.json index be011b17d237..f87d9378c571 100644 --- a/filebeat/module/kafka/log/test/state-change-1.1.0.log-expected.json +++ b/filebeat/module/kafka/log/test/state-change-1.1.0.log-expected.json @@ -1,15 +1,14 @@ [ { - "@timestamp": "2018-07-16T10:17:06.489Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "state.change.logger", - "kafka.log.component": "Broker id=30", - "kafka.log.level": "TRACE", - "kafka.log.message": "Cached leader info PartitionState(controllerEpoch=25, leader=-1, leaderEpoch=15, isr=[10], zkVersion=15, replicas=[10], offlineReplicas=[10]) for partition __consumer_offsets-16 in response to UpdateMetadata request sent by controller 20 epoch 25 with correlation id 8", - "message": "[2018-07-16 10:17:06,489] TRACE [Broker id=30] Cached leader info PartitionState(controllerEpoch=25, leader=-1, leaderEpoch=15, isr=[10], zkVersion=15, replicas=[10], offlineReplicas=[10]) for partition __consumer_offsets-16 in response to UpdateMetadata request sent by controller 20 epoch 25 with correlation id 8 (state.change.logger)", - "offset": 0, - "prospector.type": "log" + "@timestamp": "2018-07-16T10:17:06.489Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "state.change.logger", + "kafka.log.component": "Broker id=30", + "kafka.log.level": "TRACE", + "kafka.log.message": "Cached leader info PartitionState(controllerEpoch=25, leader=-1, leaderEpoch=15, isr=[10], zkVersion=15, replicas=[10], offlineReplicas=[10]) for partition __consumer_offsets-16 in response to UpdateMetadata request sent by controller 20 epoch 25 with correlation id 8", + "message": "[2018-07-16 10:17:06,489] TRACE [Broker id=30] Cached leader info PartitionState(controllerEpoch=25, leader=-1, leaderEpoch=15, isr=[10], zkVersion=15, replicas=[10], offlineReplicas=[10]) for partition __consumer_offsets-16 in response to UpdateMetadata request sent by controller 20 epoch 25 with correlation id 8 (state.change.logger)", + "offset": 0 } -] \ No newline at end of file +] diff --git a/filebeat/module/kafka/log/test/state-change-2.0.0.log-expected.json b/filebeat/module/kafka/log/test/state-change-2.0.0.log-expected.json index 3cfb112c20e5..18311a4dd206 100644 --- a/filebeat/module/kafka/log/test/state-change-2.0.0.log-expected.json +++ b/filebeat/module/kafka/log/test/state-change-2.0.0.log-expected.json @@ -1,18 +1,17 @@ [ { - "@timestamp": "2018-10-31T15:09:30.451Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "state.change.logger", - "kafka.log.component": "Broker id=20", - "kafka.log.level": "TRACE", - "kafka.log.message": "Cached leader info PartitionState(controllerEpoch=5, leader=20, leaderEpoch=0, isr=[20], zkVersion=0, replicas=[20], offlineReplicas=[]) for partition foo-0 in response to UpdateMetadata request sent by controller 10 epoch 5 with correlation id 146", + "@timestamp": "2018-10-31T15:09:30.451Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "state.change.logger", + "kafka.log.component": "Broker id=20", + "kafka.log.level": "TRACE", + "kafka.log.message": "Cached leader info PartitionState(controllerEpoch=5, leader=20, leaderEpoch=0, isr=[20], zkVersion=0, replicas=[20], offlineReplicas=[]) for partition foo-0 in response to UpdateMetadata request sent by controller 10 epoch 5 with correlation id 146", "log.flags": [ "multiline" - ], - "message": "[2018-10-31 15:09:30,451] TRACE [Broker id=20] Cached leader info PartitionState(controllerEpoch=5, leader=20, leaderEpoch=0, isr=[20], zkVersion=0, replicas=[20], offlineReplicas=[]) for partition foo-0 in response to UpdateMetadata request sent by controller 10 epoch 5 with correlation id 146 (state.change.logger)\n", - "offset": 0, - "prospector.type": "log" + ], + "message": "[2018-10-31 15:09:30,451] TRACE [Broker id=20] Cached leader info PartitionState(controllerEpoch=5, leader=20, leaderEpoch=0, isr=[20], zkVersion=0, replicas=[20], offlineReplicas=[]) for partition foo-0 in response to UpdateMetadata request sent by controller 10 epoch 5 with correlation id 146 (state.change.logger)\n", + "offset": 0 } -] \ No newline at end of file +] diff --git a/filebeat/module/kafka/log/test/state-change.log-expected.json b/filebeat/module/kafka/log/test/state-change.log-expected.json index f6c4112aa1ae..b81ce0c62d85 100644 --- a/filebeat/module/kafka/log/test/state-change.log-expected.json +++ b/filebeat/module/kafka/log/test/state-change.log-expected.json @@ -1,15 +1,14 @@ [ { - "@timestamp": "2017-08-04T10:48:21.428Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "state.change.logger", - "kafka.log.component": "unknown", - "kafka.log.level": "TRACE", - "kafka.log.message": "Controller 0 epoch 1 received response {error_code=0} for a request sent to broker baldur:9092 (id: 0 rack: null)", - "message": "[2017-08-04 10:48:21,428] TRACE Controller 0 epoch 1 received response {error_code=0} for a request sent to broker baldur:9092 (id: 0 rack: null) (state.change.logger)", - "offset": 0, - "prospector.type": "log" + "@timestamp": "2017-08-04T10:48:21.428Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "state.change.logger", + "kafka.log.component": "unknown", + "kafka.log.level": "TRACE", + "kafka.log.message": "Controller 0 epoch 1 received response {error_code=0} for a request sent to broker baldur:9092 (id: 0 rack: null)", + "message": "[2017-08-04 10:48:21,428] TRACE Controller 0 epoch 1 received response {error_code=0} for a request sent to broker baldur:9092 (id: 0 rack: null) (state.change.logger)", + "offset": 0 } -] \ No newline at end of file +] diff --git a/filebeat/module/kibana/log/manifest.yml b/filebeat/module/kibana/log/manifest.yml index 6b4e75470adc..b0286823a807 100644 --- a/filebeat/module/kibana/log/manifest.yml +++ b/filebeat/module/kibana/log/manifest.yml @@ -6,4 +6,4 @@ var: - /var/log/kibana/kibana.stdout ingest_pipeline: ingest/pipeline.json -prospector: config/log.yml +input: config/log.yml diff --git a/filebeat/module/kibana/log/test/test.log-expected.json b/filebeat/module/kibana/log/test/test.log-expected.json index 614014610225..82238373a4c0 100644 --- a/filebeat/module/kibana/log/test/test.log-expected.json +++ b/filebeat/module/kibana/log/test/test.log-expected.json @@ -1,75 +1,72 @@ [ { - "@timestamp": "2018-05-09T10:57:55.000Z", - "fileset.module": "kibana", - "fileset.name": "log", - "http.request.method": "get", - "http.response.content_length": 9, - "http.response.elapsed_time": 26, - "http.response.status_code": 304, - "input.type": "log", - "kibana.log.meta.method": "get", - "kibana.log.meta.req.headers.accept": "*/*", - "kibana.log.meta.req.headers.accept-encoding": "gzip, deflate, br", - "kibana.log.meta.req.headers.accept-language": "en-US,en;q=0.9,de;q=0.8", - "kibana.log.meta.req.headers.connection": "keep-alive", - "kibana.log.meta.req.headers.host": "localhost:5601", - "kibana.log.meta.req.headers.if-modified-since": "Thu, 03 May 2018 09:45:28 GMT", - "kibana.log.meta.req.headers.if-none-match": "\"24234c1c81b3948758c1a0be8e5a65386ca94c52\"", - "kibana.log.meta.req.headers.origin": "http://localhost:5601", - "kibana.log.meta.req.headers.referer": "http://localhost:5601/app/kibana", - "kibana.log.meta.req.headers.user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36", - "kibana.log.meta.req.referer": "http://localhost:5601/app/kibana", - "kibana.log.meta.req.remoteAddress": "127.0.0.1", - "kibana.log.meta.req.url": "/ui/fonts/open_sans/open_sans_v15_latin_600.woff2", - "kibana.log.meta.req.userAgent": "127.0.0.1", - "kibana.log.meta.statusCode": 304, - "kibana.log.meta.type": "response", - "kibana.log.tags": [], - "message": "GET /ui/fonts/open_sans/open_sans_v15_latin_600.woff2 304 26ms - 9.0B", - "offset": 0, - "process.pid": 69410, - "prospector.type": "log", + "@timestamp": "2018-05-09T10:57:55.000Z", + "fileset.module": "kibana", + "fileset.name": "log", + "http.request.method": "get", + "http.response.content_length": 9, + "http.response.elapsed_time": 26, + "http.response.status_code": 304, + "input.type": "log", + "kibana.log.meta.method": "get", + "kibana.log.meta.req.headers.accept": "*/*", + "kibana.log.meta.req.headers.accept-encoding": "gzip, deflate, br", + "kibana.log.meta.req.headers.accept-language": "en-US,en;q=0.9,de;q=0.8", + "kibana.log.meta.req.headers.connection": "keep-alive", + "kibana.log.meta.req.headers.host": "localhost:5601", + "kibana.log.meta.req.headers.if-modified-since": "Thu, 03 May 2018 09:45:28 GMT", + "kibana.log.meta.req.headers.if-none-match": "\"24234c1c81b3948758c1a0be8e5a65386ca94c52\"", + "kibana.log.meta.req.headers.origin": "http://localhost:5601", + "kibana.log.meta.req.headers.referer": "http://localhost:5601/app/kibana", + "kibana.log.meta.req.headers.user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36", + "kibana.log.meta.req.referer": "http://localhost:5601/app/kibana", + "kibana.log.meta.req.remoteAddress": "127.0.0.1", + "kibana.log.meta.req.url": "/ui/fonts/open_sans/open_sans_v15_latin_600.woff2", + "kibana.log.meta.req.userAgent": "127.0.0.1", + "kibana.log.meta.statusCode": 304, + "kibana.log.meta.type": "response", + "kibana.log.tags": [], + "message": "GET /ui/fonts/open_sans/open_sans_v15_latin_600.woff2 304 26ms - 9.0B", + "offset": 0, + "process.pid": 69410, "service.name": [ "kibana" ] - }, + }, { - "@timestamp": "2018-05-09T10:59:12.000Z", - "fileset.module": "kibana", - "fileset.name": "log", - "input.type": "log", - "kibana.log.meta.type": "log", + "@timestamp": "2018-05-09T10:59:12.000Z", + "fileset.module": "kibana", + "fileset.name": "log", + "input.type": "log", + "kibana.log.meta.type": "log", "kibana.log.tags": [ - "debug", - "monitoring-ui", + "debug", + "monitoring-ui", "kibana-monitoring" - ], - "message": "Fetching data from kibana_stats collector", - "offset": 920, - "process.pid": 69776, - "prospector.type": "log", + ], + "message": "Fetching data from kibana_stats collector", + "offset": 920, + "process.pid": 69776, "service.name": [ "kibana" ] - }, + }, { - "@timestamp": "2018-05-09T10:59:12.000Z", - "fileset.module": "kibana", - "fileset.name": "log", - "input.type": "log", - "kibana.log.meta.type": "log", + "@timestamp": "2018-05-09T10:59:12.000Z", + "fileset.module": "kibana", + "fileset.name": "log", + "input.type": "log", + "kibana.log.meta.type": "log", "kibana.log.tags": [ - "reporting", - "debug", + "reporting", + "debug", "exportTypes" - ], - "message": "Found exportType at /Users/ruflin/Downloads/6.3/kibana-6.3.0-darwin-x86_64/node_modules/x-pack/plugins/reporting/export_types/csv/server/index.js", - "offset": 1090, - "process.pid": 69776, - "prospector.type": "log", + ], + "message": "Found exportType at /Users/ruflin/Downloads/6.3/kibana-6.3.0-darwin-x86_64/node_modules/x-pack/plugins/reporting/export_types/csv/server/index.js", + "offset": 1090, + "process.pid": 69776, "service.name": [ "kibana" ] } -] \ No newline at end of file +] diff --git a/filebeat/module/logstash/log/test/logstash-plain.log-expected.json b/filebeat/module/logstash/log/test/logstash-plain.log-expected.json index c14a53e54e17..acf355b38d15 100644 --- a/filebeat/module/logstash/log/test/logstash-plain.log-expected.json +++ b/filebeat/module/logstash/log/test/logstash-plain.log-expected.json @@ -1,27 +1,25 @@ [ { - "@timestamp": "2017-10-23T14:20:12,046", - "fileset.module": "logstash", - "fileset.name": "log", - "input.type": "log", - "logstash.log.level": "INFO", - "logstash.log.message": "Initializing module {:module_name=>\"fb_apache\", :directory=>\"/usr/share/logstash/modules/fb_apache/configuration\"}", - "logstash.log.module": "logstash.modules.scaffold", - "offset": 0, - "prospector.type": "log" - }, + "@timestamp": "2017-10-23T14:20:12,046", + "fileset.module": "logstash", + "fileset.name": "log", + "input.type": "log", + "logstash.log.level": "INFO", + "logstash.log.message": "Initializing module {:module_name=>\"fb_apache\", :directory=>\"/usr/share/logstash/modules/fb_apache/configuration\"}", + "logstash.log.module": "logstash.modules.scaffold", + "offset": 0 + }, { - "@timestamp": "2017-11-20T03:55:00,318", - "fileset.module": "logstash", - "fileset.name": "log", - "input.type": "log", + "@timestamp": "2017-11-20T03:55:00,318", + "fileset.module": "logstash", + "fileset.name": "log", + "input.type": "log", "log.flags": [ "multiline" - ], - "logstash.log.level": "INFO", - "logstash.log.message": "(0.058950s) Select Name as [person.name]\n, Address as [person.address]\nfrom people\n", - "logstash.log.module": "logstash.inputs.jdbc ", - "offset": 175, - "prospector.type": "log" + ], + "logstash.log.level": "INFO", + "logstash.log.message": "(0.058950s) Select Name as [person.name]\n, Address as [person.address]\nfrom people\n", + "logstash.log.module": "logstash.inputs.jdbc ", + "offset": 175 } -] \ No newline at end of file +] diff --git a/filebeat/module/logstash/slowlog/test/slowlog-plain.log-expected.json b/filebeat/module/logstash/slowlog/test/slowlog-plain.log-expected.json index 835106bf9756..debd784181ed 100644 --- a/filebeat/module/logstash/slowlog/test/slowlog-plain.log-expected.json +++ b/filebeat/module/logstash/slowlog/test/slowlog-plain.log-expected.json @@ -1,19 +1,18 @@ [ { - "@timestamp": "2017-10-30T09:57:58,243", - "fileset.module": "logstash", - "fileset.name": "slowlog", - "input.type": "log", - "logstash.slowlog.event": "\"{\\\"@version\\\":\\\"1\\\",\\\"@timestamp\\\":\\\"2017-10-30T13:57:55.130Z\\\",\\\"host\\\":\\\"sashimi\\\",\\\"sequence\\\":0,\\\"message\\\":\\\"Hello world!\\\"}\"", - "logstash.slowlog.level": "WARN", - "logstash.slowlog.message": "event processing time {:plugin_params=>{\"time\"=>3, \"id\"=>\"e4e12a4e3082615c5427079bf4250dbfa338ebac10f8ea9912d7b98a14f56b8c\"}, :took_in_nanos=>3027675106, :took_in_millis=>3027, :event=>\"{\\\"@version\\\":\\\"1\\\",\\\"@timestamp\\\":\\\"2017-10-30T13:57:55.130Z\\\",\\\"host\\\":\\\"sashimi\\\",\\\"sequence\\\":0,\\\"message\\\":\\\"Hello world!\\\"}\"}", - "logstash.slowlog.module": "slowlog.logstash.filters.sleep", - "logstash.slowlog.plugin_name": "sleep", - "logstash.slowlog.plugin_params": "{\"time\"=>3, \"id\"=>\"e4e12a4e3082615c5427079bf4250dbfa338ebac10f8ea9912d7b98a14f56b8c\"}", - "logstash.slowlog.plugin_type": "filters", - "logstash.slowlog.took_in_millis": 3027, - "logstash.slowlog.took_in_nanos": 3027675106, - "offset": 0, - "prospector.type": "log" + "@timestamp": "2017-10-30T09:57:58,243", + "fileset.module": "logstash", + "fileset.name": "slowlog", + "input.type": "log", + "logstash.slowlog.event": "\"{\\\"@version\\\":\\\"1\\\",\\\"@timestamp\\\":\\\"2017-10-30T13:57:55.130Z\\\",\\\"host\\\":\\\"sashimi\\\",\\\"sequence\\\":0,\\\"message\\\":\\\"Hello world!\\\"}\"", + "logstash.slowlog.level": "WARN", + "logstash.slowlog.message": "event processing time {:plugin_params=>{\"time\"=>3, \"id\"=>\"e4e12a4e3082615c5427079bf4250dbfa338ebac10f8ea9912d7b98a14f56b8c\"}, :took_in_nanos=>3027675106, :took_in_millis=>3027, :event=>\"{\\\"@version\\\":\\\"1\\\",\\\"@timestamp\\\":\\\"2017-10-30T13:57:55.130Z\\\",\\\"host\\\":\\\"sashimi\\\",\\\"sequence\\\":0,\\\"message\\\":\\\"Hello world!\\\"}\"}", + "logstash.slowlog.module": "slowlog.logstash.filters.sleep", + "logstash.slowlog.plugin_name": "sleep", + "logstash.slowlog.plugin_params": "{\"time\"=>3, \"id\"=>\"e4e12a4e3082615c5427079bf4250dbfa338ebac10f8ea9912d7b98a14f56b8c\"}", + "logstash.slowlog.plugin_type": "filters", + "logstash.slowlog.took_in_millis": 3027, + "logstash.slowlog.took_in_nanos": 3027675106, + "offset": 0 } -] \ No newline at end of file +] diff --git a/filebeat/module/mongodb/log/test/mongodb-debian-3.2.11.log-expected.json b/filebeat/module/mongodb/log/test/mongodb-debian-3.2.11.log-expected.json index f0cd77888db4..612f5487e3ab 100644 --- a/filebeat/module/mongodb/log/test/mongodb-debian-3.2.11.log-expected.json +++ b/filebeat/module/mongodb/log/test/mongodb-debian-3.2.11.log-expected.json @@ -1,410 +1,376 @@ [ { - "@timestamp": "2018-02-05T12:44:56.657Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "CONTROL", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": "git version: 009580ad490190ba33d1c6253ebd8d91808923e4", - "mongodb.log.severity": "I", - "offset": 0, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T12:44:56.657Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "CONTROL", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": "modules: none", - "mongodb.log.severity": "I", - "offset": 110, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T12:44:56.657Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "CONTROL", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": "OpenSSL version: OpenSSL 1.0.2l 25 May 2017", - "mongodb.log.severity": "I", - "offset": 180, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T12:44:56.677Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "STORAGE", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": "wiredtiger_open config: create,cache_size=8G,session_max=20000,eviction=(threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0),", - "mongodb.log.severity": "I", - "offset": 281, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T12:44:56.724Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "FTDC", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": "Initializing full-time diagnostic data capture with directory '/var/lib/mongodb/diagnostic.data'", - "mongodb.log.severity": "I", - "offset": 621, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T12:44:56.724Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "HostnameCanonicalizationWorker", - "mongodb.log.message": "Starting hostname canonicalization worker", - "mongodb.log.severity": "I", - "offset": 774, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T12:44:56.744Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": "waiting for connections on port 27017", - "mongodb.log.severity": "I", - "offset": 889, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T12:50:55.170Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "conn1", - "mongodb.log.message": "end connection 127.0.0.1:55404 (0 connections now open)", - "mongodb.log.severity": "I", - "offset": 983, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T12:50:55.487Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": "connection accepted from 127.0.0.1:55406 #2 (1 connection now open)", - "mongodb.log.severity": "I", - "offset": 1087, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T13:49:45.606Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "CONTROL", - "mongodb.log.context": "signalProcessingThread", - "mongodb.log.message": "now exiting", - "mongodb.log.severity": "I", - "offset": 1211, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T13:49:45.606Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "signalProcessingThread", - "mongodb.log.message": "closing listening socket: 7", - "mongodb.log.severity": "I", - "offset": 1288, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T13:49:45.606Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "signalProcessingThread", - "mongodb.log.message": "removing socket file: /run/mongodb/mongodb-27017.sock", - "mongodb.log.severity": "I", - "offset": 1381, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T13:49:45.606Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "signalProcessingThread", - "mongodb.log.message": "shutdown: going to flush diaglog...", - "mongodb.log.severity": "I", - "offset": 1500, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T13:49:45.606Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "signalProcessingThread", - "mongodb.log.message": "shutdown: going to close sockets...", - "mongodb.log.severity": "I", - "offset": 1601, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T13:49:45.688Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "STORAGE", - "mongodb.log.context": "signalProcessingThread", - "mongodb.log.message": "shutdown: removing fs lock...", - "mongodb.log.severity": "I", - "offset": 1702, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T12:44:56.657Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "CONTROL", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": "db version v3.2.11", - "mongodb.log.severity": "I", - "offset": 1797, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T12:44:56.657Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "CONTROL", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": "build environment:", - "mongodb.log.severity": "I", - "offset": 1872, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T12:44:56.657Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "CONTROL", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": " distarch: x86_64", - "mongodb.log.severity": "I", - "offset": 1947, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T12:44:56.657Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "CONTROL", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": "options: { config: \"/etc/mongodb.conf\", net: { bindIp: \"127.0.0.1\", unixDomainSocket: { pathPrefix: \"/run/mongodb\" } }, storage: { dbPath: \"/var/lib/mongodb\", journal: { enabled: true } }, systemLog: { destination: \"file\", logAppend: true, path: \"/var/log/mongodb/mongodb.log\" } }", - "mongodb.log.severity": "I", - "offset": 2024, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T12:50:55.170Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": "connection accepted from 127.0.0.1:55404 #1 (1 connection now open)", - "mongodb.log.severity": "I", - "offset": 2361, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T12:50:56.180Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "conn3", - "mongodb.log.message": "end connection 127.0.0.1:55414 (0 connections now open)", - "mongodb.log.severity": "I", - "offset": 2485, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T13:15:42.095Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "conn4", - "mongodb.log.message": "end connection 127.0.0.1:58336 (0 connections now open)", - "mongodb.log.severity": "I", - "offset": 2589, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T13:49:45.606Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "signalProcessingThread", - "mongodb.log.message": "shutdown: going to close listening sockets...", - "mongodb.log.severity": "I", - "offset": 2693, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T13:49:45.606Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "STORAGE", - "mongodb.log.context": "signalProcessingThread", - "mongodb.log.message": "WiredTigerKVEngine shutting down", - "mongodb.log.severity": "I", - "offset": 2804, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T13:49:45.688Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "CONTROL", - "mongodb.log.context": "signalProcessingThread", - "mongodb.log.message": "dbexit: rc: 0", - "mongodb.log.severity": "I", - "offset": 2902, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T12:44:56.657Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "CONTROL", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": "MongoDB starting : pid=29803 port=27017 dbpath=/var/lib/mongodb 64-bit host=sleipnir", - "mongodb.log.severity": "I", - "offset": 2982, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T12:44:56.657Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "CONTROL", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": "allocator: tcmalloc", - "mongodb.log.severity": "I", - "offset": 3123, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T12:44:56.657Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "CONTROL", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": " target_arch: x86_64", - "mongodb.log.severity": "I", - "offset": 3199, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T12:50:55.487Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "conn2", - "mongodb.log.message": "end connection 127.0.0.1:55406 (0 connections now open)", - "mongodb.log.severity": "I", - "offset": 3279, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T12:50:56.180Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": "connection accepted from 127.0.0.1:55414 #3 (1 connection now open)", - "mongodb.log.severity": "I", - "offset": 3383, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T13:11:41.401Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": "connection accepted from 127.0.0.1:58336 #4 (1 connection now open)", - "mongodb.log.severity": "I", - "offset": 3507, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T13:49:45.605Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "CONTROL", - "mongodb.log.context": "signalProcessingThread", - "mongodb.log.message": "got signal 15 (Terminated), will terminate after current cmd ends", - "mongodb.log.severity": "I", - "offset": 3631, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T13:49:45.605Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "FTDC", - "mongodb.log.context": "signalProcessingThread", - "mongodb.log.message": "Shutting down full-time diagnostic data capture", - "mongodb.log.severity": "I", - "offset": 3762, - "prospector.type": "log" - }, - { - "@timestamp": "2018-02-05T13:49:45.606Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "signalProcessingThread", - "mongodb.log.message": "closing listening socket: 6", - "mongodb.log.severity": "I", - "offset": 3875, - "prospector.type": "log" + "@timestamp": "2018-02-05T12:44:56.657Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "CONTROL", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": "git version: 009580ad490190ba33d1c6253ebd8d91808923e4", + "mongodb.log.severity": "I", + "offset": 0 + }, + { + "@timestamp": "2018-02-05T12:44:56.657Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "CONTROL", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": "modules: none", + "mongodb.log.severity": "I", + "offset": 110 + }, + { + "@timestamp": "2018-02-05T12:44:56.657Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "CONTROL", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": "OpenSSL version: OpenSSL 1.0.2l 25 May 2017", + "mongodb.log.severity": "I", + "offset": 180 + }, + { + "@timestamp": "2018-02-05T12:44:56.677Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "STORAGE", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": "wiredtiger_open config: create,cache_size=8G,session_max=20000,eviction=(threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0),", + "mongodb.log.severity": "I", + "offset": 281 + }, + { + "@timestamp": "2018-02-05T12:44:56.724Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "FTDC", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": "Initializing full-time diagnostic data capture with directory '/var/lib/mongodb/diagnostic.data'", + "mongodb.log.severity": "I", + "offset": 621 + }, + { + "@timestamp": "2018-02-05T12:44:56.724Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "HostnameCanonicalizationWorker", + "mongodb.log.message": "Starting hostname canonicalization worker", + "mongodb.log.severity": "I", + "offset": 774 + }, + { + "@timestamp": "2018-02-05T12:44:56.744Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": "waiting for connections on port 27017", + "mongodb.log.severity": "I", + "offset": 889 + }, + { + "@timestamp": "2018-02-05T12:50:55.170Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "conn1", + "mongodb.log.message": "end connection 127.0.0.1:55404 (0 connections now open)", + "mongodb.log.severity": "I", + "offset": 983 + }, + { + "@timestamp": "2018-02-05T12:50:55.487Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": "connection accepted from 127.0.0.1:55406 #2 (1 connection now open)", + "mongodb.log.severity": "I", + "offset": 1087 + }, + { + "@timestamp": "2018-02-05T13:49:45.606Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "CONTROL", + "mongodb.log.context": "signalProcessingThread", + "mongodb.log.message": "now exiting", + "mongodb.log.severity": "I", + "offset": 1211 + }, + { + "@timestamp": "2018-02-05T13:49:45.606Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "signalProcessingThread", + "mongodb.log.message": "closing listening socket: 7", + "mongodb.log.severity": "I", + "offset": 1288 + }, + { + "@timestamp": "2018-02-05T13:49:45.606Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "signalProcessingThread", + "mongodb.log.message": "removing socket file: /run/mongodb/mongodb-27017.sock", + "mongodb.log.severity": "I", + "offset": 1381 + }, + { + "@timestamp": "2018-02-05T13:49:45.606Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "signalProcessingThread", + "mongodb.log.message": "shutdown: going to flush diaglog...", + "mongodb.log.severity": "I", + "offset": 1500 + }, + { + "@timestamp": "2018-02-05T13:49:45.606Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "signalProcessingThread", + "mongodb.log.message": "shutdown: going to close sockets...", + "mongodb.log.severity": "I", + "offset": 1601 + }, + { + "@timestamp": "2018-02-05T13:49:45.688Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "STORAGE", + "mongodb.log.context": "signalProcessingThread", + "mongodb.log.message": "shutdown: removing fs lock...", + "mongodb.log.severity": "I", + "offset": 1702 + }, + { + "@timestamp": "2018-02-05T12:44:56.657Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "CONTROL", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": "db version v3.2.11", + "mongodb.log.severity": "I", + "offset": 1797 + }, + { + "@timestamp": "2018-02-05T12:44:56.657Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "CONTROL", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": "build environment:", + "mongodb.log.severity": "I", + "offset": 1872 + }, + { + "@timestamp": "2018-02-05T12:44:56.657Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "CONTROL", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": " distarch: x86_64", + "mongodb.log.severity": "I", + "offset": 1947 + }, + { + "@timestamp": "2018-02-05T12:44:56.657Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "CONTROL", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": "options: { config: \"/etc/mongodb.conf\", net: { bindIp: \"127.0.0.1\", unixDomainSocket: { pathPrefix: \"/run/mongodb\" } }, storage: { dbPath: \"/var/lib/mongodb\", journal: { enabled: true } }, systemLog: { destination: \"file\", logAppend: true, path: \"/var/log/mongodb/mongodb.log\" } }", + "mongodb.log.severity": "I", + "offset": 2024 + }, + { + "@timestamp": "2018-02-05T12:50:55.170Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": "connection accepted from 127.0.0.1:55404 #1 (1 connection now open)", + "mongodb.log.severity": "I", + "offset": 2361 + }, + { + "@timestamp": "2018-02-05T12:50:56.180Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "conn3", + "mongodb.log.message": "end connection 127.0.0.1:55414 (0 connections now open)", + "mongodb.log.severity": "I", + "offset": 2485 + }, + { + "@timestamp": "2018-02-05T13:15:42.095Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "conn4", + "mongodb.log.message": "end connection 127.0.0.1:58336 (0 connections now open)", + "mongodb.log.severity": "I", + "offset": 2589 + }, + { + "@timestamp": "2018-02-05T13:49:45.606Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "signalProcessingThread", + "mongodb.log.message": "shutdown: going to close listening sockets...", + "mongodb.log.severity": "I", + "offset": 2693 + }, + { + "@timestamp": "2018-02-05T13:49:45.606Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "STORAGE", + "mongodb.log.context": "signalProcessingThread", + "mongodb.log.message": "WiredTigerKVEngine shutting down", + "mongodb.log.severity": "I", + "offset": 2804 + }, + { + "@timestamp": "2018-02-05T13:49:45.688Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "CONTROL", + "mongodb.log.context": "signalProcessingThread", + "mongodb.log.message": "dbexit: rc: 0", + "mongodb.log.severity": "I", + "offset": 2902 + }, + { + "@timestamp": "2018-02-05T12:44:56.657Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "CONTROL", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": "MongoDB starting : pid=29803 port=27017 dbpath=/var/lib/mongodb 64-bit host=sleipnir", + "mongodb.log.severity": "I", + "offset": 2982 + }, + { + "@timestamp": "2018-02-05T12:44:56.657Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "CONTROL", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": "allocator: tcmalloc", + "mongodb.log.severity": "I", + "offset": 3123 + }, + { + "@timestamp": "2018-02-05T12:44:56.657Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "CONTROL", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": " target_arch: x86_64", + "mongodb.log.severity": "I", + "offset": 3199 + }, + { + "@timestamp": "2018-02-05T12:50:55.487Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "conn2", + "mongodb.log.message": "end connection 127.0.0.1:55406 (0 connections now open)", + "mongodb.log.severity": "I", + "offset": 3279 + }, + { + "@timestamp": "2018-02-05T12:50:56.180Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": "connection accepted from 127.0.0.1:55414 #3 (1 connection now open)", + "mongodb.log.severity": "I", + "offset": 3383 + }, + { + "@timestamp": "2018-02-05T13:11:41.401Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": "connection accepted from 127.0.0.1:58336 #4 (1 connection now open)", + "mongodb.log.severity": "I", + "offset": 3507 + }, + { + "@timestamp": "2018-02-05T13:49:45.605Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "CONTROL", + "mongodb.log.context": "signalProcessingThread", + "mongodb.log.message": "got signal 15 (Terminated), will terminate after current cmd ends", + "mongodb.log.severity": "I", + "offset": 3631 + }, + { + "@timestamp": "2018-02-05T13:49:45.605Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "FTDC", + "mongodb.log.context": "signalProcessingThread", + "mongodb.log.message": "Shutting down full-time diagnostic data capture", + "mongodb.log.severity": "I", + "offset": 3762 + }, + { + "@timestamp": "2018-02-05T13:49:45.606Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "signalProcessingThread", + "mongodb.log.message": "closing listening socket: 6", + "mongodb.log.severity": "I", + "offset": 3875 } -] \ No newline at end of file +] diff --git a/filebeat/module/nginx/access/test/test.log-expected.json b/filebeat/module/nginx/access/test/test.log-expected.json index 174509327cfa..2731df9b0864 100644 --- a/filebeat/module/nginx/access/test/test.log-expected.json +++ b/filebeat/module/nginx/access/test/test.log-expected.json @@ -1,218 +1,211 @@ [ { - "@timestamp": "2016-12-07T10:05:07.000Z", - "fileset.module": "nginx", - "fileset.name": "access", - "input.type": "log", - "nginx.access.body_sent.bytes": "571", - "nginx.access.http_version": "1.1", - "nginx.access.method": "GET", - "nginx.access.referrer": "-", - "nginx.access.remote_ip": "10.0.0.2", + "@timestamp": "2016-12-07T10:05:07.000Z", + "fileset.module": "nginx", + "fileset.name": "access", + "input.type": "log", + "nginx.access.body_sent.bytes": "571", + "nginx.access.http_version": "1.1", + "nginx.access.method": "GET", + "nginx.access.referrer": "-", + "nginx.access.remote_ip": "10.0.0.2", "nginx.access.remote_ip_list": [ - "10.0.0.2", - "10.0.0.1", + "10.0.0.2", + "10.0.0.1", "127.0.0.1" - ], - "nginx.access.response_code": "200", - "nginx.access.url": "/ocelot", - "nginx.access.user_agent.device": "Other", - "nginx.access.user_agent.major": "49", - "nginx.access.user_agent.minor": "0", - "nginx.access.user_agent.name": "Firefox", - "nginx.access.user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0", - "nginx.access.user_agent.os": "Mac OS X 10.12", - "nginx.access.user_agent.os_major": "10", - "nginx.access.user_agent.os_minor": "12", - "nginx.access.user_agent.os_name": "Mac OS X", - "nginx.access.user_name": "-", - "offset": 0, - "prospector.type": "log" - }, + ], + "nginx.access.response_code": "200", + "nginx.access.url": "/ocelot", + "nginx.access.user_agent.device": "Other", + "nginx.access.user_agent.major": "49", + "nginx.access.user_agent.minor": "0", + "nginx.access.user_agent.name": "Firefox", + "nginx.access.user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0", + "nginx.access.user_agent.os": "Mac OS X 10.12", + "nginx.access.user_agent.os_major": "10", + "nginx.access.user_agent.os_minor": "12", + "nginx.access.user_agent.os_name": "Mac OS X", + "nginx.access.user_name": "-", + "offset": 0 + }, { - "@timestamp": "2017-05-29T19:02:48.000Z", - "fileset.module": "nginx", - "fileset.name": "access", - "input.type": "log", - "nginx.access.body_sent.bytes": "612", - "nginx.access.http_version": "1.1", - "nginx.access.method": "GET", - "nginx.access.referrer": "-", - "nginx.access.remote_ip": "172.17.0.1", + "@timestamp": "2017-05-29T19:02:48.000Z", + "fileset.module": "nginx", + "fileset.name": "access", + "input.type": "log", + "nginx.access.body_sent.bytes": "612", + "nginx.access.http_version": "1.1", + "nginx.access.method": "GET", + "nginx.access.referrer": "-", + "nginx.access.remote_ip": "172.17.0.1", "nginx.access.remote_ip_list": [ "172.17.0.1" - ], - "nginx.access.response_code": "404", - "nginx.access.url": "/stringpatch", - "nginx.access.user_agent.device": "Other", - "nginx.access.user_agent.major": "15", - "nginx.access.user_agent.minor": "0", - "nginx.access.user_agent.name": "Firefox Alpha", - "nginx.access.user_agent.original": "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2", - "nginx.access.user_agent.os": "Windows 7", - "nginx.access.user_agent.os_name": "Windows 7", - "nginx.access.user_agent.patch": "a2", - "nginx.access.user_name": "-", - "offset": 183, - "prospector.type": "log" - }, + ], + "nginx.access.response_code": "404", + "nginx.access.url": "/stringpatch", + "nginx.access.user_agent.device": "Other", + "nginx.access.user_agent.major": "15", + "nginx.access.user_agent.minor": "0", + "nginx.access.user_agent.name": "Firefox Alpha", + "nginx.access.user_agent.original": "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2", + "nginx.access.user_agent.os": "Windows 7", + "nginx.access.user_agent.os_name": "Windows 7", + "nginx.access.user_agent.patch": "a2", + "nginx.access.user_name": "-", + "offset": 183 + }, { - "@timestamp": "2016-12-07T10:05:07.000Z", - "fileset.module": "nginx", - "fileset.name": "access", - "input.type": "log", - "nginx.access.body_sent.bytes": "571", - "nginx.access.geoip.city_name": "Berlin", - "nginx.access.geoip.continent_name": "Europe", - "nginx.access.geoip.country_iso_code": "DE", - "nginx.access.geoip.location.lat": 52.4908, - "nginx.access.geoip.location.lon": 13.3275, - "nginx.access.geoip.region_iso_code": "DE-BE", - "nginx.access.geoip.region_name": "Land Berlin", - "nginx.access.http_version": "1.1", - "nginx.access.method": "GET", - "nginx.access.referrer": "-", - "nginx.access.remote_ip": "85.181.35.98", + "@timestamp": "2016-12-07T10:05:07.000Z", + "fileset.module": "nginx", + "fileset.name": "access", + "input.type": "log", + "nginx.access.body_sent.bytes": "571", + "nginx.access.geoip.city_name": "Berlin", + "nginx.access.geoip.continent_name": "Europe", + "nginx.access.geoip.country_iso_code": "DE", + "nginx.access.geoip.location.lat": 52.4908, + "nginx.access.geoip.location.lon": 13.3275, + "nginx.access.geoip.region_iso_code": "DE-BE", + "nginx.access.geoip.region_name": "Land Berlin", + "nginx.access.http_version": "1.1", + "nginx.access.method": "GET", + "nginx.access.referrer": "-", + "nginx.access.remote_ip": "85.181.35.98", "nginx.access.remote_ip_list": [ - "10.0.0.2", - "10.0.0.1", + "10.0.0.2", + "10.0.0.1", "85.181.35.98" - ], - "nginx.access.response_code": "200", - "nginx.access.url": "/ocelot", - "nginx.access.user_agent.device": "Other", - "nginx.access.user_agent.major": "49", - "nginx.access.user_agent.minor": "0", - "nginx.access.user_agent.name": "Firefox", - "nginx.access.user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0", - "nginx.access.user_agent.os": "Mac OS X 10.12", - "nginx.access.user_agent.os_major": "10", - "nginx.access.user_agent.os_minor": "12", - "nginx.access.user_agent.os_name": "Mac OS X", - "nginx.access.user_name": "-", - "offset": 341, - "prospector.type": "log" - }, + ], + "nginx.access.response_code": "200", + "nginx.access.url": "/ocelot", + "nginx.access.user_agent.device": "Other", + "nginx.access.user_agent.major": "49", + "nginx.access.user_agent.minor": "0", + "nginx.access.user_agent.name": "Firefox", + "nginx.access.user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0", + "nginx.access.user_agent.os": "Mac OS X 10.12", + "nginx.access.user_agent.os_major": "10", + "nginx.access.user_agent.os_minor": "12", + "nginx.access.user_agent.os_name": "Mac OS X", + "nginx.access.user_name": "-", + "offset": 341 + }, { - "@timestamp": "2016-12-07T10:05:07.000Z", - "fileset.module": "nginx", - "fileset.name": "access", - "input.type": "log", - "nginx.access.body_sent.bytes": "571", - "nginx.access.geoip.city_name": "Berlin", - "nginx.access.geoip.continent_name": "Europe", - "nginx.access.geoip.country_iso_code": "DE", - "nginx.access.geoip.location.lat": 52.4908, - "nginx.access.geoip.location.lon": 13.3275, - "nginx.access.geoip.region_iso_code": "DE-BE", - "nginx.access.geoip.region_name": "Land Berlin", - "nginx.access.http_version": "1.1", - "nginx.access.method": "GET", - "nginx.access.referrer": "-", - "nginx.access.remote_ip": "85.181.35.98", + "@timestamp": "2016-12-07T10:05:07.000Z", + "fileset.module": "nginx", + "fileset.name": "access", + "input.type": "log", + "nginx.access.body_sent.bytes": "571", + "nginx.access.geoip.city_name": "Berlin", + "nginx.access.geoip.continent_name": "Europe", + "nginx.access.geoip.country_iso_code": "DE", + "nginx.access.geoip.location.lat": 52.4908, + "nginx.access.geoip.location.lon": 13.3275, + "nginx.access.geoip.region_iso_code": "DE-BE", + "nginx.access.geoip.region_name": "Land Berlin", + "nginx.access.http_version": "1.1", + "nginx.access.method": "GET", + "nginx.access.referrer": "-", + "nginx.access.remote_ip": "85.181.35.98", "nginx.access.remote_ip_list": [ "85.181.35.98" - ], - "nginx.access.response_code": "200", - "nginx.access.url": "/ocelot", - "nginx.access.user_agent.device": "Other", - "nginx.access.user_agent.major": "49", - "nginx.access.user_agent.minor": "0", - "nginx.access.user_agent.name": "Firefox", - "nginx.access.user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0", - "nginx.access.user_agent.os": "Mac OS X 10.12", - "nginx.access.user_agent.os_major": "10", - "nginx.access.user_agent.os_minor": "12", - "nginx.access.user_agent.os_name": "Mac OS X", - "nginx.access.user_name": "-", - "offset": 527, - "prospector.type": "log" - }, + ], + "nginx.access.response_code": "200", + "nginx.access.url": "/ocelot", + "nginx.access.user_agent.device": "Other", + "nginx.access.user_agent.major": "49", + "nginx.access.user_agent.minor": "0", + "nginx.access.user_agent.name": "Firefox", + "nginx.access.user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0", + "nginx.access.user_agent.os": "Mac OS X 10.12", + "nginx.access.user_agent.os_major": "10", + "nginx.access.user_agent.os_minor": "12", + "nginx.access.user_agent.os_name": "Mac OS X", + "nginx.access.user_name": "-", + "offset": 527 + }, { - "@timestamp": "2016-01-22T13:18:29.000Z", - "fileset.module": "nginx", - "fileset.name": "access", - "input.type": "log", - "nginx.access.body_sent.bytes": "25507", - "nginx.access.geoip.city_name": "Springfield", - "nginx.access.geoip.continent_name": "North America", - "nginx.access.geoip.country_iso_code": "US", - "nginx.access.geoip.location.lat": 39.772, - "nginx.access.geoip.location.lon": -89.6859, - "nginx.access.geoip.region_iso_code": "US-IL", - "nginx.access.geoip.region_name": "Illinois", - "nginx.access.http_version": "1.1", - "nginx.access.method": "GET", - "nginx.access.referrer": "-", - "nginx.access.remote_ip": "199.96.1.1", + "@timestamp": "2016-01-22T13:18:29.000Z", + "fileset.module": "nginx", + "fileset.name": "access", + "input.type": "log", + "nginx.access.body_sent.bytes": "25507", + "nginx.access.geoip.city_name": "Springfield", + "nginx.access.geoip.continent_name": "North America", + "nginx.access.geoip.country_iso_code": "US", + "nginx.access.geoip.location.lat": 39.772, + "nginx.access.geoip.location.lon": -89.6859, + "nginx.access.geoip.region_iso_code": "US-IL", + "nginx.access.geoip.region_name": "Illinois", + "nginx.access.http_version": "1.1", + "nginx.access.method": "GET", + "nginx.access.referrer": "-", + "nginx.access.remote_ip": "199.96.1.1", "nginx.access.remote_ip_list": [ - "10.5.102.222", - "199.96.1.1", - "204.246.1.1", + "10.5.102.222", + "199.96.1.1", + "204.246.1.1", "10.2.1.185" - ], - "nginx.access.response_code": "200", - "nginx.access.url": "/assets/xxxx?q=100", - "nginx.access.user_agent.device": "Other", - "nginx.access.user_agent.name": "Other", - "nginx.access.user_agent.original": "Amazon CloudFront", - "nginx.access.user_agent.os": "Other", - "nginx.access.user_agent.os_name": "Other", - "nginx.access.user_name": "-", - "offset": 693, - "prospector.type": "log" - }, + ], + "nginx.access.response_code": "200", + "nginx.access.url": "/assets/xxxx?q=100", + "nginx.access.user_agent.device": "Other", + "nginx.access.user_agent.name": "Other", + "nginx.access.user_agent.original": "Amazon CloudFront", + "nginx.access.user_agent.os": "Other", + "nginx.access.user_agent.os_name": "Other", + "nginx.access.user_name": "-", + "offset": 693 + }, { - "@timestamp": "2016-12-30T06:47:09.000Z", - "fileset.module": "nginx", - "fileset.name": "access", - "input.type": "log", - "nginx.access.body_sent.bytes": "8571", - "nginx.access.geoip.continent_name": "Europe", - "nginx.access.geoip.country_iso_code": "PT", - "nginx.access.geoip.location.lat": 39.5, - "nginx.access.geoip.location.lon": -8.0, - "nginx.access.http_version": "1.1", - "nginx.access.method": "GET", - "nginx.access.referrer": "-", - "nginx.access.remote_ip": "2a03:0000:10ff:f00f:0000:0000:0:8000", + "@timestamp": "2016-12-30T06:47:09.000Z", + "fileset.module": "nginx", + "fileset.name": "access", + "input.type": "log", + "nginx.access.body_sent.bytes": "8571", + "nginx.access.geoip.continent_name": "Europe", + "nginx.access.geoip.country_iso_code": "PT", + "nginx.access.geoip.location.lat": 39.5, + "nginx.access.geoip.location.lon": -8.0, + "nginx.access.http_version": "1.1", + "nginx.access.method": "GET", + "nginx.access.referrer": "-", + "nginx.access.remote_ip": "2a03:0000:10ff:f00f:0000:0000:0:8000", "nginx.access.remote_ip_list": [ - "2a03:0000:10ff:f00f:0000:0000:0:8000", - "10.225.192.17", + "2a03:0000:10ff:f00f:0000:0000:0:8000", + "10.225.192.17", "10.2.2.121" - ], - "nginx.access.response_code": "404", - "nginx.access.url": "/test.html", - "nginx.access.user_agent.device": "Spider", - "nginx.access.user_agent.major": "1", - "nginx.access.user_agent.minor": "0", - "nginx.access.user_agent.name": "Facebot", - "nginx.access.user_agent.original": "Mozilla/5.0 (compatible; Facebot 1.0; https://developers.facebook.com/docs/sharing/webmasters/crawler)", - "nginx.access.user_agent.os": "Other", - "nginx.access.user_agent.os_name": "Other", - "nginx.access.user_name": "-", - "offset": 845, - "prospector.type": "log" - }, + ], + "nginx.access.response_code": "404", + "nginx.access.url": "/test.html", + "nginx.access.user_agent.device": "Spider", + "nginx.access.user_agent.major": "1", + "nginx.access.user_agent.minor": "0", + "nginx.access.user_agent.name": "Facebot", + "nginx.access.user_agent.original": "Mozilla/5.0 (compatible; Facebot 1.0; https://developers.facebook.com/docs/sharing/webmasters/crawler)", + "nginx.access.user_agent.os": "Other", + "nginx.access.user_agent.os_name": "Other", + "nginx.access.user_name": "-", + "offset": 845 + }, { - "@timestamp": "2018-04-12T07:48:40.000Z", - "fileset.module": "nginx", - "fileset.name": "access", - "input.type": "log", - "nginx.access.body_sent.bytes": "0", - "nginx.access.referrer": "-", - "nginx.access.remote_ip": "127.0.0.1", + "@timestamp": "2018-04-12T07:48:40.000Z", + "fileset.module": "nginx", + "fileset.name": "access", + "input.type": "log", + "nginx.access.body_sent.bytes": "0", + "nginx.access.referrer": "-", + "nginx.access.remote_ip": "127.0.0.1", "nginx.access.remote_ip_list": [ "127.0.0.1" - ], - "nginx.access.response_code": "400", - "nginx.access.user_agent.device": "Other", - "nginx.access.user_agent.name": "Other", - "nginx.access.user_agent.original": "-", - "nginx.access.user_agent.os": "Other", - "nginx.access.user_agent.os_name": "Other", - "nginx.access.user_name": "-", - "offset": 1085, - "prospector.type": "log" + ], + "nginx.access.response_code": "400", + "nginx.access.user_agent.device": "Other", + "nginx.access.user_agent.name": "Other", + "nginx.access.user_agent.original": "-", + "nginx.access.user_agent.os": "Other", + "nginx.access.user_agent.os_name": "Other", + "nginx.access.user_name": "-", + "offset": 1085 } -] \ No newline at end of file +] diff --git a/filebeat/module/nginx/error/test/error.log-expected.json b/filebeat/module/nginx/error/test/error.log-expected.json index a2ded7a88b81..73dfd9ef8e3f 100644 --- a/filebeat/module/nginx/error/test/error.log-expected.json +++ b/filebeat/module/nginx/error/test/error.log-expected.json @@ -1,28 +1,26 @@ [ { - "@timestamp": "2016-10-25T14:49:34.000Z", - "fileset.module": "nginx", - "fileset.name": "error", - "input.type": "log", - "nginx.error.connection_id": "1", - "nginx.error.level": "error", - "nginx.error.message": "open() \"/usr/local/Cellar/nginx/1.10.2_1/html/favicon.ico\" failed (2: No such file or directory), client: 127.0.0.1, server: localhost, request: \"GET /favicon.ico HTTP/1.1\", host: \"localhost:8080\", referrer: \"http://localhost:8080/\"", - "nginx.error.pid": "54053", - "nginx.error.tid": "0", - "offset": 0, - "prospector.type": "log" - }, + "@timestamp": "2016-10-25T14:49:34.000Z", + "fileset.module": "nginx", + "fileset.name": "error", + "input.type": "log", + "nginx.error.connection_id": "1", + "nginx.error.level": "error", + "nginx.error.message": "open() \"/usr/local/Cellar/nginx/1.10.2_1/html/favicon.ico\" failed (2: No such file or directory), client: 127.0.0.1, server: localhost, request: \"GET /favicon.ico HTTP/1.1\", host: \"localhost:8080\", referrer: \"http://localhost:8080/\"", + "nginx.error.pid": "54053", + "nginx.error.tid": "0", + "offset": 0 + }, { - "@timestamp": "2016-10-25T14:50:44.000Z", - "fileset.module": "nginx", - "fileset.name": "error", - "input.type": "log", - "nginx.error.connection_id": "3", - "nginx.error.level": "error", - "nginx.error.message": "open() \"/usr/local/Cellar/nginx/1.10.2_1/html/adsasd\" failed (2: No such file or directory), client: 127.0.0.1, server: localhost, request: \"GET /adsasd HTTP/1.1\", host: \"localhost:8080\"", - "nginx.error.pid": "54053", - "nginx.error.tid": "0", - "offset": 273, - "prospector.type": "log" + "@timestamp": "2016-10-25T14:50:44.000Z", + "fileset.module": "nginx", + "fileset.name": "error", + "input.type": "log", + "nginx.error.connection_id": "3", + "nginx.error.level": "error", + "nginx.error.message": "open() \"/usr/local/Cellar/nginx/1.10.2_1/html/adsasd\" failed (2: No such file or directory), client: 127.0.0.1, server: localhost, request: \"GET /adsasd HTTP/1.1\", host: \"localhost:8080\"", + "nginx.error.pid": "54053", + "nginx.error.tid": "0", + "offset": 273 } -] \ No newline at end of file +] diff --git a/filebeat/module/osquery/result/test/test.log-expected.json b/filebeat/module/osquery/result/test/test.log-expected.json index 64901ccec607..c6892cc64ce3 100644 --- a/filebeat/module/osquery/result/test/test.log-expected.json +++ b/filebeat/module/osquery/result/test/test.log-expected.json @@ -1,30 +1,29 @@ [ { - "@timestamp": "2017-12-28T14:40:08.000Z", - "fileset.module": "osquery", - "fileset.name": "result", - "input.type": "log", - "offset": 0, - "osquery.result.action": "removed", - "osquery.result.calendar_time": "Thu Dec 28 14:40:08 2017 UTC", - "osquery.result.columns.blocks": "122061322", - "osquery.result.columns.blocks_available": "75966945", - "osquery.result.columns.blocks_free": "121274885", - "osquery.result.columns.blocks_size": "4096", - "osquery.result.columns.device": "/dev/disk1s4", - "osquery.result.columns.device_alias": "/dev/disk1s4", - "osquery.result.columns.flags": "345018372", - "osquery.result.columns.inodes": "9223372036854775807", - "osquery.result.columns.inodes_free": "9223372036854775804", - "osquery.result.columns.path": "/private/var/vm", - "osquery.result.columns.type": "apfs", - "osquery.result.counter": "1", - "osquery.result.decorations.host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", - "osquery.result.decorations.username": "tsg", - "osquery.result.epoch": "0", - "osquery.result.host_identifier": "192-168-0-4.rdsnet.ro", - "osquery.result.name": "pack_it-compliance_mounts", - "osquery.result.unix_time": "1514472008", - "prospector.type": "log" + "@timestamp": "2017-12-28T14:40:08.000Z", + "fileset.module": "osquery", + "fileset.name": "result", + "input.type": "log", + "offset": 0, + "osquery.result.action": "removed", + "osquery.result.calendar_time": "Thu Dec 28 14:40:08 2017 UTC", + "osquery.result.columns.blocks": "122061322", + "osquery.result.columns.blocks_available": "75966945", + "osquery.result.columns.blocks_free": "121274885", + "osquery.result.columns.blocks_size": "4096", + "osquery.result.columns.device": "/dev/disk1s4", + "osquery.result.columns.device_alias": "/dev/disk1s4", + "osquery.result.columns.flags": "345018372", + "osquery.result.columns.inodes": "9223372036854775807", + "osquery.result.columns.inodes_free": "9223372036854775804", + "osquery.result.columns.path": "/private/var/vm", + "osquery.result.columns.type": "apfs", + "osquery.result.counter": "1", + "osquery.result.decorations.host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", + "osquery.result.decorations.username": "tsg", + "osquery.result.epoch": "0", + "osquery.result.host_identifier": "192-168-0-4.rdsnet.ro", + "osquery.result.name": "pack_it-compliance_mounts", + "osquery.result.unix_time": "1514472008" } -] \ No newline at end of file +] diff --git a/filebeat/module/postgresql/log/test/postgresql-9.6-debian-with-slowlog.log-expected.json b/filebeat/module/postgresql/log/test/postgresql-9.6-debian-with-slowlog.log-expected.json index b17481ca76b3..2ba05c6cf45b 100644 --- a/filebeat/module/postgresql/log/test/postgresql-9.6-debian-with-slowlog.log-expected.json +++ b/filebeat/module/postgresql/log/test/postgresql-9.6-debian-with-slowlog.log-expected.json @@ -1,308 +1,290 @@ [ { - "@timestamp": "2017-07-31T13:36:42.585Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", - "message": "2017-07-31 13:36:42.585 CEST [4974] LOG: database system was shut down at 2017-06-17 16:58:04 CEST", - "offset": 0, - "postgresql.log.level": "LOG", - "postgresql.log.message": "database system was shut down at 2017-06-17 16:58:04 CEST", - "postgresql.log.thread_id": "4974", - "postgresql.log.timestamp": "2017-07-31 13:36:42.585", - "postgresql.log.timezone": "CEST", - "prospector.type": "log" - }, + "@timestamp": "2017-07-31T13:36:42.585Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", + "message": "2017-07-31 13:36:42.585 CEST [4974] LOG: database system was shut down at 2017-06-17 16:58:04 CEST", + "offset": 0, + "postgresql.log.level": "LOG", + "postgresql.log.message": "database system was shut down at 2017-06-17 16:58:04 CEST", + "postgresql.log.thread_id": "4974", + "postgresql.log.timestamp": "2017-07-31 13:36:42.585", + "postgresql.log.timezone": "CEST" + }, { - "@timestamp": "2017-07-31T13:36:42.605Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", - "message": "2017-07-31 13:36:42.605 CEST [4974] LOG: MultiXact member wraparound protections are now enabled", - "offset": 100, - "postgresql.log.level": "LOG", - "postgresql.log.message": "MultiXact member wraparound protections are now enabled", - "postgresql.log.thread_id": "4974", - "postgresql.log.timestamp": "2017-07-31 13:36:42.605", - "postgresql.log.timezone": "CEST", - "prospector.type": "log" - }, + "@timestamp": "2017-07-31T13:36:42.605Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", + "message": "2017-07-31 13:36:42.605 CEST [4974] LOG: MultiXact member wraparound protections are now enabled", + "offset": 100, + "postgresql.log.level": "LOG", + "postgresql.log.message": "MultiXact member wraparound protections are now enabled", + "postgresql.log.thread_id": "4974", + "postgresql.log.timestamp": "2017-07-31 13:36:42.605", + "postgresql.log.timezone": "CEST" + }, { - "@timestamp": "2017-07-31T13:36:42.615Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", - "message": "2017-07-31 13:36:42.615 CEST [4978] LOG: autovacuum launcher started", - "offset": 198, - "postgresql.log.level": "LOG", - "postgresql.log.message": "autovacuum launcher started", - "postgresql.log.thread_id": "4978", - "postgresql.log.timestamp": "2017-07-31 13:36:42.615", - "postgresql.log.timezone": "CEST", - "prospector.type": "log" - }, + "@timestamp": "2017-07-31T13:36:42.615Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", + "message": "2017-07-31 13:36:42.615 CEST [4978] LOG: autovacuum launcher started", + "offset": 198, + "postgresql.log.level": "LOG", + "postgresql.log.message": "autovacuum launcher started", + "postgresql.log.thread_id": "4978", + "postgresql.log.timestamp": "2017-07-31 13:36:42.615", + "postgresql.log.timezone": "CEST" + }, { - "@timestamp": "2017-07-31T13:36:42.616Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", - "message": "2017-07-31 13:36:42.616 CEST [4973] LOG: database system is ready to accept connections", - "offset": 268, - "postgresql.log.level": "LOG", - "postgresql.log.message": "database system is ready to accept connections", - "postgresql.log.thread_id": "4973", - "postgresql.log.timestamp": "2017-07-31 13:36:42.616", - "postgresql.log.timezone": "CEST", - "prospector.type": "log" - }, + "@timestamp": "2017-07-31T13:36:42.616Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", + "message": "2017-07-31 13:36:42.616 CEST [4973] LOG: database system is ready to accept connections", + "offset": 268, + "postgresql.log.level": "LOG", + "postgresql.log.message": "database system is ready to accept connections", + "postgresql.log.thread_id": "4973", + "postgresql.log.timestamp": "2017-07-31 13:36:42.616", + "postgresql.log.timezone": "CEST" + }, { - "@timestamp": "2017-07-31T13:36:42.956Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", - "message": "2017-07-31 13:36:42.956 CEST [4980] [unknown]@[unknown] LOG: incomplete startup packet", - "offset": 357, - "postgresql.log.database": "unknown", - "postgresql.log.level": "LOG", - "postgresql.log.message": "incomplete startup packet", - "postgresql.log.thread_id": "4980", - "postgresql.log.timestamp": "2017-07-31 13:36:42.956", - "postgresql.log.timezone": "CEST", - "postgresql.log.user": "unknown", - "prospector.type": "log" - }, + "@timestamp": "2017-07-31T13:36:42.956Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", + "message": "2017-07-31 13:36:42.956 CEST [4980] [unknown]@[unknown] LOG: incomplete startup packet", + "offset": 357, + "postgresql.log.database": "unknown", + "postgresql.log.level": "LOG", + "postgresql.log.message": "incomplete startup packet", + "postgresql.log.thread_id": "4980", + "postgresql.log.timestamp": "2017-07-31 13:36:42.956", + "postgresql.log.timezone": "CEST", + "postgresql.log.user": "unknown" + }, { - "@timestamp": "2017-07-31T13:36:43.557Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", + "@timestamp": "2017-07-31T13:36:43.557Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", "log.flags": [ "multiline" - ], - "message": "2017-07-31 13:36:43.557 CEST [4983] postgres@postgres LOG: duration: 37.118 ms statement: SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", - "offset": 445, - "postgresql.log.database": "postgres", - "postgresql.log.duration": "37.118", - "postgresql.log.level": "LOG", - "postgresql.log.query": "SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", - "postgresql.log.thread_id": "4983", - "postgresql.log.timestamp": "2017-07-31 13:36:43.557", - "postgresql.log.timezone": "CEST", - "postgresql.log.user": "postgres", - "prospector.type": "log" - }, + ], + "message": "2017-07-31 13:36:43.557 CEST [4983] postgres@postgres LOG: duration: 37.118 ms statement: SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", + "offset": 445, + "postgresql.log.database": "postgres", + "postgresql.log.duration": "37.118", + "postgresql.log.level": "LOG", + "postgresql.log.query": "SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", + "postgresql.log.thread_id": "4983", + "postgresql.log.timestamp": "2017-07-31 13:36:43.557", + "postgresql.log.timezone": "CEST", + "postgresql.log.user": "postgres" + }, { - "@timestamp": "2017-07-31T13:36:44.104Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", + "@timestamp": "2017-07-31T13:36:44.104Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", "log.flags": [ "multiline" - ], - "message": "2017-07-31 13:36:44.104 CEST [4986] postgres@postgres LOG: duration: 2.895 ms statement: SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", - "offset": 873, - "postgresql.log.database": "postgres", - "postgresql.log.duration": "2.895", - "postgresql.log.level": "LOG", - "postgresql.log.query": "SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", - "postgresql.log.thread_id": "4986", - "postgresql.log.timestamp": "2017-07-31 13:36:44.104", - "postgresql.log.timezone": "CEST", - "postgresql.log.user": "postgres", - "prospector.type": "log" - }, + ], + "message": "2017-07-31 13:36:44.104 CEST [4986] postgres@postgres LOG: duration: 2.895 ms statement: SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", + "offset": 873, + "postgresql.log.database": "postgres", + "postgresql.log.duration": "2.895", + "postgresql.log.level": "LOG", + "postgresql.log.query": "SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", + "postgresql.log.thread_id": "4986", + "postgresql.log.timestamp": "2017-07-31 13:36:44.104", + "postgresql.log.timezone": "CEST", + "postgresql.log.user": "postgres" + }, { - "@timestamp": "2017-07-31T13:36:44.642Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", + "@timestamp": "2017-07-31T13:36:44.642Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", "log.flags": [ "multiline" - ], - "message": "2017-07-31 13:36:44.642 CEST [4989] postgres@postgres LOG: duration: 2.809 ms statement: SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", - "offset": 1300, - "postgresql.log.database": "postgres", - "postgresql.log.duration": "2.809", - "postgresql.log.level": "LOG", - "postgresql.log.query": "SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", - "postgresql.log.thread_id": "4989", - "postgresql.log.timestamp": "2017-07-31 13:36:44.642", - "postgresql.log.timezone": "CEST", - "postgresql.log.user": "postgres", - "prospector.type": "log" - }, + ], + "message": "2017-07-31 13:36:44.642 CEST [4989] postgres@postgres LOG: duration: 2.809 ms statement: SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", + "offset": 1300, + "postgresql.log.database": "postgres", + "postgresql.log.duration": "2.809", + "postgresql.log.level": "LOG", + "postgresql.log.query": "SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", + "postgresql.log.thread_id": "4989", + "postgresql.log.timestamp": "2017-07-31 13:36:44.642", + "postgresql.log.timezone": "CEST", + "postgresql.log.user": "postgres" + }, { - "@timestamp": "2017-07-31T13:39:16.249Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", - "message": "2017-07-31 13:39:16.249 CEST [5407] postgres@users FATAL: database \"users\" does not exist", - "offset": 1727, - "postgresql.log.database": "users", - "postgresql.log.level": "FATAL", - "postgresql.log.message": "database \"users\" does not exist", - "postgresql.log.thread_id": "5407", - "postgresql.log.timestamp": "2017-07-31 13:39:16.249", - "postgresql.log.timezone": "CEST", - "postgresql.log.user": "postgres", - "prospector.type": "log" - }, + "@timestamp": "2017-07-31T13:39:16.249Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", + "message": "2017-07-31 13:39:16.249 CEST [5407] postgres@users FATAL: database \"users\" does not exist", + "offset": 1727, + "postgresql.log.database": "users", + "postgresql.log.level": "FATAL", + "postgresql.log.message": "database \"users\" does not exist", + "postgresql.log.thread_id": "5407", + "postgresql.log.timestamp": "2017-07-31 13:39:16.249", + "postgresql.log.timezone": "CEST", + "postgresql.log.user": "postgres" + }, { - "@timestamp": "2017-07-31T13:39:17.945Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", - "message": "2017-07-31 13:39:17.945 CEST [5500] postgres@user FATAL: database \"user\" does not exist", - "offset": 1818, - "postgresql.log.database": "user", - "postgresql.log.level": "FATAL", - "postgresql.log.message": "database \"user\" does not exist", - "postgresql.log.thread_id": "5500", - "postgresql.log.timestamp": "2017-07-31 13:39:17.945", - "postgresql.log.timezone": "CEST", - "postgresql.log.user": "postgres", - "prospector.type": "log" - }, + "@timestamp": "2017-07-31T13:39:17.945Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", + "message": "2017-07-31 13:39:17.945 CEST [5500] postgres@user FATAL: database \"user\" does not exist", + "offset": 1818, + "postgresql.log.database": "user", + "postgresql.log.level": "FATAL", + "postgresql.log.message": "database \"user\" does not exist", + "postgresql.log.thread_id": "5500", + "postgresql.log.timestamp": "2017-07-31 13:39:17.945", + "postgresql.log.timezone": "CEST", + "postgresql.log.user": "postgres" + }, { - "@timestamp": "2017-07-31T13:39:21.025Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", + "@timestamp": "2017-07-31T13:39:21.025Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", "log.flags": [ "multiline" - ], - "message": "2017-07-31 13:39:21.025 CEST [5404] postgres@postgres LOG: duration: 37.598 ms statement: SELECT n.nspname as \"Schema\",\n\t c.relname as \"Name\",\n\t CASE c.relkind WHEN 'r' THEN 'table' WHEN 'v' THEN 'view' WHEN 'm' THEN 'materialized view' WHEN 'i' THEN 'index' WHEN 'S' THEN 'sequence' WHEN 's' THEN 'special' WHEN 'f' THEN 'foreign table' END as \"Type\",\n\t pg_catalog.pg_get_userbyid(c.relowner) as \"Owner\"\n\tFROM pg_catalog.pg_class c\n\t LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace\n\tWHERE c.relkind IN ('r','')\n\t AND n.nspname <> 'pg_catalog'\n\t AND n.nspname <> 'information_schema'\n\t AND n.nspname !~ '^pg_toast'\n\t AND pg_catalog.pg_table_is_visible(c.oid)\n\tORDER BY 1,2;", - "offset": 1907, - "postgresql.log.database": "postgres", - "postgresql.log.duration": "37.598", - "postgresql.log.level": "LOG", - "postgresql.log.query": "SELECT n.nspname as \"Schema\",\n\t c.relname as \"Name\",\n\t CASE c.relkind WHEN 'r' THEN 'table' WHEN 'v' THEN 'view' WHEN 'm' THEN 'materialized view' WHEN 'i' THEN 'index' WHEN 'S' THEN 'sequence' WHEN 's' THEN 'special' WHEN 'f' THEN 'foreign table' END as \"Type\",\n\t pg_catalog.pg_get_userbyid(c.relowner) as \"Owner\"\n\tFROM pg_catalog.pg_class c\n\t LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace\n\tWHERE c.relkind IN ('r','')\n\t AND n.nspname <> 'pg_catalog'\n\t AND n.nspname <> 'information_schema'\n\t AND n.nspname !~ '^pg_toast'\n\t AND pg_catalog.pg_table_is_visible(c.oid)\n\tORDER BY 1,2;", - "postgresql.log.thread_id": "5404", - "postgresql.log.timestamp": "2017-07-31 13:39:21.025", - "postgresql.log.timezone": "CEST", - "postgresql.log.user": "postgres", - "prospector.type": "log" - }, + ], + "message": "2017-07-31 13:39:21.025 CEST [5404] postgres@postgres LOG: duration: 37.598 ms statement: SELECT n.nspname as \"Schema\",\n\t c.relname as \"Name\",\n\t CASE c.relkind WHEN 'r' THEN 'table' WHEN 'v' THEN 'view' WHEN 'm' THEN 'materialized view' WHEN 'i' THEN 'index' WHEN 'S' THEN 'sequence' WHEN 's' THEN 'special' WHEN 'f' THEN 'foreign table' END as \"Type\",\n\t pg_catalog.pg_get_userbyid(c.relowner) as \"Owner\"\n\tFROM pg_catalog.pg_class c\n\t LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace\n\tWHERE c.relkind IN ('r','')\n\t AND n.nspname <> 'pg_catalog'\n\t AND n.nspname <> 'information_schema'\n\t AND n.nspname !~ '^pg_toast'\n\t AND pg_catalog.pg_table_is_visible(c.oid)\n\tORDER BY 1,2;", + "offset": 1907, + "postgresql.log.database": "postgres", + "postgresql.log.duration": "37.598", + "postgresql.log.level": "LOG", + "postgresql.log.query": "SELECT n.nspname as \"Schema\",\n\t c.relname as \"Name\",\n\t CASE c.relkind WHEN 'r' THEN 'table' WHEN 'v' THEN 'view' WHEN 'm' THEN 'materialized view' WHEN 'i' THEN 'index' WHEN 'S' THEN 'sequence' WHEN 's' THEN 'special' WHEN 'f' THEN 'foreign table' END as \"Type\",\n\t pg_catalog.pg_get_userbyid(c.relowner) as \"Owner\"\n\tFROM pg_catalog.pg_class c\n\t LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace\n\tWHERE c.relkind IN ('r','')\n\t AND n.nspname <> 'pg_catalog'\n\t AND n.nspname <> 'information_schema'\n\t AND n.nspname !~ '^pg_toast'\n\t AND pg_catalog.pg_table_is_visible(c.oid)\n\tORDER BY 1,2;", + "postgresql.log.thread_id": "5404", + "postgresql.log.timestamp": "2017-07-31 13:39:21.025", + "postgresql.log.timezone": "CEST", + "postgresql.log.user": "postgres" + }, { - "@timestamp": "2017-07-31T13:39:31.619Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", - "message": "2017-07-31 13:39:31.619 CEST [5502] postgres@clients LOG: duration: 9.482 ms statement: select * from clients;", - "offset": 2620, - "postgresql.log.database": "clients", - "postgresql.log.duration": "9.482", - "postgresql.log.level": "LOG", - "postgresql.log.query": "select * from clients;", - "postgresql.log.thread_id": "5502", - "postgresql.log.timestamp": "2017-07-31 13:39:31.619", - "postgresql.log.timezone": "CEST", - "postgresql.log.user": "postgres", - "prospector.type": "log" - }, + "@timestamp": "2017-07-31T13:39:31.619Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", + "message": "2017-07-31 13:39:31.619 CEST [5502] postgres@clients LOG: duration: 9.482 ms statement: select * from clients;", + "offset": 2620, + "postgresql.log.database": "clients", + "postgresql.log.duration": "9.482", + "postgresql.log.level": "LOG", + "postgresql.log.query": "select * from clients;", + "postgresql.log.thread_id": "5502", + "postgresql.log.timestamp": "2017-07-31 13:39:31.619", + "postgresql.log.timezone": "CEST", + "postgresql.log.user": "postgres" + }, { - "@timestamp": "2017-07-31T13:39:40.147Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", - "message": "2017-07-31 13:39:40.147 CEST [5502] postgres@clients LOG: duration: 0.765 ms statement: select id from clients;", - "offset": 2733, - "postgresql.log.database": "clients", - "postgresql.log.duration": "0.765", - "postgresql.log.level": "LOG", - "postgresql.log.query": "select id from clients;", - "postgresql.log.thread_id": "5502", - "postgresql.log.timestamp": "2017-07-31 13:39:40.147", - "postgresql.log.timezone": "CEST", - "postgresql.log.user": "postgres", - "prospector.type": "log" - }, + "@timestamp": "2017-07-31T13:39:40.147Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", + "message": "2017-07-31 13:39:40.147 CEST [5502] postgres@clients LOG: duration: 0.765 ms statement: select id from clients;", + "offset": 2733, + "postgresql.log.database": "clients", + "postgresql.log.duration": "0.765", + "postgresql.log.level": "LOG", + "postgresql.log.query": "select id from clients;", + "postgresql.log.thread_id": "5502", + "postgresql.log.timestamp": "2017-07-31 13:39:40.147", + "postgresql.log.timezone": "CEST", + "postgresql.log.user": "postgres" + }, { - "@timestamp": "2017-07-31T13:40:54.310Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", + "@timestamp": "2017-07-31T13:40:54.310Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", "log.flags": [ "multiline" - ], - "message": "2017-07-31 13:40:54.310 CEST [5502] postgres@clients LOG: duration: 26.082 ms statement: SELECT n.nspname as \"Schema\",\n\t c.relname as \"Name\",\n\t CASE c.relkind WHEN 'r' THEN 'table' WHEN 'v' THEN 'view' WHEN 'm' THEN 'materialized view' WHEN 'i' THEN 'index' WHEN 'S' THEN 'sequence' WHEN 's' THEN 'special' WHEN 'f' THEN 'foreign table' END as \"Type\",\n\t pg_catalog.pg_get_userbyid(c.relowner) as \"Owner\"\n\tFROM pg_catalog.pg_class c\n\t LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace\n\tWHERE c.relkind IN ('r','')\n\t AND n.nspname <> 'pg_catalog'\n\t AND n.nspname <> 'information_schema'\n\t AND n.nspname !~ '^pg_toast'\n\t AND pg_catalog.pg_table_is_visible(c.oid)\n\tORDER BY 1,2;", - "offset": 2847, - "postgresql.log.database": "clients", - "postgresql.log.duration": "26.082", - "postgresql.log.level": "LOG", - "postgresql.log.query": "SELECT n.nspname as \"Schema\",\n\t c.relname as \"Name\",\n\t CASE c.relkind WHEN 'r' THEN 'table' WHEN 'v' THEN 'view' WHEN 'm' THEN 'materialized view' WHEN 'i' THEN 'index' WHEN 'S' THEN 'sequence' WHEN 's' THEN 'special' WHEN 'f' THEN 'foreign table' END as \"Type\",\n\t pg_catalog.pg_get_userbyid(c.relowner) as \"Owner\"\n\tFROM pg_catalog.pg_class c\n\t LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace\n\tWHERE c.relkind IN ('r','')\n\t AND n.nspname <> 'pg_catalog'\n\t AND n.nspname <> 'information_schema'\n\t AND n.nspname !~ '^pg_toast'\n\t AND pg_catalog.pg_table_is_visible(c.oid)\n\tORDER BY 1,2;", - "postgresql.log.thread_id": "5502", - "postgresql.log.timestamp": "2017-07-31 13:40:54.310", - "postgresql.log.timezone": "CEST", - "postgresql.log.user": "postgres", - "prospector.type": "log" - }, + ], + "message": "2017-07-31 13:40:54.310 CEST [5502] postgres@clients LOG: duration: 26.082 ms statement: SELECT n.nspname as \"Schema\",\n\t c.relname as \"Name\",\n\t CASE c.relkind WHEN 'r' THEN 'table' WHEN 'v' THEN 'view' WHEN 'm' THEN 'materialized view' WHEN 'i' THEN 'index' WHEN 'S' THEN 'sequence' WHEN 's' THEN 'special' WHEN 'f' THEN 'foreign table' END as \"Type\",\n\t pg_catalog.pg_get_userbyid(c.relowner) as \"Owner\"\n\tFROM pg_catalog.pg_class c\n\t LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace\n\tWHERE c.relkind IN ('r','')\n\t AND n.nspname <> 'pg_catalog'\n\t AND n.nspname <> 'information_schema'\n\t AND n.nspname !~ '^pg_toast'\n\t AND pg_catalog.pg_table_is_visible(c.oid)\n\tORDER BY 1,2;", + "offset": 2847, + "postgresql.log.database": "clients", + "postgresql.log.duration": "26.082", + "postgresql.log.level": "LOG", + "postgresql.log.query": "SELECT n.nspname as \"Schema\",\n\t c.relname as \"Name\",\n\t CASE c.relkind WHEN 'r' THEN 'table' WHEN 'v' THEN 'view' WHEN 'm' THEN 'materialized view' WHEN 'i' THEN 'index' WHEN 'S' THEN 'sequence' WHEN 's' THEN 'special' WHEN 'f' THEN 'foreign table' END as \"Type\",\n\t pg_catalog.pg_get_userbyid(c.relowner) as \"Owner\"\n\tFROM pg_catalog.pg_class c\n\t LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace\n\tWHERE c.relkind IN ('r','')\n\t AND n.nspname <> 'pg_catalog'\n\t AND n.nspname <> 'information_schema'\n\t AND n.nspname !~ '^pg_toast'\n\t AND pg_catalog.pg_table_is_visible(c.oid)\n\tORDER BY 1,2;", + "postgresql.log.thread_id": "5502", + "postgresql.log.timestamp": "2017-07-31 13:40:54.310", + "postgresql.log.timezone": "CEST", + "postgresql.log.user": "postgres" + }, { - "@timestamp": "2017-07-31T13:43:22.645Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", - "message": "2017-07-31 13:43:22.645 CEST [5502] postgres@clients LOG: duration: 36.162 ms statement: create table cats(name varchar(50) primary key, toy varchar (50) not null, born timestamp not null);", - "offset": 3559, - "postgresql.log.database": "clients", - "postgresql.log.duration": "36.162", - "postgresql.log.level": "LOG", - "postgresql.log.query": "create table cats(name varchar(50) primary key, toy varchar (50) not null, born timestamp not null);", - "postgresql.log.thread_id": "5502", - "postgresql.log.timestamp": "2017-07-31 13:43:22.645", - "postgresql.log.timezone": "CEST", - "postgresql.log.user": "postgres", - "prospector.type": "log" - }, + "@timestamp": "2017-07-31T13:43:22.645Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", + "message": "2017-07-31 13:43:22.645 CEST [5502] postgres@clients LOG: duration: 36.162 ms statement: create table cats(name varchar(50) primary key, toy varchar (50) not null, born timestamp not null);", + "offset": 3559, + "postgresql.log.database": "clients", + "postgresql.log.duration": "36.162", + "postgresql.log.level": "LOG", + "postgresql.log.query": "create table cats(name varchar(50) primary key, toy varchar (50) not null, born timestamp not null);", + "postgresql.log.thread_id": "5502", + "postgresql.log.timestamp": "2017-07-31 13:43:22.645", + "postgresql.log.timezone": "CEST", + "postgresql.log.user": "postgres" + }, { - "@timestamp": "2017-07-31T13:46:02.670Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", - "message": "2017-07-31 13:46:02.670 CEST [5502] postgres@c$lients LOG: duration: 10.540 ms statement: insert into cats(name, toy, born) values('kate', 'ball', now());", - "offset": 3751, - "postgresql.log.database": "c$lients", - "postgresql.log.duration": "10.540", - "postgresql.log.level": "LOG", - "postgresql.log.query": "insert into cats(name, toy, born) values('kate', 'ball', now());", - "postgresql.log.thread_id": "5502", - "postgresql.log.timestamp": "2017-07-31 13:46:02.670", - "postgresql.log.timezone": "CEST", - "postgresql.log.user": "postgres", - "prospector.type": "log" - }, + "@timestamp": "2017-07-31T13:46:02.670Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", + "message": "2017-07-31 13:46:02.670 CEST [5502] postgres@c$lients LOG: duration: 10.540 ms statement: insert into cats(name, toy, born) values('kate', 'ball', now());", + "offset": 3751, + "postgresql.log.database": "c$lients", + "postgresql.log.duration": "10.540", + "postgresql.log.level": "LOG", + "postgresql.log.query": "insert into cats(name, toy, born) values('kate', 'ball', now());", + "postgresql.log.thread_id": "5502", + "postgresql.log.timestamp": "2017-07-31 13:46:02.670", + "postgresql.log.timezone": "CEST", + "postgresql.log.user": "postgres" + }, { - "@timestamp": "2017-07-31T13:46:23.016Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", - "message": "2017-07-31 13:46:23.016 CEST [5502] postgres@_clients$db LOG: duration: 5.156 ms statement: insert into cats(name, toy, born) values('frida', 'horse', now());", - "offset": 3908, - "postgresql.log.database": "_clients$db", - "postgresql.log.duration": "5.156", - "postgresql.log.level": "LOG", - "postgresql.log.query": "insert into cats(name, toy, born) values('frida', 'horse', now());", - "postgresql.log.thread_id": "5502", - "postgresql.log.timestamp": "2017-07-31 13:46:23.016", - "postgresql.log.timezone": "CEST", - "postgresql.log.user": "postgres", - "prospector.type": "log" - }, + "@timestamp": "2017-07-31T13:46:23.016Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", + "message": "2017-07-31 13:46:23.016 CEST [5502] postgres@_clients$db LOG: duration: 5.156 ms statement: insert into cats(name, toy, born) values('frida', 'horse', now());", + "offset": 3908, + "postgresql.log.database": "_clients$db", + "postgresql.log.duration": "5.156", + "postgresql.log.level": "LOG", + "postgresql.log.query": "insert into cats(name, toy, born) values('frida', 'horse', now());", + "postgresql.log.thread_id": "5502", + "postgresql.log.timestamp": "2017-07-31 13:46:23.016", + "postgresql.log.timezone": "CEST", + "postgresql.log.user": "postgres" + }, { - "@timestamp": "2017-07-31T13:46:55.637Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", - "message": "2017-07-31 13:46:55.637 CEST [5502] postgres@clients_db LOG: duration: 25.871 ms statement: create table dogs(name varchar(50) primary key, owner varchar (50) not null, born timestamp not null);", - "offset": 4069, - "postgresql.log.database": "clients_db", - "postgresql.log.duration": "25.871", - "postgresql.log.level": "LOG", - "postgresql.log.query": "create table dogs(name varchar(50) primary key, owner varchar (50) not null, born timestamp not null);", - "postgresql.log.thread_id": "5502", - "postgresql.log.timestamp": "2017-07-31 13:46:55.637", - "postgresql.log.timezone": "CEST", - "postgresql.log.user": "postgres", - "prospector.type": "log" + "@timestamp": "2017-07-31T13:46:55.637Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", + "message": "2017-07-31 13:46:55.637 CEST [5502] postgres@clients_db LOG: duration: 25.871 ms statement: create table dogs(name varchar(50) primary key, owner varchar (50) not null, born timestamp not null);", + "offset": 4069, + "postgresql.log.database": "clients_db", + "postgresql.log.duration": "25.871", + "postgresql.log.level": "LOG", + "postgresql.log.query": "create table dogs(name varchar(50) primary key, owner varchar (50) not null, born timestamp not null);", + "postgresql.log.thread_id": "5502", + "postgresql.log.timestamp": "2017-07-31 13:46:55.637", + "postgresql.log.timezone": "CEST", + "postgresql.log.user": "postgres" } -] \ No newline at end of file +] diff --git a/filebeat/module/redis/log/test/test.log-expected.json b/filebeat/module/redis/log/test/test.log-expected.json index 3fd7f8f34547..bbd47176fdbd 100644 --- a/filebeat/module/redis/log/test/test.log-expected.json +++ b/filebeat/module/redis/log/test/test.log-expected.json @@ -1,44 +1,40 @@ [ { - "@timestamp": "2018-05-30T12:23:52.442Z", - "fileset.module": "redis", - "fileset.name": "log", - "input.type": "log", - "offset": 0, - "prospector.type": "log", - "redis.log.level": "notice", - "redis.log.message": "Saving the final RDB snapshot before exiting.", - "redis.log.pid": "98738", + "@timestamp": "2018-05-30T12:23:52.442Z", + "fileset.module": "redis", + "fileset.name": "log", + "input.type": "log", + "offset": 0, + "redis.log.level": "notice", + "redis.log.message": "Saving the final RDB snapshot before exiting.", + "redis.log.pid": "98738", "redis.log.role": "master" - }, + }, { - "@timestamp": "2018-05-30T10:05:20.000Z", - "fileset.module": "redis", - "fileset.name": "log", - "input.type": "log", - "offset": 76, - "prospector.type": "log", - "redis.log.level": "debug", + "@timestamp": "2018-05-30T10:05:20.000Z", + "fileset.module": "redis", + "fileset.name": "log", + "input.type": "log", + "offset": 76, + "redis.log.level": "debug", "redis.log.message": "0 clients connected (0 slaves), 618932 bytes in use, 0 shared objects." - }, + }, { - "@timestamp": "2018-05-31T04:32:08.000Z", - "fileset.module": "redis", - "fileset.name": "log", - "input.type": "log", - "offset": 165, - "prospector.type": "log", - "redis.log.level": "notice", + "@timestamp": "2018-05-31T04:32:08.000Z", + "fileset.module": "redis", + "fileset.name": "log", + "input.type": "log", + "offset": 165, + "redis.log.level": "notice", "redis.log.message": "The server is now ready to accept connections on port 6379\"" - }, + }, { - "@timestamp": "2017-05-30T10:57:24.000Z", - "fileset.module": "redis", - "fileset.name": "log", - "input.type": "log", - "offset": 250, - "prospector.type": "log", - "redis.log.message": "Received SIGINT scheduling shutdown...", + "@timestamp": "2017-05-30T10:57:24.000Z", + "fileset.module": "redis", + "fileset.name": "log", + "input.type": "log", + "offset": 250, + "redis.log.message": "Received SIGINT scheduling shutdown...", "redis.log.pid": "5092" } -] \ No newline at end of file +] diff --git a/filebeat/module/system/auth/test/test.log-expected.json b/filebeat/module/system/auth/test/test.log-expected.json index c99cbeb2fa3d..150fd3cd4fd1 100644 --- a/filebeat/module/system/auth/test/test.log-expected.json +++ b/filebeat/module/system/auth/test/test.log-expected.json @@ -1,158 +1,148 @@ [ { - "@timestamp": "2018-02-21T21:54:44.000Z", - "fileset.module": "system", - "fileset.name": "auth", - "input.type": "log", - "offset": 0, - "prospector.type": "log", - "system.auth.hostname": "localhost", - "system.auth.pid": "3402", - "system.auth.ssh.event": "Accepted", - "system.auth.ssh.ip": "10.0.2.2", - "system.auth.ssh.method": "publickey", - "system.auth.ssh.port": "63673", - "system.auth.ssh.signature": "RSA 39:33:99:e9:a0:dc:f2:33:a3:e5:72:3b:7c:3a:56:84", - "system.auth.timestamp": "Feb 21 21:54:44", + "@timestamp": "2018-02-21T21:54:44.000Z", + "fileset.module": "system", + "fileset.name": "auth", + "input.type": "log", + "offset": 0, + "system.auth.hostname": "localhost", + "system.auth.pid": "3402", + "system.auth.ssh.event": "Accepted", + "system.auth.ssh.ip": "10.0.2.2", + "system.auth.ssh.method": "publickey", + "system.auth.ssh.port": "63673", + "system.auth.ssh.signature": "RSA 39:33:99:e9:a0:dc:f2:33:a3:e5:72:3b:7c:3a:56:84", + "system.auth.timestamp": "Feb 21 21:54:44", "system.auth.user": "vagrant" - }, + }, { - "@timestamp": "2018-02-23T00:13:35.000Z", - "fileset.module": "system", - "fileset.name": "auth", - "input.type": "log", - "offset": 152, - "prospector.type": "log", - "system.auth.hostname": "localhost", - "system.auth.pid": "7483", - "system.auth.ssh.event": "Accepted", - "system.auth.ssh.ip": "192.168.33.1", - "system.auth.ssh.method": "password", - "system.auth.ssh.port": "58803", - "system.auth.timestamp": "Feb 23 00:13:35", + "@timestamp": "2018-02-23T00:13:35.000Z", + "fileset.module": "system", + "fileset.name": "auth", + "input.type": "log", + "offset": 152, + "system.auth.hostname": "localhost", + "system.auth.pid": "7483", + "system.auth.ssh.event": "Accepted", + "system.auth.ssh.ip": "192.168.33.1", + "system.auth.ssh.method": "password", + "system.auth.ssh.port": "58803", + "system.auth.timestamp": "Feb 23 00:13:35", "system.auth.user": "vagrant" - }, + }, { - "@timestamp": "2018-02-21T21:56:12.000Z", - "fileset.module": "system", - "fileset.name": "auth", - "input.type": "log", - "offset": 254, - "prospector.type": "log", - "system.auth.hostname": "localhost", - "system.auth.pid": "3430", - "system.auth.ssh.event": "Invalid", - "system.auth.ssh.ip": "10.0.2.2", - "system.auth.timestamp": "Feb 21 21:56:12", + "@timestamp": "2018-02-21T21:56:12.000Z", + "fileset.module": "system", + "fileset.name": "auth", + "input.type": "log", + "offset": 254, + "system.auth.hostname": "localhost", + "system.auth.pid": "3430", + "system.auth.ssh.event": "Invalid", + "system.auth.ssh.ip": "10.0.2.2", + "system.auth.timestamp": "Feb 21 21:56:12", "system.auth.user": "test" - }, + }, { - "@timestamp": "2018-02-20T08:35:22.000Z", - "fileset.module": "system", - "fileset.name": "auth", - "input.type": "log", - "offset": 324, - "prospector.type": "log", - "system.auth.hostname": "slave22", - "system.auth.pid": "5774", - "system.auth.ssh.event": "Failed", - "system.auth.ssh.geoip.continent_name": "Asia", - "system.auth.ssh.geoip.country_iso_code": "CN", - "system.auth.ssh.geoip.location.lat": 23.1167, - "system.auth.ssh.geoip.location.lon": 113.25, - "system.auth.ssh.geoip.region_iso_code": "CN-GD", - "system.auth.ssh.geoip.region_name": "Guangdong", - "system.auth.ssh.ip": "116.31.116.24", - "system.auth.ssh.method": "password", - "system.auth.ssh.port": "29160", - "system.auth.timestamp": "Feb 20 08:35:22", + "@timestamp": "2018-02-20T08:35:22.000Z", + "fileset.module": "system", + "fileset.name": "auth", + "input.type": "log", + "offset": 324, + "system.auth.hostname": "slave22", + "system.auth.pid": "5774", + "system.auth.ssh.event": "Failed", + "system.auth.ssh.geoip.continent_name": "Asia", + "system.auth.ssh.geoip.country_iso_code": "CN", + "system.auth.ssh.geoip.location.lat": 23.1167, + "system.auth.ssh.geoip.location.lon": 113.25, + "system.auth.ssh.geoip.region_iso_code": "CN-GD", + "system.auth.ssh.geoip.region_name": "Guangdong", + "system.auth.ssh.ip": "116.31.116.24", + "system.auth.ssh.method": "password", + "system.auth.ssh.port": "29160", + "system.auth.timestamp": "Feb 20 08:35:22", "system.auth.user": "root" - }, + }, { - "@timestamp": "2018-02-21T23:35:33.000Z", - "fileset.module": "system", - "fileset.name": "auth", - "input.type": "log", - "offset": 420, - "prospector.type": "log", - "system.auth.hostname": "localhost", - "system.auth.sudo.command": "/bin/ls", - "system.auth.sudo.pwd": "/home/vagrant", - "system.auth.sudo.tty": "pts/0", - "system.auth.sudo.user": "root", - "system.auth.timestamp": "Feb 21 23:35:33", + "@timestamp": "2018-02-21T23:35:33.000Z", + "fileset.module": "system", + "fileset.name": "auth", + "input.type": "log", + "offset": 420, + "system.auth.hostname": "localhost", + "system.auth.sudo.command": "/bin/ls", + "system.auth.sudo.pwd": "/home/vagrant", + "system.auth.sudo.tty": "pts/0", + "system.auth.sudo.user": "root", + "system.auth.timestamp": "Feb 21 23:35:33", "system.auth.user": "vagrant" - }, + }, { - "@timestamp": "2018-02-19T15:30:04.000Z", - "fileset.module": "system", - "fileset.name": "auth", - "input.type": "log", - "offset": 522, - "prospector.type": "log", - "system.auth.hostname": "slave22", - "system.auth.pid": "18406", - "system.auth.ssh.dropped_ip": "123.57.245.163", + "@timestamp": "2018-02-19T15:30:04.000Z", + "fileset.module": "system", + "fileset.name": "auth", + "input.type": "log", + "offset": 522, + "system.auth.hostname": "slave22", + "system.auth.pid": "18406", + "system.auth.ssh.dropped_ip": "123.57.245.163", "system.auth.timestamp": "Feb 19 15:30:04" - }, + }, { - "@timestamp": "2018-02-23T00:08:48.000Z", - "fileset.module": "system", - "fileset.name": "auth", - "input.type": "log", - "offset": 617, - "prospector.type": "log", - "system.auth.hostname": "localhost", - "system.auth.sudo.command": "/bin/cat /var/log/secure", - "system.auth.sudo.pwd": "/home/vagrant", - "system.auth.sudo.tty": "pts/1", - "system.auth.sudo.user": "root", - "system.auth.timestamp": "Feb 23 00:08:48", + "@timestamp": "2018-02-23T00:08:48.000Z", + "fileset.module": "system", + "fileset.name": "auth", + "input.type": "log", + "offset": 617, + "system.auth.hostname": "localhost", + "system.auth.sudo.command": "/bin/cat /var/log/secure", + "system.auth.sudo.pwd": "/home/vagrant", + "system.auth.sudo.tty": "pts/1", + "system.auth.sudo.user": "root", + "system.auth.timestamp": "Feb 23 00:08:48", "system.auth.user": "vagrant" - }, + }, { - "@timestamp": "2018-02-24T00:13:02.000Z", - "fileset.module": "system", - "fileset.name": "auth", - "input.type": "log", - "offset": 736, - "prospector.type": "log", - "system.auth.hostname": "precise32", - "system.auth.sudo.command": "/bin/ls", - "system.auth.sudo.error": "user NOT in sudoers", - "system.auth.sudo.pwd": "/home/vagrant", - "system.auth.sudo.tty": "pts/1", - "system.auth.sudo.user": "root", - "system.auth.timestamp": "Feb 24 00:13:02", + "@timestamp": "2018-02-24T00:13:02.000Z", + "fileset.module": "system", + "fileset.name": "auth", + "input.type": "log", + "offset": 736, + "system.auth.hostname": "precise32", + "system.auth.sudo.command": "/bin/ls", + "system.auth.sudo.error": "user NOT in sudoers", + "system.auth.sudo.pwd": "/home/vagrant", + "system.auth.sudo.tty": "pts/1", + "system.auth.sudo.user": "root", + "system.auth.timestamp": "Feb 24 00:13:02", "system.auth.user": "tsg" - }, + }, { - "@timestamp": "2018-02-22T11:47:05.000Z", - "fileset.module": "system", - "fileset.name": "auth", - "input.type": "log", - "offset": 861, - "prospector.type": "log", - "system.auth.groupadd.gid": "48", - "system.auth.groupadd.name": "apache", - "system.auth.hostname": "localhost", - "system.auth.pid": "6991", + "@timestamp": "2018-02-22T11:47:05.000Z", + "fileset.module": "system", + "fileset.name": "auth", + "input.type": "log", + "offset": 861, + "system.auth.groupadd.gid": "48", + "system.auth.groupadd.name": "apache", + "system.auth.hostname": "localhost", + "system.auth.pid": "6991", "system.auth.timestamp": "Feb 22 11:47:05" - }, + }, { - "@timestamp": "2018-02-22T11:47:05.000Z", - "fileset.module": "system", - "fileset.name": "auth", - "input.type": "log", - "offset": 934, - "prospector.type": "log", - "system.auth.hostname": "localhost", - "system.auth.pid": "6995", - "system.auth.timestamp": "Feb 22 11:47:05", - "system.auth.useradd.gid": "48", - "system.auth.useradd.home": "/usr/share/httpd", - "system.auth.useradd.name": "apache", - "system.auth.useradd.shell": "/sbin/nologin", + "@timestamp": "2018-02-22T11:47:05.000Z", + "fileset.module": "system", + "fileset.name": "auth", + "input.type": "log", + "offset": 934, + "system.auth.hostname": "localhost", + "system.auth.pid": "6995", + "system.auth.timestamp": "Feb 22 11:47:05", + "system.auth.useradd.gid": "48", + "system.auth.useradd.home": "/usr/share/httpd", + "system.auth.useradd.name": "apache", + "system.auth.useradd.shell": "/sbin/nologin", "system.auth.useradd.uid": "48" } -] \ No newline at end of file +] diff --git a/filebeat/module/system/syslog/test/darwin-syslog-sample.log-expected.json b/filebeat/module/system/syslog/test/darwin-syslog-sample.log-expected.json index 4d667d28a17d..66d012679aa0 100644 --- a/filebeat/module/system/syslog/test/darwin-syslog-sample.log-expected.json +++ b/filebeat/module/system/syslog/test/darwin-syslog-sample.log-expected.json @@ -1,41 +1,38 @@ [ { - "@timestamp": "2018-12-13T11:35:28.000Z", - "fileset.module": "system", - "fileset.name": "syslog", - "input.type": "log", + "@timestamp": "2018-12-13T11:35:28.000Z", + "fileset.module": "system", + "fileset.name": "syslog", + "input.type": "log", "log.flags": [ "multiline" - ], - "offset": 0, - "prospector.type": "log", - "system.syslog.hostname": "a-mac-with-esc-key", - "system.syslog.message": "2016-12-13 11:35:28.420 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] -[KSAgentApp updateProductWithProductID:usingEngine:] Checking for updates for \"All Products\" using engine \n\t\t>>\n\t\tprocessor=\n\t\t\tisProcessing=NO actionsCompleted=0 progress=0.00\n\t\t\terrors=0 currentActionErrors=0\n\t\t\tevents=0 currentActionEvents=0\n\t\t\tactionQueue=( )\n\t\t>\n\t\tdelegate=(null)\n\t\tserverInfoStore=(null)\n\t\terrors=0\n\t>", - "system.syslog.pid": "21412", - "system.syslog.program": "GoogleSoftwareUpdateAgent", + ], + "offset": 0, + "system.syslog.hostname": "a-mac-with-esc-key", + "system.syslog.message": "2016-12-13 11:35:28.420 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] -[KSAgentApp updateProductWithProductID:usingEngine:] Checking for updates for \"All Products\" using engine \n\t\t>>\n\t\tprocessor=\n\t\t\tisProcessing=NO actionsCompleted=0 progress=0.00\n\t\t\terrors=0 currentActionErrors=0\n\t\t\tevents=0 currentActionEvents=0\n\t\t\tactionQueue=( )\n\t\t>\n\t\tdelegate=(null)\n\t\tserverInfoStore=(null)\n\t\terrors=0\n\t>", + "system.syslog.pid": "21412", + "system.syslog.program": "GoogleSoftwareUpdateAgent", "system.syslog.timestamp": "Dec 13 11:35:28" - }, + }, { - "@timestamp": "2018-12-13T11:35:28.000Z", - "fileset.module": "system", - "fileset.name": "syslog", - "input.type": "log", - "offset": 907, - "prospector.type": "log", - "system.syslog.hostname": "a-mac-with-esc-key", - "system.syslog.message": "2016-12-13 11:35:28.421 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] -[KSUpdateEngine updateAllExceptProduct:] KSUpdateEngine updating all installed products, except:'com.google.Keystone'.", - "system.syslog.pid": "21412", - "system.syslog.program": "GoogleSoftwareUpdateAgent", + "@timestamp": "2018-12-13T11:35:28.000Z", + "fileset.module": "system", + "fileset.name": "syslog", + "input.type": "log", + "offset": 907, + "system.syslog.hostname": "a-mac-with-esc-key", + "system.syslog.message": "2016-12-13 11:35:28.421 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] -[KSUpdateEngine updateAllExceptProduct:] KSUpdateEngine updating all installed products, except:'com.google.Keystone'.", + "system.syslog.pid": "21412", + "system.syslog.program": "GoogleSoftwareUpdateAgent", "system.syslog.timestamp": "Dec 13 11:35:28" - }, + }, { - "@timestamp": "2018-04-04T03:39:57.000Z", - "fileset.module": "system", - "fileset.name": "syslog", - "input.type": "log", - "offset": 1176, - "prospector.type": "log", - "system.syslog.message": "--- last message repeated 1 time ---", + "@timestamp": "2018-04-04T03:39:57.000Z", + "fileset.module": "system", + "fileset.name": "syslog", + "input.type": "log", + "offset": 1176, + "system.syslog.message": "--- last message repeated 1 time ---", "system.syslog.timestamp": "Apr 4 03:39:57" } -] \ No newline at end of file +] diff --git a/filebeat/module/traefik/access/test/test.log-expected.json b/filebeat/module/traefik/access/test/test.log-expected.json index 27d3066994df..682f8ff02802 100644 --- a/filebeat/module/traefik/access/test/test.log-expected.json +++ b/filebeat/module/traefik/access/test/test.log-expected.json @@ -1,57 +1,55 @@ [ { - "@timestamp": "2017-10-02T20:22:07.000Z", - "fileset.module": "traefik", - "fileset.name": "access", - "input.type": "log", - "offset": 0, - "prospector.type": "log", - "traefik.access.body_sent.bytes": "0", - "traefik.access.http_version": "1.1", - "traefik.access.method": "GET", - "traefik.access.referrer": "http://example.com/login", - "traefik.access.remote_ip": "192.168.33.1", - "traefik.access.response_code": "304", - "traefik.access.url": "/ui/favicons/favicon-16x16.png", - "traefik.access.user_agent.device": "Other", - "traefik.access.user_agent.major": "61", - "traefik.access.user_agent.minor": "0", - "traefik.access.user_agent.name": "Chrome", - "traefik.access.user_agent.original": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36", - "traefik.access.user_agent.os": "Linux", - "traefik.access.user_agent.os_name": "Linux", - "traefik.access.user_agent.patch": "3163", + "@timestamp": "2017-10-02T20:22:07.000Z", + "fileset.module": "traefik", + "fileset.name": "access", + "input.type": "log", + "offset": 0, + "traefik.access.body_sent.bytes": "0", + "traefik.access.http_version": "1.1", + "traefik.access.method": "GET", + "traefik.access.referrer": "http://example.com/login", + "traefik.access.remote_ip": "192.168.33.1", + "traefik.access.response_code": "304", + "traefik.access.url": "/ui/favicons/favicon-16x16.png", + "traefik.access.user_agent.device": "Other", + "traefik.access.user_agent.major": "61", + "traefik.access.user_agent.minor": "0", + "traefik.access.user_agent.name": "Chrome", + "traefik.access.user_agent.original": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36", + "traefik.access.user_agent.os": "Linux", + "traefik.access.user_agent.os_name": "Linux", + "traefik.access.user_agent.patch": "3163", "traefik.access.user_name": "-" - }, + }, { - "@timestamp": "2017-10-02T20:22:08.000Z", - "fileset.module": "traefik", - "fileset.name": "access", - "input.type": "log", - "offset": 280, - "prospector.type": "log", - "traefik.access.body_sent.bytes": "0", - "traefik.access.geoip.city_name": "Berlin", - "traefik.access.geoip.continent_name": "Europe", - "traefik.access.geoip.country_iso_code": "DE", - "traefik.access.geoip.location.lat": 52.4908, - "traefik.access.geoip.location.lon": 13.3275, - "traefik.access.geoip.region_iso_code": "DE-BE", - "traefik.access.geoip.region_name": "Land Berlin", - "traefik.access.http_version": "1.1", - "traefik.access.method": "GET", - "traefik.access.referrer": "http://example.com/login", - "traefik.access.remote_ip": "85.181.35.98", - "traefik.access.response_code": "304", - "traefik.access.url": "/ui/favicons/favicon.ico", - "traefik.access.user_agent.device": "Other", - "traefik.access.user_agent.major": "61", - "traefik.access.user_agent.minor": "0", - "traefik.access.user_agent.name": "Chrome", - "traefik.access.user_agent.original": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36", - "traefik.access.user_agent.os": "Linux", - "traefik.access.user_agent.os_name": "Linux", - "traefik.access.user_agent.patch": "3163", + "@timestamp": "2017-10-02T20:22:08.000Z", + "fileset.module": "traefik", + "fileset.name": "access", + "input.type": "log", + "offset": 280, + "traefik.access.body_sent.bytes": "0", + "traefik.access.geoip.city_name": "Berlin", + "traefik.access.geoip.continent_name": "Europe", + "traefik.access.geoip.country_iso_code": "DE", + "traefik.access.geoip.location.lat": 52.4908, + "traefik.access.geoip.location.lon": 13.3275, + "traefik.access.geoip.region_iso_code": "DE-BE", + "traefik.access.geoip.region_name": "Land Berlin", + "traefik.access.http_version": "1.1", + "traefik.access.method": "GET", + "traefik.access.referrer": "http://example.com/login", + "traefik.access.remote_ip": "85.181.35.98", + "traefik.access.response_code": "304", + "traefik.access.url": "/ui/favicons/favicon.ico", + "traefik.access.user_agent.device": "Other", + "traefik.access.user_agent.major": "61", + "traefik.access.user_agent.minor": "0", + "traefik.access.user_agent.name": "Chrome", + "traefik.access.user_agent.original": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36", + "traefik.access.user_agent.os": "Linux", + "traefik.access.user_agent.os_name": "Linux", + "traefik.access.user_agent.patch": "3163", "traefik.access.user_name": "-" } -] \ No newline at end of file +] diff --git a/filebeat/prospector/prospector.go b/filebeat/prospector/prospector.go deleted file mode 100644 index a997e0ccf82f..000000000000 --- a/filebeat/prospector/prospector.go +++ /dev/null @@ -1,54 +0,0 @@ -// Licensed to Elasticsearch B.V. under one or more contributor -// license agreements. See the NOTICE file distributed with -// this work for additional information regarding copyright -// ownership. Elasticsearch B.V. licenses this file to you under -// the Apache License, Version 2.0 (the "License"); you may -// not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -// Package prospector allows to define new way of reading data in Filebeat -// Deprecated: See the input package -package prospector - -import "github.com/elastic/beats/filebeat/input" - -// Prospectorer defines how to read new data -// Deprecated: See input.input -type Prospectorer = input.Input - -// Runner encapsulate the lifecycle of a prospectorer -// Deprecated: See input.Runner -type Runner = input.Runner - -// Context wrapper for backward compatibility -// Deprecated: See input.Context -type Context = input.Context - -// Factory wrapper for backward compatibility -// Deprecated: See input.Factory -type Factory = input.Factory - -// Register wrapper for backward compatibility -// Deprecated: See input.Register -var Register = input.Register - -// GetFactory wrapper for backward compatibility -// Deprecated: See input.GetFactory -var GetFactory = input.GetFactory - -// New wrapper for backward compatibility -// Deprecated: see input.New -var New = input.New - -// NewRunnerFactory wrapper for backward compatibility -// Deprecated: see input.NewRunnerFactory -var NewRunnerFactory = input.NewRunnerFactory diff --git a/filebeat/registrar/registrar.go b/filebeat/registrar/registrar.go index 54b06a7cf1bc..c5d78b49079c 100644 --- a/filebeat/registrar/registrar.go +++ b/filebeat/registrar/registrar.go @@ -207,7 +207,7 @@ func mergeStates(st, other *file.State) { } // update file meta-data. As these are updated concurrently by the - // prospectors, select the newer state based on the update timestamp. + // inputs, select the newer state based on the update timestamp. var meta, metaOld, metaNew map[string]string if st.Timestamp.Before(other.Timestamp) { st.Source = other.Source diff --git a/filebeat/scripts/generate_imports_helper.py b/filebeat/scripts/generate_imports_helper.py index 5e8fcc0df9f6..915eb1c20162 100644 --- a/filebeat/scripts/generate_imports_helper.py +++ b/filebeat/scripts/generate_imports_helper.py @@ -11,12 +11,12 @@ def get_importable_lines(go_beat_path, import_line): path = abspath("input") - imported_prospector_lines = [] + imported_input_lines = [] # Skip the file folder, its not an input but I will do the move with another PR - prospectors = [p for p in listdir(path) if isdir(join(path, p)) and p.find("file") is -1] - for prospector in sorted(prospectors): - prospector_import = import_line.format(beat_path=go_beat_path, module="input", name=prospector) - imported_prospector_lines.append(prospector_import) + inputs = [p for p in listdir(path) if isdir(join(path, p)) and p.find("file") is -1] + for input in sorted(inputs): + input_import = import_line.format(beat_path=go_beat_path, module="input", name=input) + imported_input_lines.append(input_import) - return imported_prospector_lines + return imported_input_lines diff --git a/filebeat/tests/files/config.yml b/filebeat/tests/files/config.yml index 3f2a605cf0dd..e7342e307bc4 100644 --- a/filebeat/tests/files/config.yml +++ b/filebeat/tests/files/config.yml @@ -1,5 +1,5 @@ filebeat: - prospectors: + inputs: - # Paths that should be crawled and fetched paths: diff --git a/filebeat/tests/files/config2.yml b/filebeat/tests/files/config2.yml index 38d7c3de78c6..8f74c0b7d906 100644 --- a/filebeat/tests/files/config2.yml +++ b/filebeat/tests/files/config2.yml @@ -1,5 +1,5 @@ filebeat: - prospectors: + inputs: - paths: - /var/log/*.log diff --git a/filebeat/tests/load/filebeat.yml b/filebeat/tests/load/filebeat.yml index 93217983de38..19eb94fae744 100644 --- a/filebeat/tests/load/filebeat.yml +++ b/filebeat/tests/load/filebeat.yml @@ -1,5 +1,5 @@ filebeat: - prospectors: + inputs: - type: log paths: - /Users/ruflin/Dev/gopath/src/github.com/elastic/filebeat/tests/load/logs/* diff --git a/filebeat/tests/open-file-handlers/filebeat.yml b/filebeat/tests/open-file-handlers/filebeat.yml index 996f9d6a55b2..7c5e5fa6207c 100644 --- a/filebeat/tests/open-file-handlers/filebeat.yml +++ b/filebeat/tests/open-file-handlers/filebeat.yml @@ -1,4 +1,4 @@ -filebeat.prospectors: +filebeat.inputs: # Reads logs generated by the generator containers - type: log diff --git a/filebeat/tests/system/test_base.py b/filebeat/tests/system/test_base.py index 105be678390d..7faf8a3b9059 100644 --- a/filebeat/tests/system/test_base.py +++ b/filebeat/tests/system/test_base.py @@ -24,7 +24,6 @@ def test_base(self): output = self.read_output()[0] assert "@timestamp" in output - assert "prospector.type" in output assert "input.type" in output def test_invalid_config_with_removed_settings(self): diff --git a/filebeat/tests/system/test_deprecated.py b/filebeat/tests/system/test_deprecated.py index 16e75d736e70..f512cbfc5f1e 100644 --- a/filebeat/tests/system/test_deprecated.py +++ b/filebeat/tests/system/test_deprecated.py @@ -36,83 +36,3 @@ def test_input_type_deprecated(self): filebeat.check_kill_and_wait() assert self.log_contains("DEPRECATED: input_type input config is deprecated") - - def test_prospectors_deprecated(self): - """ - Checks that harvesting works with deprecated prospectors but a deprecation warning is printed. - """ - - self.render_config_template( - input_config="prospectors", - path=os.path.abspath(self.working_dir) + "/log/test.log", - scan_frequency="0.1s" - ) - os.mkdir(self.working_dir + "/log/") - - logfile = self.working_dir + "/log/test.log" - - with open(logfile, 'w') as f: - f.write("Hello world\n") - - filebeat = self.start_beat() - - # Let it read the file - self.wait_until( - lambda: self.output_has(lines=1), max_timeout=10) - - filebeat.check_kill_and_wait() - - assert self.log_contains("DEPRECATED: prospectors are deprecated, Use `inputs` instead.") - - def test_reload_config_prospector_deprecated(self): - """ - Checks that harvesting works with `config.prospectors` - """ - - inputConfigTemplate = """ - - type: log - paths: - - {} - scan_frequency: 1s - """ - - self.render_config_template( - reload_type="prospectors", - reload=True, - reload_path=self.working_dir + "/configs/*.yml", - inputs=False, - ) - - os.mkdir(self.working_dir + "/logs/") - logfile1 = self.working_dir + "/logs/test1.log" - logfile2 = self.working_dir + "/logs/test2.log" - os.mkdir(self.working_dir + "/configs/") - - with open(self.working_dir + "/configs/input.yml", 'w') as f: - f.write(inputConfigTemplate.format(self.working_dir + "/logs/test1.log")) - - proc = self.start_beat() - - with open(logfile1, 'w') as f: - f.write("Hello world1\n") - - self.wait_until(lambda: self.output_lines() > 0) - - with open(self.working_dir + "/configs/input2.yml", 'w') as f: - f.write(inputConfigTemplate.format(self.working_dir + "/logs/test2.log")) - - self.wait_until( - lambda: self.log_contains_count("Starting runner") == 2, - max_timeout=15) - - # Add new log line and see if it is picked up = new input is running - with open(logfile1, 'a') as f: - f.write("Hello world2\n") - - # Add new log line and see if it is picked up = new input is running - with open(logfile2, 'a') as f: - f.write("Hello world3\n") - - self.wait_until(lambda: self.output_lines() == 3) - - assert self.log_contains("DEPRECATED: config.prospectors are deprecated, Use `config.inputs` instead.") diff --git a/filebeat/tests/system/test_redis.py b/filebeat/tests/system/test_redis.py index f51e734e6edf..5609af5f38c4 100644 --- a/filebeat/tests/system/test_redis.py +++ b/filebeat/tests/system/test_redis.py @@ -45,7 +45,6 @@ def test_input(self): output = self.read_output()[0] - assert output["prospector.type"] == "redis" assert output["input.type"] == "redis" assert "redis.slowlog.cmd" in output diff --git a/filebeat/tests/system/test_syslog.py b/filebeat/tests/system/test_syslog.py index d1a3b371ec71..56f84652554e 100644 --- a/filebeat/tests/system/test_syslog.py +++ b/filebeat/tests/system/test_syslog.py @@ -90,7 +90,6 @@ def test_syslog_with_udp(self): self.assert_syslog(output[0]) def assert_syslog(self, syslog): - assert syslog["prospector.type"] == "syslog" assert syslog["event.severity"] == 5 assert syslog["hostname"] == "wopr.mymachine.co" assert syslog["input.type"] == "syslog" diff --git a/filebeat/tests/system/test_tcp.py b/filebeat/tests/system/test_tcp.py index d6788d164eac..2e1d2030b424 100644 --- a/filebeat/tests/system/test_tcp.py +++ b/filebeat/tests/system/test_tcp.py @@ -62,7 +62,6 @@ def send_events_with_delimiter(self, delimiter): output = self.read_output() assert len(output) == 2 - assert output[0]["prospector.type"] == "tcp" assert output[0]["input.type"] == "tcp" sock.close() diff --git a/filebeat/tests/system/test_tcp_tls.py b/filebeat/tests/system/test_tcp_tls.py index 2250defbb061..7f0f10333e89 100644 --- a/filebeat/tests/system/test_tcp_tls.py +++ b/filebeat/tests/system/test_tcp_tls.py @@ -269,5 +269,4 @@ def test_tcp_tls_with_a_plain_text_socket(self): def assert_output(self, output): assert len(output) == 2 - assert output[0]["prospector.type"] == "tcp" assert output[0]["input.type"] == "tcp" diff --git a/filebeat/tests/system/test_udp.py b/filebeat/tests/system/test_udp.py index de6c92e3ad1e..db9366a7aaf3 100644 --- a/filebeat/tests/system/test_udp.py +++ b/filebeat/tests/system/test_udp.py @@ -37,5 +37,4 @@ def test_udp(self): output = self.read_output() assert len(output) == 2 - assert output[0]["prospector.type"] == "udp" assert output[0]["input.type"] == "udp" From 1cd0a40474919cf19ebe9aa4ca584776cd4427fc Mon Sep 17 00:00:00 2001 From: Pier-Hugues Pellerin Date: Fri, 2 Nov 2018 14:25:02 -0400 Subject: [PATCH 03/11] Changelog --- CHANGELOG-developer.asciidoc | 1 + CHANGELOG.asciidoc | 2 ++ 2 files changed, 3 insertions(+) diff --git a/CHANGELOG-developer.asciidoc b/CHANGELOG-developer.asciidoc index ba7602a75f17..58dbe9906da6 100644 --- a/CHANGELOG-developer.asciidoc +++ b/CHANGELOG-developer.asciidoc @@ -63,3 +63,4 @@ The list below covers the major changes between 6.3.0 and master only. - Add `mage.KibanaDashboards` for collecting Kibana dashboards and generating index patterns. {pull}8615[8615] - Allow to disable config resolver using the `Settings.DisableConfigResolver` field when initializing libbeat. {pull}8769[8769] - Add `mage.AddPlatforms` to allow to specify dependent platforms when building a beat. {pull}8889[8889] +- Add `cfgwarn.CheckRemoved6xSetting(s)` to display a warning for options removed in 7.0. {pull}xxx[xxx] diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc index 63f5a22b4542..bb8e2ec0bbdf 100644 --- a/CHANGELOG.asciidoc +++ b/CHANGELOG.asciidoc @@ -21,6 +21,8 @@ https://github.com/elastic/beats/compare/v6.4.0...master[Check the HEAD diff] *Filebeat* +- Remove the deprecated `prospector(s)` option in the configuration use `input(s)` instead. {pull}xxx[xxx] + *Heartbeat* *Journalbeat* From 087d4e4c5b0b45516c7af79f9fc3d261aca40eff Mon Sep 17 00:00:00 2001 From: Pier-Hugues Pellerin Date: Fri, 2 Nov 2018 14:28:47 -0400 Subject: [PATCH 04/11] update with pr number --- CHANGELOG-developer.asciidoc | 2 +- CHANGELOG.asciidoc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG-developer.asciidoc b/CHANGELOG-developer.asciidoc index 58dbe9906da6..d90904eaac1c 100644 --- a/CHANGELOG-developer.asciidoc +++ b/CHANGELOG-developer.asciidoc @@ -63,4 +63,4 @@ The list below covers the major changes between 6.3.0 and master only. - Add `mage.KibanaDashboards` for collecting Kibana dashboards and generating index patterns. {pull}8615[8615] - Allow to disable config resolver using the `Settings.DisableConfigResolver` field when initializing libbeat. {pull}8769[8769] - Add `mage.AddPlatforms` to allow to specify dependent platforms when building a beat. {pull}8889[8889] -- Add `cfgwarn.CheckRemoved6xSetting(s)` to display a warning for options removed in 7.0. {pull}xxx[xxx] +- Add `cfgwarn.CheckRemoved6xSetting(s)` to display a warning for options removed in 7.0. {pull}8909[8909] diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc index bb8e2ec0bbdf..dc1b9a070e59 100644 --- a/CHANGELOG.asciidoc +++ b/CHANGELOG.asciidoc @@ -21,7 +21,7 @@ https://github.com/elastic/beats/compare/v6.4.0...master[Check the HEAD diff] *Filebeat* -- Remove the deprecated `prospector(s)` option in the configuration use `input(s)` instead. {pull}xxx[xxx] +- Remove the deprecated `prospector(s)` option in the configuration use `input(s)` instead. {pull}8909[8909] *Heartbeat* From faa35374133ac1e84c22e4b5a8919c1e828c2522 Mon Sep 17 00:00:00 2001 From: Pier-Hugues Pellerin Date: Mon, 5 Nov 2018 09:19:00 -0500 Subject: [PATCH 05/11] corrrectly update modules files --- .../access/test/test.log-expected.json | 126 ++-- .../apache2/error/test/test.log-expected.json | 56 +- .../auditd/log/test/test.log-expected.json | 92 +-- .../audit/test/test.log-expected.json | 182 ++--- .../gc/test/test.log-expected.json | 102 +-- .../server/test/test.log-expected.json | 474 ++++++------ .../slowlog/test/test.log-expected.json | 234 +++--- .../log/test/default.log-expected.json | 38 +- .../log/test/haproxy.log-expected.json | 74 +- .../haproxy/log/test/tcplog.log-expected.json | 50 +- .../icinga/debug/test/test.log-expected.json | 48 +- .../icinga/main/test/test.log-expected.json | 50 +- .../startup/test/test.log-expected.json | 32 +- .../iis/access/test/test.log-expected.json | 192 +++-- .../iis/error/test/test.log-expected.json | 151 ++-- .../log/test/controller.log-expected.json | 438 +++++------ .../kafka/log/test/server.log-expected.json | 438 +++++------ .../test/state-change-1.1.0.log-expected.json | 20 +- .../test/state-change-2.0.0.log-expected.json | 22 +- .../log/test/state-change.log-expected.json | 20 +- .../kibana/log/test/test.log-expected.json | 108 +-- .../log/test/logstash-plain.log-expected.json | 34 +- .../test/slowlog-plain.log-expected.json | 28 +- .../mongodb-debian-3.2.11.log-expected.json | 678 +++++++++--------- .../nginx/access/test/test.log-expected.json | 359 +++++----- .../nginx/error/test/error.log-expected.json | 40 +- .../result/test/test.log-expected.json | 50 +- ...-9.6-debian-with-slowlog.log-expected.json | 484 ++++++------- .../redis/log/test/test.log-expected.json | 60 +- .../system/auth/test/test.log-expected.json | 252 +++---- .../darwin-syslog-sample.log-expected.json | 56 +- .../access/test/test.log-expected.json | 97 ++- .../eve/test/eve-alerts.log-expected.json | 22 +- .../eve/test/eve-small.log-expected.json | 10 +- 34 files changed, 2542 insertions(+), 2575 deletions(-) diff --git a/filebeat/module/apache2/access/test/test.log-expected.json b/filebeat/module/apache2/access/test/test.log-expected.json index 72adc8faf1ca..7ff9c3448810 100644 --- a/filebeat/module/apache2/access/test/test.log-expected.json +++ b/filebeat/module/apache2/access/test/test.log-expected.json @@ -1,73 +1,73 @@ [ { - "@timestamp": "2016-12-26T14:16:29.000Z", - "apache2.access.body_sent.bytes": "209", - "apache2.access.http_version": "1.1", - "apache2.access.method": "GET", - "apache2.access.remote_ip": "::1", - "apache2.access.response_code": "404", - "apache2.access.url": "/favicon.ico", - "apache2.access.user_name": "-", - "fileset.module": "apache2", - "fileset.name": "access", - "input.type": "log", + "@timestamp": "2016-12-26T14:16:29.000Z", + "apache2.access.body_sent.bytes": "209", + "apache2.access.http_version": "1.1", + "apache2.access.method": "GET", + "apache2.access.remote_ip": "::1", + "apache2.access.response_code": "404", + "apache2.access.url": "/favicon.ico", + "apache2.access.user_name": "-", + "fileset.module": "apache2", + "fileset.name": "access", + "input.type": "log", "offset": 0 - }, + }, { - "@timestamp": "2016-12-26T16:22:13.000Z", - "apache2.access.body_sent.bytes": "499", - "apache2.access.http_version": "1.1", - "apache2.access.method": "GET", - "apache2.access.referrer": "-", - "apache2.access.remote_ip": "192.168.33.1", - "apache2.access.response_code": "404", - "apache2.access.url": "/hello", - "apache2.access.user_agent.device": "Other", - "apache2.access.user_agent.major": "50", - "apache2.access.user_agent.minor": "0", - "apache2.access.user_agent.name": "Firefox", - "apache2.access.user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0", - "apache2.access.user_agent.os": "Mac OS X 10.12", - "apache2.access.user_agent.os_major": "10", - "apache2.access.user_agent.os_minor": "12", - "apache2.access.user_agent.os_name": "Mac OS X", - "apache2.access.user_name": "-", - "fileset.module": "apache2", - "fileset.name": "access", - "input.type": "log", + "@timestamp": "2016-12-26T16:22:13.000Z", + "apache2.access.body_sent.bytes": "499", + "apache2.access.http_version": "1.1", + "apache2.access.method": "GET", + "apache2.access.referrer": "-", + "apache2.access.remote_ip": "192.168.33.1", + "apache2.access.response_code": "404", + "apache2.access.url": "/hello", + "apache2.access.user_agent.device": "Other", + "apache2.access.user_agent.major": "50", + "apache2.access.user_agent.minor": "0", + "apache2.access.user_agent.name": "Firefox", + "apache2.access.user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0", + "apache2.access.user_agent.os": "Mac OS X 10.12", + "apache2.access.user_agent.os_major": "10", + "apache2.access.user_agent.os_minor": "12", + "apache2.access.user_agent.os_name": "Mac OS X", + "apache2.access.user_name": "-", + "fileset.module": "apache2", + "fileset.name": "access", + "input.type": "log", "offset": 73 - }, + }, { - "@timestamp": "2016-12-26T14:16:48.000Z", - "apache2.access.remote_ip": "::1", - "apache2.access.response_code": "408", - "apache2.access.user_name": "-", - "fileset.module": "apache2", - "fileset.name": "access", - "input.type": "log", + "@timestamp": "2016-12-26T14:16:48.000Z", + "apache2.access.remote_ip": "::1", + "apache2.access.response_code": "408", + "apache2.access.user_name": "-", + "fileset.module": "apache2", + "fileset.name": "access", + "input.type": "log", "offset": 238 - }, + }, { - "@timestamp": "2017-05-29T19:02:48.000Z", - "apache2.access.body_sent.bytes": "612", - "apache2.access.http_version": "1.1", - "apache2.access.method": "GET", - "apache2.access.referrer": "-", - "apache2.access.remote_ip": "172.17.0.1", - "apache2.access.response_code": "404", - "apache2.access.url": "/stringpatch", - "apache2.access.user_agent.device": "Other", - "apache2.access.user_agent.major": "15", - "apache2.access.user_agent.minor": "0", - "apache2.access.user_agent.name": "Firefox Alpha", - "apache2.access.user_agent.original": "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2", - "apache2.access.user_agent.os": "Windows 7", - "apache2.access.user_agent.os_name": "Windows 7", - "apache2.access.user_agent.patch": "a2", - "apache2.access.user_name": "-", - "fileset.module": "apache2", - "fileset.name": "access", - "input.type": "log", + "@timestamp": "2017-05-29T19:02:48.000Z", + "apache2.access.body_sent.bytes": "612", + "apache2.access.http_version": "1.1", + "apache2.access.method": "GET", + "apache2.access.referrer": "-", + "apache2.access.remote_ip": "172.17.0.1", + "apache2.access.response_code": "404", + "apache2.access.url": "/stringpatch", + "apache2.access.user_agent.device": "Other", + "apache2.access.user_agent.major": "15", + "apache2.access.user_agent.minor": "0", + "apache2.access.user_agent.name": "Firefox Alpha", + "apache2.access.user_agent.original": "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2", + "apache2.access.user_agent.os": "Windows 7", + "apache2.access.user_agent.os_name": "Windows 7", + "apache2.access.user_agent.patch": "a2", + "apache2.access.user_name": "-", + "fileset.module": "apache2", + "fileset.name": "access", + "input.type": "log", "offset": 285 } -] +] \ No newline at end of file diff --git a/filebeat/module/apache2/error/test/test.log-expected.json b/filebeat/module/apache2/error/test/test.log-expected.json index 160c53716813..105683faf7b3 100644 --- a/filebeat/module/apache2/error/test/test.log-expected.json +++ b/filebeat/module/apache2/error/test/test.log-expected.json @@ -1,36 +1,36 @@ [ { - "@timestamp": "2016-12-26T16:22:08.000Z", - "apache2.error.client": "192.168.33.1", - "apache2.error.level": "error", - "apache2.error.message": "File does not exist: /var/www/favicon.ico", - "fileset.module": "apache2", - "fileset.name": "error", - "input.type": "log", + "@timestamp": "2016-12-26T16:22:08.000Z", + "apache2.error.client": "192.168.33.1", + "apache2.error.level": "error", + "apache2.error.message": "File does not exist: /var/www/favicon.ico", + "fileset.module": "apache2", + "fileset.name": "error", + "input.type": "log", "offset": 0 - }, + }, { - "@timestamp": "2016-12-26T16:15:55.103Z", - "apache2.error.level": "notice", - "apache2.error.message": "AH00094: Command line: '/usr/local/Cellar/httpd24/2.4.23_2/bin/httpd'", - "apache2.error.module": "core", - "apache2.error.pid": "11379", - "fileset.module": "apache2", - "fileset.name": "error", - "input.type": "log", + "@timestamp": "2016-12-26T16:15:55.103Z", + "apache2.error.level": "notice", + "apache2.error.message": "AH00094: Command line: '/usr/local/Cellar/httpd24/2.4.23_2/bin/httpd'", + "apache2.error.module": "core", + "apache2.error.pid": "11379", + "fileset.module": "apache2", + "fileset.name": "error", + "input.type": "log", "offset": 99 - }, + }, { - "@timestamp": "2011-09-09T10:42:29.902Z", - "apache2.error.client": "72.15.99.187", - "apache2.error.level": "error", - "apache2.error.message": "File does not exist: /usr/local/apache2/htdocs/favicon.ico", - "apache2.error.module": "core", - "apache2.error.pid": "35708", - "apache2.error.tid": "4328636416", - "fileset.module": "apache2", - "fileset.name": "error", - "input.type": "log", + "@timestamp": "2011-09-09T10:42:29.902Z", + "apache2.error.client": "72.15.99.187", + "apache2.error.level": "error", + "apache2.error.message": "File does not exist: /usr/local/apache2/htdocs/favicon.ico", + "apache2.error.module": "core", + "apache2.error.pid": "35708", + "apache2.error.tid": "4328636416", + "fileset.module": "apache2", + "fileset.name": "error", + "input.type": "log", "offset": 229 } -] +] \ No newline at end of file diff --git a/filebeat/module/auditd/log/test/test.log-expected.json b/filebeat/module/auditd/log/test/test.log-expected.json index d51ebce1676d..b9035e3c8904 100644 --- a/filebeat/module/auditd/log/test/test.log-expected.json +++ b/filebeat/module/auditd/log/test/test.log-expected.json @@ -1,52 +1,52 @@ [ { - "@timestamp": "2017-01-31T20:17:14.891Z", - "auditd.log.auid": "4294967295", - "auditd.log.dst": "192.168.0.0", - "auditd.log.dst_prefixlen": "16", - "auditd.log.op": "SPD-delete", - "auditd.log.record_type": "MAC_IPSEC_EVENT", - "auditd.log.res": "1", - "auditd.log.sequence": 18877201, - "auditd.log.ses": "4294967295", - "auditd.log.src": "192.168.2.0", - "auditd.log.src_prefixlen": "24", - "fileset.module": "auditd", - "fileset.name": "log", - "input.type": "log", + "@timestamp": "2017-01-31T20:17:14.891Z", + "auditd.log.auid": "4294967295", + "auditd.log.dst": "192.168.0.0", + "auditd.log.dst_prefixlen": "16", + "auditd.log.op": "SPD-delete", + "auditd.log.record_type": "MAC_IPSEC_EVENT", + "auditd.log.res": "1", + "auditd.log.sequence": 18877201, + "auditd.log.ses": "4294967295", + "auditd.log.src": "192.168.2.0", + "auditd.log.src_prefixlen": "24", + "fileset.module": "auditd", + "fileset.name": "log", + "input.type": "log", "offset": 0 - }, + }, { - "@timestamp": "2017-01-31T20:17:14.891Z", - "auditd.log.a0": "9", - "auditd.log.a1": "7f564b2672a0", - "auditd.log.a2": "b8", - "auditd.log.a3": "0", - "auditd.log.arch": "x86_64", - "auditd.log.auid": "4294967295", - "auditd.log.comm": "charon", - "auditd.log.egid": "0", - "auditd.log.euid": "0", - "auditd.log.exe": "/usr/libexec/strongswan/charon (deleted)", - "auditd.log.exit": "184", - "auditd.log.fsgid": "0", - "auditd.log.fsuid": "0", - "auditd.log.gid": "0", - "auditd.log.items": "0", - "auditd.log.pid": "1281", - "auditd.log.ppid": "1240", - "auditd.log.record_type": "SYSCALL", - "auditd.log.sequence": 18877199, - "auditd.log.ses": "4294967295", - "auditd.log.sgid": "0", - "auditd.log.success": "yes", - "auditd.log.suid": "0", - "auditd.log.syscall": "44", - "auditd.log.tty": "(none)", - "auditd.log.uid": "0", - "fileset.module": "auditd", - "fileset.name": "log", - "input.type": "log", + "@timestamp": "2017-01-31T20:17:14.891Z", + "auditd.log.a0": "9", + "auditd.log.a1": "7f564b2672a0", + "auditd.log.a2": "b8", + "auditd.log.a3": "0", + "auditd.log.arch": "x86_64", + "auditd.log.auid": "4294967295", + "auditd.log.comm": "charon", + "auditd.log.egid": "0", + "auditd.log.euid": "0", + "auditd.log.exe": "/usr/libexec/strongswan/charon (deleted)", + "auditd.log.exit": "184", + "auditd.log.fsgid": "0", + "auditd.log.fsuid": "0", + "auditd.log.gid": "0", + "auditd.log.items": "0", + "auditd.log.pid": "1281", + "auditd.log.ppid": "1240", + "auditd.log.record_type": "SYSCALL", + "auditd.log.sequence": 18877199, + "auditd.log.ses": "4294967295", + "auditd.log.sgid": "0", + "auditd.log.success": "yes", + "auditd.log.suid": "0", + "auditd.log.syscall": "44", + "auditd.log.tty": "(none)", + "auditd.log.uid": "0", + "fileset.module": "auditd", + "fileset.name": "log", + "input.type": "log", "offset": 174 } -] +] \ No newline at end of file diff --git a/filebeat/module/elasticsearch/audit/test/test.log-expected.json b/filebeat/module/elasticsearch/audit/test/test.log-expected.json index 9da193b9b8e6..30f0cc134b31 100644 --- a/filebeat/module/elasticsearch/audit/test/test.log-expected.json +++ b/filebeat/module/elasticsearch/audit/test/test.log-expected.json @@ -1,107 +1,107 @@ [ { - "@timestamp": "2018-06-19T05:16:15,549", - "elasticsearch.audit.event_type": "authentication_failed", - "elasticsearch.audit.layer": "rest", - "elasticsearch.audit.origin_address": "147.107.128.77", - "elasticsearch.audit.principal": "i030648", - "elasticsearch.audit.uri": "/_xpack/security/_authenticate", - "fileset.module": "elasticsearch", - "fileset.name": "audit", - "input.type": "log", - "message": "[2018-06-19T05:16:15,549] [rest] [authentication_failed] origin_address=[147.107.128.77], principal=[i030648], uri=[/_xpack/security/_authenticate]", - "offset": 0, + "@timestamp": "2018-06-19T05:16:15,549", + "elasticsearch.audit.event_type": "authentication_failed", + "elasticsearch.audit.layer": "rest", + "elasticsearch.audit.origin_address": "147.107.128.77", + "elasticsearch.audit.principal": "i030648", + "elasticsearch.audit.uri": "/_xpack/security/_authenticate", + "fileset.module": "elasticsearch", + "fileset.name": "audit", + "input.type": "log", + "message": "[2018-06-19T05:16:15,549] [rest] [authentication_failed] origin_address=[147.107.128.77], principal=[i030648], uri=[/_xpack/security/_authenticate]", + "offset": 0, "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-19T05:07:52,304", - "elasticsearch.audit.event_type": "authentication_failed", - "elasticsearch.audit.layer": "rest", - "elasticsearch.audit.origin_address": "172.22.0.3", - "elasticsearch.audit.principal": "rado", - "elasticsearch.audit.uri": "/_xpack/security/_authenticate", - "elasticsearch.node.name": "v_VJhjV", - "fileset.module": "elasticsearch", - "fileset.name": "audit", - "input.type": "log", - "message": "[2018-06-19T05:07:52,304] [v_VJhjV] [rest] [authentication_failed]\torigin_address=[172.22.0.3], principal=[rado], uri=[/_xpack/security/_authenticate]", - "offset": 155, + "@timestamp": "2018-06-19T05:07:52,304", + "elasticsearch.audit.event_type": "authentication_failed", + "elasticsearch.audit.layer": "rest", + "elasticsearch.audit.origin_address": "172.22.0.3", + "elasticsearch.audit.principal": "rado", + "elasticsearch.audit.uri": "/_xpack/security/_authenticate", + "elasticsearch.node.name": "v_VJhjV", + "fileset.module": "elasticsearch", + "fileset.name": "audit", + "input.type": "log", + "message": "[2018-06-19T05:07:52,304] [v_VJhjV] [rest] [authentication_failed]\torigin_address=[172.22.0.3], principal=[rado], uri=[/_xpack/security/_authenticate]", + "offset": 155, "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-19T05:00:15,778", - "elasticsearch.audit.action": "indices:data/read/scroll/clear", - "elasticsearch.audit.event_type": "access_granted", - "elasticsearch.audit.layer": "transport", - "elasticsearch.audit.origin_address": "192.168.1.165", - "elasticsearch.audit.origin_type": "local_node", - "elasticsearch.audit.principal": "_xpack_security", - "elasticsearch.audit.request": "ClearScrollRequest", - "fileset.module": "elasticsearch", - "fileset.name": "audit", - "input.type": "log", - "message": "[2018-06-19T05:00:15,778] [transport] [access_granted] origin_type=[local_node], origin_address=[192.168.1.165], principal=[_xpack_security], action=[indices:data/read/scroll/clear], request=[ClearScrollRequest]", - "offset": 306, + "@timestamp": "2018-06-19T05:00:15,778", + "elasticsearch.audit.action": "indices:data/read/scroll/clear", + "elasticsearch.audit.event_type": "access_granted", + "elasticsearch.audit.layer": "transport", + "elasticsearch.audit.origin_address": "192.168.1.165", + "elasticsearch.audit.origin_type": "local_node", + "elasticsearch.audit.principal": "_xpack_security", + "elasticsearch.audit.request": "ClearScrollRequest", + "fileset.module": "elasticsearch", + "fileset.name": "audit", + "input.type": "log", + "message": "[2018-06-19T05:00:15,778] [transport] [access_granted] origin_type=[local_node], origin_address=[192.168.1.165], principal=[_xpack_security], action=[indices:data/read/scroll/clear], request=[ClearScrollRequest]", + "offset": 306, "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-19T05:07:45,544", - "elasticsearch.audit.event_type": "anonymous_access_denied", - "elasticsearch.audit.layer": "rest", - "elasticsearch.audit.origin_address": "172.22.0.3", - "elasticsearch.audit.uri": "/_xpack/security/_authenticate", - "elasticsearch.node.name": "v_VJhjV", - "fileset.module": "elasticsearch", - "fileset.name": "audit", - "input.type": "log", - "message": "[2018-06-19T05:07:45,544] [v_VJhjV] [rest] [anonymous_access_denied]\torigin_address=[172.22.0.3], uri=[/_xpack/security/_authenticate]", - "offset": 519, + "@timestamp": "2018-06-19T05:07:45,544", + "elasticsearch.audit.event_type": "anonymous_access_denied", + "elasticsearch.audit.layer": "rest", + "elasticsearch.audit.origin_address": "172.22.0.3", + "elasticsearch.audit.uri": "/_xpack/security/_authenticate", + "elasticsearch.node.name": "v_VJhjV", + "fileset.module": "elasticsearch", + "fileset.name": "audit", + "input.type": "log", + "message": "[2018-06-19T05:07:45,544] [v_VJhjV] [rest] [anonymous_access_denied]\torigin_address=[172.22.0.3], uri=[/_xpack/security/_authenticate]", + "offset": 519, "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-19T05:26:27,268", - "elasticsearch.audit.event_type": "authentication_failed", - "elasticsearch.audit.layer": "rest", - "elasticsearch.audit.origin_address": "147.107.128.77", - "elasticsearch.audit.principal": "N078801", - "elasticsearch.audit.uri": "/_xpack/security/_authenticate", - "fileset.module": "elasticsearch", - "fileset.name": "audit", - "input.type": "log", - "message": "[2018-06-19T05:26:27,268] [rest] [authentication_failed]\torigin_address=[147.107.128.77], principal=[N078801], uri=[/_xpack/security/_authenticate]", - "offset": 654, + "@timestamp": "2018-06-19T05:26:27,268", + "elasticsearch.audit.event_type": "authentication_failed", + "elasticsearch.audit.layer": "rest", + "elasticsearch.audit.origin_address": "147.107.128.77", + "elasticsearch.audit.principal": "N078801", + "elasticsearch.audit.uri": "/_xpack/security/_authenticate", + "fileset.module": "elasticsearch", + "fileset.name": "audit", + "input.type": "log", + "message": "[2018-06-19T05:26:27,268] [rest] [authentication_failed]\torigin_address=[147.107.128.77], principal=[N078801], uri=[/_xpack/security/_authenticate]", + "offset": 654, "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-19T05:55:26,898", - "elasticsearch.audit.action": "cluster:monitor/main", - "elasticsearch.audit.event_type": "access_denied", - "elasticsearch.audit.layer": "transport", - "elasticsearch.audit.origin_address": "147.107.128.77", - "elasticsearch.audit.origin_type": "rest", - "elasticsearch.audit.principal": "_anonymous", - "elasticsearch.audit.request": "MainRequest", - "fileset.module": "elasticsearch", - "fileset.name": "audit", - "input.type": "log", - "message": "[2018-06-19T05:55:26,898] [transport] [access_denied]\torigin_type=[rest], origin_address=[147.107.128.77], principal=[_anonymous], action=[cluster:monitor/main], request=[MainRequest]", - "offset": 802, + "@timestamp": "2018-06-19T05:55:26,898", + "elasticsearch.audit.action": "cluster:monitor/main", + "elasticsearch.audit.event_type": "access_denied", + "elasticsearch.audit.layer": "transport", + "elasticsearch.audit.origin_address": "147.107.128.77", + "elasticsearch.audit.origin_type": "rest", + "elasticsearch.audit.principal": "_anonymous", + "elasticsearch.audit.request": "MainRequest", + "fileset.module": "elasticsearch", + "fileset.name": "audit", + "input.type": "log", + "message": "[2018-06-19T05:55:26,898] [transport] [access_denied]\torigin_type=[rest], origin_address=[147.107.128.77], principal=[_anonymous], action=[cluster:monitor/main], request=[MainRequest]", + "offset": 802, "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-19T05:24:15,190", - "elasticsearch.audit.event_type": "authentication_failed", - "elasticsearch.audit.layer": "rest", - "elasticsearch.audit.origin_address": "172.18.0.3", - "elasticsearch.audit.principal": "elastic", - "elasticsearch.audit.request_body": "body", - "elasticsearch.audit.uri": "/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip", - "elasticsearch.node.name": "v_VJhjV", - "fileset.module": "elasticsearch", - "fileset.name": "audit", - "input.type": "log", - "message": "[2018-06-19T05:24:15,190] [v_VJhjV] [rest] [authentication_failed]\torigin_address=[172.18.0.3], principal=[elastic], uri=[/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip], request_body=[body]", - "offset": 986, + "@timestamp": "2018-06-19T05:24:15,190", + "elasticsearch.audit.event_type": "authentication_failed", + "elasticsearch.audit.layer": "rest", + "elasticsearch.audit.origin_address": "172.18.0.3", + "elasticsearch.audit.principal": "elastic", + "elasticsearch.audit.request_body": "body", + "elasticsearch.audit.uri": "/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip", + "elasticsearch.node.name": "v_VJhjV", + "fileset.module": "elasticsearch", + "fileset.name": "audit", + "input.type": "log", + "message": "[2018-06-19T05:24:15,190] [v_VJhjV] [rest] [authentication_failed]\torigin_address=[172.18.0.3], principal=[elastic], uri=[/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip], request_body=[body]", + "offset": 986, "service.name": "elasticsearch" } -] +] \ No newline at end of file diff --git a/filebeat/module/elasticsearch/gc/test/test.log-expected.json b/filebeat/module/elasticsearch/gc/test/test.log-expected.json index 07f751bc0fa0..90f930b68450 100644 --- a/filebeat/module/elasticsearch/gc/test/test.log-expected.json +++ b/filebeat/module/elasticsearch/gc/test/test.log-expected.json @@ -1,59 +1,59 @@ [ { - "@timestamp": "2018-03-03T14:37:06.157Z", - "elasticsearch.gc.heap.size_kb": "253440", - "elasticsearch.gc.heap.used_kb": "142444", - "elasticsearch.gc.jvm_runtime_sec": "14597.826", - "elasticsearch.gc.old_gen.size_kb": "174784", - "elasticsearch.gc.old_gen.used_kb": "131804", - "elasticsearch.gc.phase.cpu_time.real_sec": "0.00", - "elasticsearch.gc.phase.cpu_time.sys_sec": "0.00", - "elasticsearch.gc.phase.cpu_time.user_sec": "0.01", - "elasticsearch.gc.phase.duration_sec": "0.0021716", - "elasticsearch.gc.phase.name": "CMS Initial Mark", - "fileset.module": "elasticsearch", - "fileset.name": "gc", - "input.type": "log", - "message": "2018-03-03T19:37:06.157+0500: 14597.826: [GC (CMS Initial Mark) [1 CMS-initial-mark: 131804K(174784K)] 142444K(253440K), 0.0021716 secs] [Times: user=0.01 sys=0.00, real=0.00 secs]", - "offset": 0, + "@timestamp": "2018-03-03T14:37:06.157Z", + "elasticsearch.gc.heap.size_kb": "253440", + "elasticsearch.gc.heap.used_kb": "142444", + "elasticsearch.gc.jvm_runtime_sec": "14597.826", + "elasticsearch.gc.old_gen.size_kb": "174784", + "elasticsearch.gc.old_gen.used_kb": "131804", + "elasticsearch.gc.phase.cpu_time.real_sec": "0.00", + "elasticsearch.gc.phase.cpu_time.sys_sec": "0.00", + "elasticsearch.gc.phase.cpu_time.user_sec": "0.01", + "elasticsearch.gc.phase.duration_sec": "0.0021716", + "elasticsearch.gc.phase.name": "CMS Initial Mark", + "fileset.module": "elasticsearch", + "fileset.name": "gc", + "input.type": "log", + "message": "2018-03-03T19:37:06.157+0500: 14597.826: [GC (CMS Initial Mark) [1 CMS-initial-mark: 131804K(174784K)] 142444K(253440K), 0.0021716 secs] [Times: user=0.01 sys=0.00, real=0.00 secs]", + "offset": 0, "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-11T01:53:11.382Z", - "elasticsearch.gc.jvm_runtime_sec": "1396138.752", - "elasticsearch.gc.stopping_threads_time_sec": "0.0000702", - "elasticsearch.gc.threads_total_stop_time_sec": "0.0083760", - "fileset.module": "elasticsearch", - "fileset.name": "gc", - "input.type": "log", - "message": "2018-06-11T01:53:11.382+0000: 1396138.752: Total time for which application threads were stopped: 0.0083760 seconds, Stopping threads took: 0.0000702 seconds", - "offset": 181, + "@timestamp": "2018-06-11T01:53:11.382Z", + "elasticsearch.gc.jvm_runtime_sec": "1396138.752", + "elasticsearch.gc.stopping_threads_time_sec": "0.0000702", + "elasticsearch.gc.threads_total_stop_time_sec": "0.0083760", + "fileset.module": "elasticsearch", + "fileset.name": "gc", + "input.type": "log", + "message": "2018-06-11T01:53:11.382+0000: 1396138.752: Total time for which application threads were stopped: 0.0083760 seconds, Stopping threads took: 0.0000702 seconds", + "offset": 181, "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-30T11:35:26.632Z", - "elasticsearch.gc.heap.size_kb": "506816", - "elasticsearch.gc.heap.used_kb": "391020", - "elasticsearch.gc.jvm_runtime_sec": "224.671", - "elasticsearch.gc.old_gen.size_kb": "349568", - "elasticsearch.gc.old_gen.used_kb": "277821", - "elasticsearch.gc.phase.class_unload_time_sec": "0.0188407", - "elasticsearch.gc.phase.cpu_time.real_sec": "0.04", - "elasticsearch.gc.phase.cpu_time.sys_sec": "0.00", - "elasticsearch.gc.phase.cpu_time.user_sec": "0.12", - "elasticsearch.gc.phase.duration_sec": "0.0457689", - "elasticsearch.gc.phase.name": "CMS Final Remark", - "elasticsearch.gc.phase.parallel_rescan_time_sec": "0.0148273", - "elasticsearch.gc.phase.scrub_string_table_time_sec": "0.0005253", - "elasticsearch.gc.phase.scrub_symbol_table_time_sec": "0.0100207", - "elasticsearch.gc.phase.weak_refs_processing_time_sec": "0.0003647", - "elasticsearch.gc.young_gen.size_kb": "157248", - "elasticsearch.gc.young_gen.used_kb": "113198", - "fileset.module": "elasticsearch", - "fileset.name": "gc", - "input.type": "log", - "message": "2018-06-30T16:35:26.632+0500: 224.671: [GC (CMS Final Remark) [YG occupancy: 113198 K (157248 K)]224.671: [Rescan (parallel) , 0.0148273 secs]224.686: [weak refs processing, 0.0003647 secs]224.687: [class unloading, 0.0188407 secs]224.705: [scrub symbol table, 0.0100207 secs]224.715: [scrub string table, 0.0005253 secs][1 CMS-remark: 277821K(349568K)] 391020K(506816K), 0.0457689 secs] [Times: user=0.12 sys=0.00, real=0.04 secs]", - "offset": 339, + "@timestamp": "2018-06-30T11:35:26.632Z", + "elasticsearch.gc.heap.size_kb": "506816", + "elasticsearch.gc.heap.used_kb": "391020", + "elasticsearch.gc.jvm_runtime_sec": "224.671", + "elasticsearch.gc.old_gen.size_kb": "349568", + "elasticsearch.gc.old_gen.used_kb": "277821", + "elasticsearch.gc.phase.class_unload_time_sec": "0.0188407", + "elasticsearch.gc.phase.cpu_time.real_sec": "0.04", + "elasticsearch.gc.phase.cpu_time.sys_sec": "0.00", + "elasticsearch.gc.phase.cpu_time.user_sec": "0.12", + "elasticsearch.gc.phase.duration_sec": "0.0457689", + "elasticsearch.gc.phase.name": "CMS Final Remark", + "elasticsearch.gc.phase.parallel_rescan_time_sec": "0.0148273", + "elasticsearch.gc.phase.scrub_string_table_time_sec": "0.0005253", + "elasticsearch.gc.phase.scrub_symbol_table_time_sec": "0.0100207", + "elasticsearch.gc.phase.weak_refs_processing_time_sec": "0.0003647", + "elasticsearch.gc.young_gen.size_kb": "157248", + "elasticsearch.gc.young_gen.used_kb": "113198", + "fileset.module": "elasticsearch", + "fileset.name": "gc", + "input.type": "log", + "message": "2018-06-30T16:35:26.632+0500: 224.671: [GC (CMS Final Remark) [YG occupancy: 113198 K (157248 K)]224.671: [Rescan (parallel) , 0.0148273 secs]224.686: [weak refs processing, 0.0003647 secs]224.687: [class unloading, 0.0188407 secs]224.705: [scrub symbol table, 0.0100207 secs]224.715: [scrub string table, 0.0005253 secs][1 CMS-remark: 277821K(349568K)] 391020K(506816K), 0.0457689 secs] [Times: user=0.12 sys=0.00, real=0.04 secs]", + "offset": 339, "service.name": "elasticsearch" } -] +] \ No newline at end of file diff --git a/filebeat/module/elasticsearch/server/test/test.log-expected.json b/filebeat/module/elasticsearch/server/test/test.log-expected.json index b5a82677e2fa..d22c38245f1f 100644 --- a/filebeat/module/elasticsearch/server/test/test.log-expected.json +++ b/filebeat/module/elasticsearch/server/test/test.log-expected.json @@ -1,251 +1,251 @@ [ { - "@timestamp": "2018-05-17T08:29:12,177", - "elasticsearch.index.name": "test-filebeat-modules", - "elasticsearch.node.name": "vWNJsZ3", - "elasticsearch.server.component": "o.e.c.m.MetaDataCreateIndexService", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", - "log.level": "INFO", - "message": "creating index, cause [auto(bulk api)], templates [test-filebeat-modules], shards [5]/[1], mappings [doc]", - "offset": 0, - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-05-17T08:19:35,939", - "elasticsearch.node.name": "", - "elasticsearch.server.component": "o.e.n.Node", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", - "log.level": "INFO", - "message": "initializing ...", - "offset": 209, - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-05-17T08:19:36,089", - "elasticsearch.node.name": "vWNJsZ3", - "elasticsearch.server.component": "o.e.e.NodeEnvironment", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", - "log.level": "INFO", - "message": "using [1] data paths, mounts [[/ (/dev/disk1s1)]], net usable_space [32.4gb], net total_space [233.5gb], types [apfs]", - "offset": 289, - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-05-17T08:19:36,090", - "elasticsearch.node.name": "vWNJsZ3", - "elasticsearch.server.component": "o.e.e.NodeEnvironment", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", - "log.level": "INFO", - "message": "heap size [990.7mb], compressed ordinary object pointers [true]", - "offset": 477, - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-05-17T08:19:36,116", - "elasticsearch.server.component": "o.e.n.Node", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", - "log.level": "INFO", - "message": "node name [vWNJsZ3] derived from node ID [vWNJsZ3nTIKh5a1ai-ftYQ]; set [node.name] to override", - "offset": 611, - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-05-17T08:23:48,941", - "elasticsearch.node.name": "vWNJsZ3", - "elasticsearch.server.component": "o.e.c.r.a.DiskThresholdMonitor", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", - "log.level": "INFO", - "message": "low disk watermark [85%] exceeded on [vWNJsZ3nTIKh5a1ai-ftYQ][vWNJsZ3][/Users/ruflin/Downloads/elasticsearch-6.2.4/data/nodes/0] free: 33.4gb[14.3%], replicas will not be assigned to this node", - "offset": 766, - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-05-17T08:29:09,245", - "elasticsearch.index.name": "filebeat-test-input", - "elasticsearch.node.name": "vWNJsZ3", - "elasticsearch.server.component": "o.e.c.m.MetaDataCreateIndexService", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", - "log.level": "INFO", - "message": "creating index, cause [auto(bulk api)], templates [filebeat-test-input], shards [5]/[1], mappings [doc]", - "offset": 1034, - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-05-17T08:29:09,576", - "elasticsearch.index.id": "aOGgDwbURfCV57AScqbCgw", - "elasticsearch.index.name": "filebeat-test-input", - "elasticsearch.node.name": "vWNJsZ3", - "elasticsearch.server.component": "o.e.c.m.MetaDataMappingService", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", - "log.level": "INFO", - "message": "update_mapping [doc]", - "offset": 1239, - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-07-09T12:47:33,959", - "elasticsearch.index.id": "3tWftqb4RLKdyCAga9syGA", - "elasticsearch.index.name": ".kibana", - "elasticsearch.node.name": "QGY1F5P", - "elasticsearch.server.component": "o.e.c.m.MetaDataMappingService", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", - "log.level": "INFO", - "message": "update_mapping [doc]", - "offset": 1380, - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-05-17T08:29:25,598", - "elasticsearch.node.name": "vWNJsZ3", - "elasticsearch.server.component": "o.e.n.Node", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", - "log.level": "INFO", - "message": "closing ...", - "offset": 1509, - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-05-17T08:29:25,612", - "elasticsearch.node.name": "vWNJsZ3", - "elasticsearch.server.component": "o.e.n.Node", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", - "log.level": "INFO", - "message": "closed", - "offset": 1591, - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-07-03T11:45:48,548", - "elasticsearch.node.name": "srvmulpvlsk252_md", - "elasticsearch.server.component": "o.e.d.z.ZenDiscovery", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", - "log.level": "INFO", - "message": "master_left [{srvmulpvlsk250_md}{igrwSoPGSJ6u_5b8k26tgQ}{PuRqciBFRbiQvL2_lS7LrQ}{srvmulpvlsk250.loganalytics.santanderuk.corp}{180.39.9.91:9300}{ml.max_open_jobs=10, ml.enabled=true}], reason [failed to ping, tried [3] times, each with maximum [30s] timeout]", - "offset": 1668, - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-07-03T11:45:48,548", - "elasticsearch.node.name": "srvmulpvlsk252_md", - "elasticsearch.server.component": "o.e.d.z.ZenDiscovery", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", + "@timestamp": "2018-05-17T08:29:12,177", + "elasticsearch.index.name": "test-filebeat-modules", + "elasticsearch.node.name": "vWNJsZ3", + "elasticsearch.server.component": "o.e.c.m.MetaDataCreateIndexService", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", + "log.level": "INFO", + "message": "creating index, cause [auto(bulk api)], templates [test-filebeat-modules], shards [5]/[1], mappings [doc]", + "offset": 0, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-05-17T08:19:35,939", + "elasticsearch.node.name": "", + "elasticsearch.server.component": "o.e.n.Node", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", + "log.level": "INFO", + "message": "initializing ...", + "offset": 209, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-05-17T08:19:36,089", + "elasticsearch.node.name": "vWNJsZ3", + "elasticsearch.server.component": "o.e.e.NodeEnvironment", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", + "log.level": "INFO", + "message": "using [1] data paths, mounts [[/ (/dev/disk1s1)]], net usable_space [32.4gb], net total_space [233.5gb], types [apfs]", + "offset": 289, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-05-17T08:19:36,090", + "elasticsearch.node.name": "vWNJsZ3", + "elasticsearch.server.component": "o.e.e.NodeEnvironment", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", + "log.level": "INFO", + "message": "heap size [990.7mb], compressed ordinary object pointers [true]", + "offset": 477, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-05-17T08:19:36,116", + "elasticsearch.server.component": "o.e.n.Node", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", + "log.level": "INFO", + "message": "node name [vWNJsZ3] derived from node ID [vWNJsZ3nTIKh5a1ai-ftYQ]; set [node.name] to override", + "offset": 611, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-05-17T08:23:48,941", + "elasticsearch.node.name": "vWNJsZ3", + "elasticsearch.server.component": "o.e.c.r.a.DiskThresholdMonitor", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", + "log.level": "INFO", + "message": "low disk watermark [85%] exceeded on [vWNJsZ3nTIKh5a1ai-ftYQ][vWNJsZ3][/Users/ruflin/Downloads/elasticsearch-6.2.4/data/nodes/0] free: 33.4gb[14.3%], replicas will not be assigned to this node", + "offset": 766, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-05-17T08:29:09,245", + "elasticsearch.index.name": "filebeat-test-input", + "elasticsearch.node.name": "vWNJsZ3", + "elasticsearch.server.component": "o.e.c.m.MetaDataCreateIndexService", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", + "log.level": "INFO", + "message": "creating index, cause [auto(bulk api)], templates [filebeat-test-input], shards [5]/[1], mappings [doc]", + "offset": 1034, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-05-17T08:29:09,576", + "elasticsearch.index.id": "aOGgDwbURfCV57AScqbCgw", + "elasticsearch.index.name": "filebeat-test-input", + "elasticsearch.node.name": "vWNJsZ3", + "elasticsearch.server.component": "o.e.c.m.MetaDataMappingService", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", + "log.level": "INFO", + "message": "update_mapping [doc]", + "offset": 1239, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-07-09T12:47:33,959", + "elasticsearch.index.id": "3tWftqb4RLKdyCAga9syGA", + "elasticsearch.index.name": ".kibana", + "elasticsearch.node.name": "QGY1F5P", + "elasticsearch.server.component": "o.e.c.m.MetaDataMappingService", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", + "log.level": "INFO", + "message": "update_mapping [doc]", + "offset": 1380, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-05-17T08:29:25,598", + "elasticsearch.node.name": "vWNJsZ3", + "elasticsearch.server.component": "o.e.n.Node", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", + "log.level": "INFO", + "message": "closing ...", + "offset": 1509, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-05-17T08:29:25,612", + "elasticsearch.node.name": "vWNJsZ3", + "elasticsearch.server.component": "o.e.n.Node", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", + "log.level": "INFO", + "message": "closed", + "offset": 1591, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-07-03T11:45:48,548", + "elasticsearch.node.name": "srvmulpvlsk252_md", + "elasticsearch.server.component": "o.e.d.z.ZenDiscovery", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", + "log.level": "INFO", + "message": "master_left [{srvmulpvlsk250_md}{igrwSoPGSJ6u_5b8k26tgQ}{PuRqciBFRbiQvL2_lS7LrQ}{srvmulpvlsk250.loganalytics.santanderuk.corp}{180.39.9.91:9300}{ml.max_open_jobs=10, ml.enabled=true}], reason [failed to ping, tried [3] times, each with maximum [30s] timeout]", + "offset": 1668, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-07-03T11:45:48,548", + "elasticsearch.node.name": "srvmulpvlsk252_md", + "elasticsearch.server.component": "o.e.d.z.ZenDiscovery", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", "log.flags": [ "multiline" - ], - "log.level": "WARN", - "message": "master left (reason = failed to ping, tried [3] times, each with maximum [30s] timeout), current nodes: nodes:\n {srvmulpvlsk252_md}{uc5xdiQgRhaBIY-sszgjvQ}{X9pC0t1UQQix_NNOM0J6JQ}{srvmulpvlsk252.loganalytics.santanderuk.corp}{180.39.9.93:9300}{ml.max_open_jobs=10, ml.enabled=true}, local\n {srvmulpvlsk258_md}{HgW6EDn5QCmWVmICy4saHw}{o8zku7OJR4CTp0IjY8Ag4Q}{srvmulpvlsk258.loganalytics.santanderuk.corp}{180.39.9.99:9300}{ml.max_open_jobs=10, ml.enabled=true}\n {srvmulpvlsk250_md}{igrwSoPGSJ6u_5b8k26tgQ}{PuRqciBFRbiQvL2_lS7LrQ}{srvmulpvlsk250.loganalytics.santanderuk.corp}{180.39.9.91:9300}{ml.max_open_jobs=10, ml.enabled=true}, master\n {srvmulpvlsk254_id}{wZYeAh2URc2NwBIHZolLWQ}{3nduupo-TzSPaXjQaNu4Sg}{srvmulpvlsk254.loganalytics.santanderuk.corp}{180.39.9.95:9300}{ml.max_open_jobs=10, ml.enabled=true}", - "offset": 2008, - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-07-03T11:45:52,666", - "elasticsearch.server.component": "r.suppressed", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", + ], + "log.level": "WARN", + "message": "master left (reason = failed to ping, tried [3] times, each with maximum [30s] timeout), current nodes: nodes:\n {srvmulpvlsk252_md}{uc5xdiQgRhaBIY-sszgjvQ}{X9pC0t1UQQix_NNOM0J6JQ}{srvmulpvlsk252.loganalytics.santanderuk.corp}{180.39.9.93:9300}{ml.max_open_jobs=10, ml.enabled=true}, local\n {srvmulpvlsk258_md}{HgW6EDn5QCmWVmICy4saHw}{o8zku7OJR4CTp0IjY8Ag4Q}{srvmulpvlsk258.loganalytics.santanderuk.corp}{180.39.9.99:9300}{ml.max_open_jobs=10, ml.enabled=true}\n {srvmulpvlsk250_md}{igrwSoPGSJ6u_5b8k26tgQ}{PuRqciBFRbiQvL2_lS7LrQ}{srvmulpvlsk250.loganalytics.santanderuk.corp}{180.39.9.91:9300}{ml.max_open_jobs=10, ml.enabled=true}, master\n {srvmulpvlsk254_id}{wZYeAh2URc2NwBIHZolLWQ}{3nduupo-TzSPaXjQaNu4Sg}{srvmulpvlsk254.loganalytics.santanderuk.corp}{180.39.9.95:9300}{ml.max_open_jobs=10, ml.enabled=true}", + "offset": 2008, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-07-03T11:45:52,666", + "elasticsearch.server.component": "r.suppressed", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", "log.flags": [ "multiline" - ], - "log.level": "WARN", - "message": "path: /_xpack/monitoring/_bulk, params: {system_id=logstash, system_api_version=2, interval=1s}\norg.elasticsearch.cluster.block.ClusterBlockException: blocked by: [SERVICE_UNAVAILABLE/2/no master];\n at org.elasticsearch.cluster.block.ClusterBlocks.globalBlockedException(ClusterBlocks.java:165) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.cluster.block.ClusterBlocks.globalBlockedRaiseException(ClusterBlocks.java:151) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.monitoring.action.TransportMonitoringBulkAction.doExecute(TransportMonitoringBulkAction.java:57) ~[?:?]\n at org.elasticsearch.xpack.monitoring.action.TransportMonitoringBulkAction.doExecute(TransportMonitoringBulkAction.java:40) ~[?:?]\n at org.elasticsearch.action.support.TransportAction.doExecute(TransportAction.java:146) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:170) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$apply$1(SecurityActionFilter.java:133) ~[?:?]\n at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:59) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$authorizeRequest$4(SecurityActionFilter.java:208) ~[?:?]\n at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.maybeRun(AuthorizationUtils.java:127) ~[?:?]\n at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.setRunAsRoles(AuthorizationUtils.java:121) ~[?:?]\n at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.authorize(AuthorizationUtils.java:109) ~[?:?]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.authorizeRequest(SecurityActionFilter.java:210) ~[?:?]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$applyInternal$3(SecurityActionFilter.java:186) ~[?:?]\n at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:59) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$authenticateAsync$2(AuthenticationService.java:212) ~[?:?]\n at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$lookForExistingAuthentication$4(AuthenticationService.java:246) ~[?:?]\n at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lookForExistingAuthentication(AuthenticationService.java:257) ~[?:?]\n at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.authenticateAsync(AuthenticationService.java:210) ~[?:?]\n at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.access$000(AuthenticationService.java:159) ~[?:?]\n at org.elasticsearch.xpack.security.authc.AuthenticationService.authenticate(AuthenticationService.java:122) ~[?:?]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.applyInternal(SecurityActionFilter.java:185) ~[?:?]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.apply(SecurityActionFilter.java:145) ~[?:?]\n at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:168) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:142) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:84) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.node.NodeClient.executeLocally(NodeClient.java:83) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.node.NodeClient.doExecute(NodeClient.java:72) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:408) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.ActionRequestBuilder.execute(ActionRequestBuilder.java:80) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.monitoring.rest.action.RestMonitoringBulkAction.lambda$doPrepareRequest$0(RestMonitoringBulkAction.java:77) ~[?:?]\n at org.elasticsearch.rest.BaseRestHandler.handleReques", - "offset": 2907, - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-07-03T11:48:02,552", - "elasticsearch.server.component": "r.suppressed", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", + ], + "log.level": "WARN", + "message": "path: /_xpack/monitoring/_bulk, params: {system_id=logstash, system_api_version=2, interval=1s}\norg.elasticsearch.cluster.block.ClusterBlockException: blocked by: [SERVICE_UNAVAILABLE/2/no master];\n at org.elasticsearch.cluster.block.ClusterBlocks.globalBlockedException(ClusterBlocks.java:165) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.cluster.block.ClusterBlocks.globalBlockedRaiseException(ClusterBlocks.java:151) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.monitoring.action.TransportMonitoringBulkAction.doExecute(TransportMonitoringBulkAction.java:57) ~[?:?]\n at org.elasticsearch.xpack.monitoring.action.TransportMonitoringBulkAction.doExecute(TransportMonitoringBulkAction.java:40) ~[?:?]\n at org.elasticsearch.action.support.TransportAction.doExecute(TransportAction.java:146) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:170) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$apply$1(SecurityActionFilter.java:133) ~[?:?]\n at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:59) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$authorizeRequest$4(SecurityActionFilter.java:208) ~[?:?]\n at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.maybeRun(AuthorizationUtils.java:127) ~[?:?]\n at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.setRunAsRoles(AuthorizationUtils.java:121) ~[?:?]\n at org.elasticsearch.xpack.security.authz.AuthorizationUtils$AsyncAuthorizer.authorize(AuthorizationUtils.java:109) ~[?:?]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.authorizeRequest(SecurityActionFilter.java:210) ~[?:?]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$applyInternal$3(SecurityActionFilter.java:186) ~[?:?]\n at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:59) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$authenticateAsync$2(AuthenticationService.java:212) ~[?:?]\n at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$lookForExistingAuthentication$4(AuthenticationService.java:246) ~[?:?]\n at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lookForExistingAuthentication(AuthenticationService.java:257) ~[?:?]\n at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.authenticateAsync(AuthenticationService.java:210) ~[?:?]\n at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.access$000(AuthenticationService.java:159) ~[?:?]\n at org.elasticsearch.xpack.security.authc.AuthenticationService.authenticate(AuthenticationService.java:122) ~[?:?]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.applyInternal(SecurityActionFilter.java:185) ~[?:?]\n at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.apply(SecurityActionFilter.java:145) ~[?:?]\n at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:168) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:142) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:84) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.node.NodeClient.executeLocally(NodeClient.java:83) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.node.NodeClient.doExecute(NodeClient.java:72) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:408) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.ActionRequestBuilder.execute(ActionRequestBuilder.java:80) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.monitoring.rest.action.RestMonitoringBulkAction.lambda$doPrepareRequest$0(RestMonitoringBulkAction.java:77) ~[?:?]\n at org.elasticsearch.rest.BaseRestHandler.handleReques", + "offset": 2907, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-07-03T11:48:02,552", + "elasticsearch.server.component": "r.suppressed", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", "log.flags": [ "multiline" - ], - "log.level": "WARN", - "message": "path: /_xpack/license, params: {}\norg.elasticsearch.discovery.MasterNotDiscoveredException: NodeDisconnectedException[[srvmulpvlsk250_md][180.39.9.91:9300][cluster:monitor/xpack/license/get] disconnected]\n at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction$4.onTimeout(TransportMasterNodeAction.java:209) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.cluster.ClusterStateObserver$ContextPreservingListener.onTimeout(ClusterStateObserver.java:311) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.cluster.ClusterStateObserver.waitForNextChange(ClusterStateObserver.java:139) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.cluster.ClusterStateObserver.waitForNextChange(ClusterStateObserver.java:111) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction.retry(TransportMasterNodeAction.java:194) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction.access$500(TransportMasterNodeAction.java:107) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction$3.handleException(TransportMasterNodeAction.java:183) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.transport.TransportService$ContextRestoreResponseHandler.handleException(TransportService.java:1067) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.transport.TransportService$ContextRestoreResponseHandler.handleException(TransportService.java:1067) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.transport.TransportService$Adapter.lambda$onConnectionClosed$6(TransportService.java:893) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:569) [elasticsearch-5.6.3.jar:5.6.3]\n at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_161]\n at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_161]\n at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]\nCaused by: org.elasticsearch.transport.NodeDisconnectedException: [srvmulpvlsk250_md][180.39.9.91:9300][cluster:monitor/xpack/license/get] disconnected", - "offset": 7412, - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-07-03T11:45:27,896", - "elasticsearch.node.name": "srvmulpvlsk252_md", - "elasticsearch.server.component": "o.e.m.j.JvmGcMonitorService", - "elasticsearch.server.gc.young.one": "3449979", - "elasticsearch.server.gc.young.two": "986594", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", + ], + "log.level": "WARN", + "message": "path: /_xpack/license, params: {}\norg.elasticsearch.discovery.MasterNotDiscoveredException: NodeDisconnectedException[[srvmulpvlsk250_md][180.39.9.91:9300][cluster:monitor/xpack/license/get] disconnected]\n at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction$4.onTimeout(TransportMasterNodeAction.java:209) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.cluster.ClusterStateObserver$ContextPreservingListener.onTimeout(ClusterStateObserver.java:311) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.cluster.ClusterStateObserver.waitForNextChange(ClusterStateObserver.java:139) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.cluster.ClusterStateObserver.waitForNextChange(ClusterStateObserver.java:111) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction.retry(TransportMasterNodeAction.java:194) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction.access$500(TransportMasterNodeAction.java:107) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.action.support.master.TransportMasterNodeAction$AsyncSingleAction$3.handleException(TransportMasterNodeAction.java:183) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.transport.TransportService$ContextRestoreResponseHandler.handleException(TransportService.java:1067) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.transport.TransportService$ContextRestoreResponseHandler.handleException(TransportService.java:1067) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.transport.TransportService$Adapter.lambda$onConnectionClosed$6(TransportService.java:893) ~[elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:569) [elasticsearch-5.6.3.jar:5.6.3]\n at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_161]\n at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_161]\n at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]\nCaused by: org.elasticsearch.transport.NodeDisconnectedException: [srvmulpvlsk250_md][180.39.9.91:9300][cluster:monitor/xpack/license/get] disconnected", + "offset": 7412, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-07-03T11:45:27,896", + "elasticsearch.node.name": "srvmulpvlsk252_md", + "elasticsearch.server.component": "o.e.m.j.JvmGcMonitorService", + "elasticsearch.server.gc.young.one": "3449979", + "elasticsearch.server.gc.young.two": "986594", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", "log.flags": [ "multiline" - ], - "log.level": "WARN", - "message": "duration [3.8s], collections [1]/[4.3s], total [3.8s]/[8.8h], memory [16.5gb]->[15.7gb]/[30.8gb], all_po\nols {[young] [1.2gb]->[24mb]/[1.4gb]}{[survivor] [191.3mb]->[191.3mb]/[191.3mb]}{[old] [15.1gb]->[15.5gb]/[29.1gb]}", - "offset": 9873, - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-07-03T11:45:45,604", - "elasticsearch.node.name": "srvmulpvlsk252_md", - "elasticsearch.server.component": "o.e.m.j.JvmGcMonitorService", - "elasticsearch.server.gc_overhead": "3449992", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", - "log.level": "WARN", - "message": "overhead, spent [1.6s] collecting in the last [1.8s]", - "offset": 10205, - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-07-03T11:48:02,541", - "elasticsearch.node.name": "srvmulpvlsk252_md", - "elasticsearch.server.component": "o.e.a.b.TransportShardBulkAction", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", - "log.level": "WARN", - "message": "[[pro_neocrmbigdata_paas-2018-27][0]] failed to perform indices:data/write/bulk[s] on replica [pro_neocrmbigdata_paas-2018-27][0], node[igrwSoPGSJ6u_5b8k26tgQ], [R], s[STARTED], a[id=DKK34YLHRMmJMkWg8jQH6w]", - "offset": 10354, - "service.name": "elasticsearch" - }, - { - "@timestamp": "2018-07-03T20:10:07,376", - "elasticsearch.node.name": "srvmulpvlsk252_md", - "elasticsearch.server.component": "o.e.x.m.MonitoringService", - "fileset.module": "elasticsearch", - "fileset.name": "server", - "input.type": "log", + ], + "log.level": "WARN", + "message": "duration [3.8s], collections [1]/[4.3s], total [3.8s]/[8.8h], memory [16.5gb]->[15.7gb]/[30.8gb], all_po\nols {[young] [1.2gb]->[24mb]/[1.4gb]}{[survivor] [191.3mb]->[191.3mb]/[191.3mb]}{[old] [15.1gb]->[15.5gb]/[29.1gb]}", + "offset": 9873, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-07-03T11:45:45,604", + "elasticsearch.node.name": "srvmulpvlsk252_md", + "elasticsearch.server.component": "o.e.m.j.JvmGcMonitorService", + "elasticsearch.server.gc_overhead": "3449992", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", + "log.level": "WARN", + "message": "overhead, spent [1.6s] collecting in the last [1.8s]", + "offset": 10205, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-07-03T11:48:02,541", + "elasticsearch.node.name": "srvmulpvlsk252_md", + "elasticsearch.server.component": "o.e.a.b.TransportShardBulkAction", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", + "log.level": "WARN", + "message": "[[pro_neocrmbigdata_paas-2018-27][0]] failed to perform indices:data/write/bulk[s] on replica [pro_neocrmbigdata_paas-2018-27][0], node[igrwSoPGSJ6u_5b8k26tgQ], [R], s[STARTED], a[id=DKK34YLHRMmJMkWg8jQH6w]", + "offset": 10354, + "service.name": "elasticsearch" + }, + { + "@timestamp": "2018-07-03T20:10:07,376", + "elasticsearch.node.name": "srvmulpvlsk252_md", + "elasticsearch.server.component": "o.e.x.m.MonitoringService", + "fileset.module": "elasticsearch", + "fileset.name": "server", + "input.type": "log", "log.flags": [ "multiline" - ], - "log.level": "WARN", - "message": "monitoring execution failed\norg.elasticsearch.xpack.monitoring.exporter.ExportException: Exception when closing export bulk\n at org.elasticsearch.xpack.monitoring.exporter.ExportBulk$1$1.(ExportBulk.java:106) ~[?:?]\n at org.elasticsearch.xpack.monitoring.exporter.ExportBulk$1.onFailure(ExportBulk.java:104) ~[?:?]\n at org.elasticsearch.xpack.monitoring.exporter.ExportBulk$Compound$1.onResponse(ExportBulk.java:217) ~[?:?]\n at org.elasticsearch.xpack.monitoring.exporter.ExportBulk$Compound$1.onResponse(ExportBulk.java:211) ~[?:?]\n at org.elasticsearch.xpack.common.IteratingActionListener.onResponse(IteratingActionListener.java:108) ~[?:?]\n at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:59) [elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.monitoring.exporter.http.HttpExportBulk$1.onSuccess(HttpExportBulk.java:115) [x-pack-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.RestClient$FailureTrackingResponseListener.onSuccess(RestClient.java:597) [elasticsearch-rest-client-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.RestClient$1.completed(RestClient.java:352) [elasticsearch-rest-client-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.RestClient$1.completed(RestClient.java:343) [elasticsearch-rest-client-5.6.3.jar:5.6.3]\n at org.apache.http.concurrent.BasicFuture.completed(BasicFuture.java:119) [httpcore-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.client.DefaultClientExchangeHandlerImpl.responseCompleted(DefaultClientExchangeHandlerImpl.java:177) [httpasyncclient-4.1.2.jar:4.1.2]\n at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.processResponse(HttpAsyncRequestExecutor.java:436) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.inputReady(HttpAsyncRequestExecutor.java:326) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.DefaultNHttpClientConnection.consumeInput(DefaultNHttpClientConnection.java:265) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:81) [httpasyncclient-4.1.2.jar:4.1.2]\n at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:39) [httpasyncclient-4.1.2.jar:4.1.2]\n at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:114) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:588) [httpcore-nio-4.4.5.jar:4.4.5]\n at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]\n", - "offset": 10648, + ], + "log.level": "WARN", + "message": "monitoring execution failed\norg.elasticsearch.xpack.monitoring.exporter.ExportException: Exception when closing export bulk\n at org.elasticsearch.xpack.monitoring.exporter.ExportBulk$1$1.(ExportBulk.java:106) ~[?:?]\n at org.elasticsearch.xpack.monitoring.exporter.ExportBulk$1.onFailure(ExportBulk.java:104) ~[?:?]\n at org.elasticsearch.xpack.monitoring.exporter.ExportBulk$Compound$1.onResponse(ExportBulk.java:217) ~[?:?]\n at org.elasticsearch.xpack.monitoring.exporter.ExportBulk$Compound$1.onResponse(ExportBulk.java:211) ~[?:?]\n at org.elasticsearch.xpack.common.IteratingActionListener.onResponse(IteratingActionListener.java:108) ~[?:?]\n at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:59) [elasticsearch-5.6.3.jar:5.6.3]\n at org.elasticsearch.xpack.monitoring.exporter.http.HttpExportBulk$1.onSuccess(HttpExportBulk.java:115) [x-pack-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.RestClient$FailureTrackingResponseListener.onSuccess(RestClient.java:597) [elasticsearch-rest-client-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.RestClient$1.completed(RestClient.java:352) [elasticsearch-rest-client-5.6.3.jar:5.6.3]\n at org.elasticsearch.client.RestClient$1.completed(RestClient.java:343) [elasticsearch-rest-client-5.6.3.jar:5.6.3]\n at org.apache.http.concurrent.BasicFuture.completed(BasicFuture.java:119) [httpcore-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.client.DefaultClientExchangeHandlerImpl.responseCompleted(DefaultClientExchangeHandlerImpl.java:177) [httpasyncclient-4.1.2.jar:4.1.2]\n at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.processResponse(HttpAsyncRequestExecutor.java:436) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.inputReady(HttpAsyncRequestExecutor.java:326) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.DefaultNHttpClientConnection.consumeInput(DefaultNHttpClientConnection.java:265) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:81) [httpasyncclient-4.1.2.jar:4.1.2]\n at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:39) [httpasyncclient-4.1.2.jar:4.1.2]\n at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:114) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104) [httpcore-nio-4.4.5.jar:4.4.5]\n at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:588) [httpcore-nio-4.4.5.jar:4.4.5]\n at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]\n", + "offset": 10648, "service.name": "elasticsearch" } -] +] \ No newline at end of file diff --git a/filebeat/module/elasticsearch/slowlog/test/test.log-expected.json b/filebeat/module/elasticsearch/slowlog/test/test.log-expected.json index 359197ab2faa..ea0832415ae1 100644 --- a/filebeat/module/elasticsearch/slowlog/test/test.log-expected.json +++ b/filebeat/module/elasticsearch/slowlog/test/test.log-expected.json @@ -1,133 +1,133 @@ [ { - "@timestamp": "2018-06-29T10:06:14,933", - "elasticsearch.index.name": "metricbeat-6.3.0-2018.06.26", - "elasticsearch.node.name": "v_VJhjV", - "elasticsearch.shard.id": "0", - "elasticsearch.slowlog.logger": "index.search.slowlog.query", - "elasticsearch.slowlog.search_type": "QUERY_THEN_FETCH", - "elasticsearch.slowlog.source_query": "{\"query\":{\"match_all\":{\"boost\":1.0}}}", - "elasticsearch.slowlog.stats": "", - "elasticsearch.slowlog.took": "4.5ms", - "elasticsearch.slowlog.took_millis": 4, - "elasticsearch.slowlog.total_hits": 19435, - "elasticsearch.slowlog.total_shards": 1, - "elasticsearch.slowlog.types": "", - "fileset.module": "elasticsearch", - "fileset.name": "slowlog", - "input.type": "log", - "log.level": "INFO", - "message": "[2018-06-29T10:06:14,933][INFO ][index.search.slowlog.query] [v_VJhjV] [metricbeat-6.3.0-2018.06.26][0] took[4.5ms], took_millis[4], total_hits[19435], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[1], source[{\"query\":{\"match_all\":{\"boost\":1.0}}}],", - "offset": 0, + "@timestamp": "2018-06-29T10:06:14,933", + "elasticsearch.index.name": "metricbeat-6.3.0-2018.06.26", + "elasticsearch.node.name": "v_VJhjV", + "elasticsearch.shard.id": "0", + "elasticsearch.slowlog.logger": "index.search.slowlog.query", + "elasticsearch.slowlog.search_type": "QUERY_THEN_FETCH", + "elasticsearch.slowlog.source_query": "{\"query\":{\"match_all\":{\"boost\":1.0}}}", + "elasticsearch.slowlog.stats": "", + "elasticsearch.slowlog.took": "4.5ms", + "elasticsearch.slowlog.took_millis": 4, + "elasticsearch.slowlog.total_hits": 19435, + "elasticsearch.slowlog.total_shards": 1, + "elasticsearch.slowlog.types": "", + "fileset.module": "elasticsearch", + "fileset.name": "slowlog", + "input.type": "log", + "log.level": "INFO", + "message": "[2018-06-29T10:06:14,933][INFO ][index.search.slowlog.query] [v_VJhjV] [metricbeat-6.3.0-2018.06.26][0] took[4.5ms], took_millis[4], total_hits[19435], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[1], source[{\"query\":{\"match_all\":{\"boost\":1.0}}}],", + "offset": 0, "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-29T10:06:14,943", - "elasticsearch.index.name": "metricbeat-6.3.0-2018.06.26", - "elasticsearch.node.name": "v_VJhjV", - "elasticsearch.shard.id": "0", - "elasticsearch.slowlog.logger": "index.search.slowlog.fetch", - "elasticsearch.slowlog.search_type": "QUERY_THEN_FETCH", - "elasticsearch.slowlog.source_query": "{\"query\":{\"match_all\":{\"boost\":1.0}}}", - "elasticsearch.slowlog.stats": "", - "elasticsearch.slowlog.took": "10.8ms", - "elasticsearch.slowlog.took_millis": 10, - "elasticsearch.slowlog.total_hits": 19435, - "elasticsearch.slowlog.total_shards": 1, - "elasticsearch.slowlog.types": "", - "fileset.module": "elasticsearch", - "fileset.name": "slowlog", - "input.type": "log", - "log.level": "INFO", - "message": "[2018-06-29T10:06:14,943][INFO ][index.search.slowlog.fetch] [v_VJhjV] [metricbeat-6.3.0-2018.06.26][0] took[10.8ms], took_millis[10], total_hits[19435], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[1], source[{\"query\":{\"match_all\":{\"boost\":1.0}}}],", - "offset": 265, + "@timestamp": "2018-06-29T10:06:14,943", + "elasticsearch.index.name": "metricbeat-6.3.0-2018.06.26", + "elasticsearch.node.name": "v_VJhjV", + "elasticsearch.shard.id": "0", + "elasticsearch.slowlog.logger": "index.search.slowlog.fetch", + "elasticsearch.slowlog.search_type": "QUERY_THEN_FETCH", + "elasticsearch.slowlog.source_query": "{\"query\":{\"match_all\":{\"boost\":1.0}}}", + "elasticsearch.slowlog.stats": "", + "elasticsearch.slowlog.took": "10.8ms", + "elasticsearch.slowlog.took_millis": 10, + "elasticsearch.slowlog.total_hits": 19435, + "elasticsearch.slowlog.total_shards": 1, + "elasticsearch.slowlog.types": "", + "fileset.module": "elasticsearch", + "fileset.name": "slowlog", + "input.type": "log", + "log.level": "INFO", + "message": "[2018-06-29T10:06:14,943][INFO ][index.search.slowlog.fetch] [v_VJhjV] [metricbeat-6.3.0-2018.06.26][0] took[10.8ms], took_millis[10], total_hits[19435], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[1], source[{\"query\":{\"match_all\":{\"boost\":1.0}}}],", + "offset": 265, "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-29T09:01:01,821", - "elasticsearch.index.name": "metricbeat-6.3.0-2018.06.26", - "elasticsearch.node.name": "v_VJhjV", - "elasticsearch.shard.id": "0", - "elasticsearch.slowlog.logger": "index.search.slowlog.query", - "elasticsearch.slowlog.search_type": "QUERY_THEN_FETCH", - "elasticsearch.slowlog.source_query": "{\"size\":500,\"query\":{\"match_none\":{\"boost\":1.0}},\"version\":true,\"_source\":{\"includes\":[],\"excludes\":[]},\"stored_fields\":\"*\",\"docvalue_fields\":[\"@timestamp\",\"ceph.monitor_health.last_updated\",\"docker.container.created\",\"docker.healthcheck.event.end_date\",\"docker.healthcheck.event.start_date\",\"docker.image.created\",\"kubernetes.container.start_time\",\"kubernetes.event.metadata.timestamp.created\",\"kubernetes.node.start_time\",\"kubernetes.pod.start_time\",\"kubernetes.system.start_time\",\"mongodb.status.background_flushing.last_finished\",\"mongodb.status.local_time\",\"php_fpm.pool.start_time\",\"postgresql.activity.backend_start\",\"postgresql.activity.query_start\",\"postgresql.activity.state_change\",\"postgresql.activity.transaction_start\",\"postgresql.bgwriter.stats_reset\",\"postgresql.database.stats_reset\",\"system.process.cpu.start_time\"],\"script_fields\":{},\"sort\":[{\"@timestamp\":{\"order\":\"desc\",\"unmapped_type\":\"boolean\"}}],\"aggregations\":{\"2\":{\"date_histogram\":{\"field\":\"@timestamp\",\"time_zone\":\"Europe/Berlin\",\"interval\":\"30s\",\"offset\":0,\"order\":{\"_key\":\"asc\"},\"keyed\":false,\"min_doc_count\":1}}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fragment_size\":2147483647,\"fields\":{\"*\":{}}}}", - "elasticsearch.slowlog.stats": "", - "elasticsearch.slowlog.took": "124.3ms", - "elasticsearch.slowlog.took_millis": 124, - "elasticsearch.slowlog.total_hits": 0, - "elasticsearch.slowlog.total_shards": 1, - "elasticsearch.slowlog.types": "", - "fileset.module": "elasticsearch", - "fileset.name": "slowlog", - "input.type": "log", - "log.level": "INFO", - "message": "[2018-06-29T09:01:01,821][INFO ][index.search.slowlog.query] [v_VJhjV] [metricbeat-6.3.0-2018.06.26][0] took[124.3ms], took_millis[124], total_hits[0], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[1], source[{\"size\":500,\"query\":{\"match_none\":{\"boost\":1.0}},\"version\":true,\"_source\":{\"includes\":[],\"excludes\":[]},\"stored_fields\":\"*\",\"docvalue_fields\":[\"@timestamp\",\"ceph.monitor_health.last_updated\",\"docker.container.created\",\"docker.healthcheck.event.end_date\",\"docker.healthcheck.event.start_date\",\"docker.image.created\",\"kubernetes.container.start_time\",\"kubernetes.event.metadata.timestamp.created\",\"kubernetes.node.start_time\",\"kubernetes.pod.start_time\",\"kubernetes.system.start_time\",\"mongodb.status.background_flushing.last_finished\",\"mongodb.status.local_time\",\"php_fpm.pool.start_time\",\"postgresql.activity.backend_start\",\"postgresql.activity.query_start\",\"postgresql.activity.state_change\",\"postgresql.activity.transaction_start\",\"postgresql.bgwriter.stats_reset\",\"postgresql.database.stats_reset\",\"system.process.cpu.start_time\"],\"script_fields\":{},\"sort\":[{\"@timestamp\":{\"order\":\"desc\",\"unmapped_type\":\"boolean\"}}],\"aggregations\":{\"2\":{\"date_histogram\":{\"field\":\"@timestamp\",\"time_zone\":\"Europe/Berlin\",\"interval\":\"30s\",\"offset\":0,\"order\":{\"_key\":\"asc\"},\"keyed\":false,\"min_doc_count\":1}}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fragment_size\":2147483647,\"fields\":{\"*\":{}}}}],", - "offset": 532, + "@timestamp": "2018-06-29T09:01:01,821", + "elasticsearch.index.name": "metricbeat-6.3.0-2018.06.26", + "elasticsearch.node.name": "v_VJhjV", + "elasticsearch.shard.id": "0", + "elasticsearch.slowlog.logger": "index.search.slowlog.query", + "elasticsearch.slowlog.search_type": "QUERY_THEN_FETCH", + "elasticsearch.slowlog.source_query": "{\"size\":500,\"query\":{\"match_none\":{\"boost\":1.0}},\"version\":true,\"_source\":{\"includes\":[],\"excludes\":[]},\"stored_fields\":\"*\",\"docvalue_fields\":[\"@timestamp\",\"ceph.monitor_health.last_updated\",\"docker.container.created\",\"docker.healthcheck.event.end_date\",\"docker.healthcheck.event.start_date\",\"docker.image.created\",\"kubernetes.container.start_time\",\"kubernetes.event.metadata.timestamp.created\",\"kubernetes.node.start_time\",\"kubernetes.pod.start_time\",\"kubernetes.system.start_time\",\"mongodb.status.background_flushing.last_finished\",\"mongodb.status.local_time\",\"php_fpm.pool.start_time\",\"postgresql.activity.backend_start\",\"postgresql.activity.query_start\",\"postgresql.activity.state_change\",\"postgresql.activity.transaction_start\",\"postgresql.bgwriter.stats_reset\",\"postgresql.database.stats_reset\",\"system.process.cpu.start_time\"],\"script_fields\":{},\"sort\":[{\"@timestamp\":{\"order\":\"desc\",\"unmapped_type\":\"boolean\"}}],\"aggregations\":{\"2\":{\"date_histogram\":{\"field\":\"@timestamp\",\"time_zone\":\"Europe/Berlin\",\"interval\":\"30s\",\"offset\":0,\"order\":{\"_key\":\"asc\"},\"keyed\":false,\"min_doc_count\":1}}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fragment_size\":2147483647,\"fields\":{\"*\":{}}}}", + "elasticsearch.slowlog.stats": "", + "elasticsearch.slowlog.took": "124.3ms", + "elasticsearch.slowlog.took_millis": 124, + "elasticsearch.slowlog.total_hits": 0, + "elasticsearch.slowlog.total_shards": 1, + "elasticsearch.slowlog.types": "", + "fileset.module": "elasticsearch", + "fileset.name": "slowlog", + "input.type": "log", + "log.level": "INFO", + "message": "[2018-06-29T09:01:01,821][INFO ][index.search.slowlog.query] [v_VJhjV] [metricbeat-6.3.0-2018.06.26][0] took[124.3ms], took_millis[124], total_hits[0], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[1], source[{\"size\":500,\"query\":{\"match_none\":{\"boost\":1.0}},\"version\":true,\"_source\":{\"includes\":[],\"excludes\":[]},\"stored_fields\":\"*\",\"docvalue_fields\":[\"@timestamp\",\"ceph.monitor_health.last_updated\",\"docker.container.created\",\"docker.healthcheck.event.end_date\",\"docker.healthcheck.event.start_date\",\"docker.image.created\",\"kubernetes.container.start_time\",\"kubernetes.event.metadata.timestamp.created\",\"kubernetes.node.start_time\",\"kubernetes.pod.start_time\",\"kubernetes.system.start_time\",\"mongodb.status.background_flushing.last_finished\",\"mongodb.status.local_time\",\"php_fpm.pool.start_time\",\"postgresql.activity.backend_start\",\"postgresql.activity.query_start\",\"postgresql.activity.state_change\",\"postgresql.activity.transaction_start\",\"postgresql.bgwriter.stats_reset\",\"postgresql.database.stats_reset\",\"system.process.cpu.start_time\"],\"script_fields\":{},\"sort\":[{\"@timestamp\":{\"order\":\"desc\",\"unmapped_type\":\"boolean\"}}],\"aggregations\":{\"2\":{\"date_histogram\":{\"field\":\"@timestamp\",\"time_zone\":\"Europe/Berlin\",\"interval\":\"30s\",\"offset\":0,\"order\":{\"_key\":\"asc\"},\"keyed\":false,\"min_doc_count\":1}}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fragment_size\":2147483647,\"fields\":{\"*\":{}}}}],", + "offset": 532, "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-29T09:01:01,827", - "elasticsearch.index.name": "metricbeat-6.3.0-2018.06.26", - "elasticsearch.node.name": "v_VJhjV", - "elasticsearch.shard.id": "0", - "elasticsearch.slowlog.logger": "index.search.slowlog.fetch", - "elasticsearch.slowlog.search_type": "QUERY_THEN_FETCH", - "elasticsearch.slowlog.source_query": "{\"size\":500,\"query\":{\"match_none\":{\"boost\":1.0}},\"version\":true,\"_source\":{\"includes\":[],\"excludes\":[]},\"stored_fields\":\"*\",\"docvalue_fields\":[\"@timestamp\",\"ceph.monitor_health.last_updated\",\"docker.container.created\",\"docker.healthcheck.event.end_date\",\"docker.healthcheck.event.start_date\",\"docker.image.created\",\"kubernetes.container.start_time\",\"kubernetes.event.metadata.timestamp.created\",\"kubernetes.node.start_time\",\"kubernetes.pod.start_time\",\"kubernetes.system.start_time\",\"mongodb.status.background_flushing.last_finished\",\"mongodb.status.local_time\",\"php_fpm.pool.start_time\",\"postgresql.activity.backend_start\",\"postgresql.activity.query_start\",\"postgresql.activity.state_change\",\"postgresql.activity.transaction_start\",\"postgresql.bgwriter.stats_reset\",\"postgresql.database.stats_reset\",\"system.process.cpu.start_time\"],\"script_fields\":{},\"sort\":[{\"@timestamp\":{\"order\":\"desc\",\"unmapped_type\":\"boolean\"}}],\"aggregations\":{\"2\":{\"date_histogram\":{\"field\":\"@timestamp\",\"time_zone\":\"Europe/Berlin\",\"interval\":\"30s\",\"offset\":0,\"order\":{\"_key\":\"asc\"},\"keyed\":false,\"min_doc_count\":1}}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fragment_size\":2147483647,\"fields\":{\"*\":{}}}}", - "elasticsearch.slowlog.stats": "", - "elasticsearch.slowlog.took": "7.2ms", - "elasticsearch.slowlog.took_millis": 7, - "elasticsearch.slowlog.total_hits": 0, - "elasticsearch.slowlog.total_shards": 1, - "elasticsearch.slowlog.types": "", - "fileset.module": "elasticsearch", - "fileset.name": "slowlog", - "input.type": "log", - "log.level": "INFO", - "message": "[2018-06-29T09:01:01,827][INFO ][index.search.slowlog.fetch] [v_VJhjV] [metricbeat-6.3.0-2018.06.26][0] took[7.2ms], took_millis[7], total_hits[0], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[1], source[{\"size\":500,\"query\":{\"match_none\":{\"boost\":1.0}},\"version\":true,\"_source\":{\"includes\":[],\"excludes\":[]},\"stored_fields\":\"*\",\"docvalue_fields\":[\"@timestamp\",\"ceph.monitor_health.last_updated\",\"docker.container.created\",\"docker.healthcheck.event.end_date\",\"docker.healthcheck.event.start_date\",\"docker.image.created\",\"kubernetes.container.start_time\",\"kubernetes.event.metadata.timestamp.created\",\"kubernetes.node.start_time\",\"kubernetes.pod.start_time\",\"kubernetes.system.start_time\",\"mongodb.status.background_flushing.last_finished\",\"mongodb.status.local_time\",\"php_fpm.pool.start_time\",\"postgresql.activity.backend_start\",\"postgresql.activity.query_start\",\"postgresql.activity.state_change\",\"postgresql.activity.transaction_start\",\"postgresql.bgwriter.stats_reset\",\"postgresql.database.stats_reset\",\"system.process.cpu.start_time\"],\"script_fields\":{},\"sort\":[{\"@timestamp\":{\"order\":\"desc\",\"unmapped_type\":\"boolean\"}}],\"aggregations\":{\"2\":{\"date_histogram\":{\"field\":\"@timestamp\",\"time_zone\":\"Europe/Berlin\",\"interval\":\"30s\",\"offset\":0,\"order\":{\"_key\":\"asc\"},\"keyed\":false,\"min_doc_count\":1}}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fragment_size\":2147483647,\"fields\":{\"*\":{}}}}],", - "offset": 1999, + "@timestamp": "2018-06-29T09:01:01,827", + "elasticsearch.index.name": "metricbeat-6.3.0-2018.06.26", + "elasticsearch.node.name": "v_VJhjV", + "elasticsearch.shard.id": "0", + "elasticsearch.slowlog.logger": "index.search.slowlog.fetch", + "elasticsearch.slowlog.search_type": "QUERY_THEN_FETCH", + "elasticsearch.slowlog.source_query": "{\"size\":500,\"query\":{\"match_none\":{\"boost\":1.0}},\"version\":true,\"_source\":{\"includes\":[],\"excludes\":[]},\"stored_fields\":\"*\",\"docvalue_fields\":[\"@timestamp\",\"ceph.monitor_health.last_updated\",\"docker.container.created\",\"docker.healthcheck.event.end_date\",\"docker.healthcheck.event.start_date\",\"docker.image.created\",\"kubernetes.container.start_time\",\"kubernetes.event.metadata.timestamp.created\",\"kubernetes.node.start_time\",\"kubernetes.pod.start_time\",\"kubernetes.system.start_time\",\"mongodb.status.background_flushing.last_finished\",\"mongodb.status.local_time\",\"php_fpm.pool.start_time\",\"postgresql.activity.backend_start\",\"postgresql.activity.query_start\",\"postgresql.activity.state_change\",\"postgresql.activity.transaction_start\",\"postgresql.bgwriter.stats_reset\",\"postgresql.database.stats_reset\",\"system.process.cpu.start_time\"],\"script_fields\":{},\"sort\":[{\"@timestamp\":{\"order\":\"desc\",\"unmapped_type\":\"boolean\"}}],\"aggregations\":{\"2\":{\"date_histogram\":{\"field\":\"@timestamp\",\"time_zone\":\"Europe/Berlin\",\"interval\":\"30s\",\"offset\":0,\"order\":{\"_key\":\"asc\"},\"keyed\":false,\"min_doc_count\":1}}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fragment_size\":2147483647,\"fields\":{\"*\":{}}}}", + "elasticsearch.slowlog.stats": "", + "elasticsearch.slowlog.took": "7.2ms", + "elasticsearch.slowlog.took_millis": 7, + "elasticsearch.slowlog.total_hits": 0, + "elasticsearch.slowlog.total_shards": 1, + "elasticsearch.slowlog.types": "", + "fileset.module": "elasticsearch", + "fileset.name": "slowlog", + "input.type": "log", + "log.level": "INFO", + "message": "[2018-06-29T09:01:01,827][INFO ][index.search.slowlog.fetch] [v_VJhjV] [metricbeat-6.3.0-2018.06.26][0] took[7.2ms], took_millis[7], total_hits[0], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[1], source[{\"size\":500,\"query\":{\"match_none\":{\"boost\":1.0}},\"version\":true,\"_source\":{\"includes\":[],\"excludes\":[]},\"stored_fields\":\"*\",\"docvalue_fields\":[\"@timestamp\",\"ceph.monitor_health.last_updated\",\"docker.container.created\",\"docker.healthcheck.event.end_date\",\"docker.healthcheck.event.start_date\",\"docker.image.created\",\"kubernetes.container.start_time\",\"kubernetes.event.metadata.timestamp.created\",\"kubernetes.node.start_time\",\"kubernetes.pod.start_time\",\"kubernetes.system.start_time\",\"mongodb.status.background_flushing.last_finished\",\"mongodb.status.local_time\",\"php_fpm.pool.start_time\",\"postgresql.activity.backend_start\",\"postgresql.activity.query_start\",\"postgresql.activity.state_change\",\"postgresql.activity.transaction_start\",\"postgresql.bgwriter.stats_reset\",\"postgresql.database.stats_reset\",\"system.process.cpu.start_time\"],\"script_fields\":{},\"sort\":[{\"@timestamp\":{\"order\":\"desc\",\"unmapped_type\":\"boolean\"}}],\"aggregations\":{\"2\":{\"date_histogram\":{\"field\":\"@timestamp\",\"time_zone\":\"Europe/Berlin\",\"interval\":\"30s\",\"offset\":0,\"order\":{\"_key\":\"asc\"},\"keyed\":false,\"min_doc_count\":1}}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fragment_size\":2147483647,\"fields\":{\"*\":{}}}}],", + "offset": 1999, "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-07-04T13:48:07,452", - "elasticsearch.index.id": "VLKxBLvUSYuIMKzpacGjRg", - "elasticsearch.index.name": "metricbeat-6.3.0-2018.07.04", - "elasticsearch.node.name": "v_VJhjV", - "elasticsearch.slowlog.id": "KUyMZWQBk9jw4gtg2y5-", - "elasticsearch.slowlog.logger": "index.indexing.slowlog.index", - "elasticsearch.slowlog.routing": "", - "elasticsearch.slowlog.source_query": "{\"@timestamp\":\"2018-07-04T13:47:50.747Z\",\"system\":{\"process\":{\"ppid\":34526,\"state\":\"running\",\"cpu\":{\"total\":{\"value\":734879,\"pct\":0.0173,\"norm\":{\"pct\":0.0043}},\"start_time\":\"2018-07-04T06:56:34.863Z\"},\"pgid\":34526,\"cmdline\":\"/Applications/Firefox.app/Contents/MacOS/plugin-container.app/Contents/MacOS/plugin-container -childID 1 -isForBrowser -prefsLen 22119 -schedulerPrefs 0001,2 -greomni /Applications/Firefox.app/Contents/Resources/omni.ja -appomni /Applications/Firefox.app/Contents/Resources/browser/omni.ja -appdir /Applications/Firefox.app/Contents/Resources/browser -profile /Users/rado/Library/Application Support/Firefox/Profiles/pt6eoq1j.default-1484133908360 34526 gecko-crash-server-pipe.34526 org.mozilla.machname.231926932 tab\",\"name\":\"plugin-containe\",\"memory\":{\"size\":7489249280,\"rss\":{\"bytes\":567619584,\"pct\":0.033},\"share\":0},\"pid\":34528,\"username\":\"rado\"}},\"metricset\":{\"name\":\"process\",\"module\":\"system\",\"rtt\":43856},\"beat\":{\"hostname\":\"Rados-MacBook-Pro.local\",\"version\":\"6.3.0\",\"name\":\"Rados-MacBook-Pro.local\"},\"host\":{\"name\":\"Rados-MacBook-Pro.local\"}}", - "elasticsearch.slowlog.took": "1.4ms", - "elasticsearch.slowlog.took_millis": 1, - "elasticsearch.slowlog.type": "doc", - "fileset.module": "elasticsearch", - "fileset.name": "slowlog", - "input.type": "log", - "log.level": "INFO", - "message": "[2018-07-04T13:48:07,452][INFO ][index.indexing.slowlog.index] [v_VJhjV] [metricbeat-6.3.0-2018.07.04/VLKxBLvUSYuIMKzpacGjRg] took[1.4ms], took_millis[1], type[doc], id[KUyMZWQBk9jw4gtg2y5-], routing[], source[{\"@timestamp\":\"2018-07-04T13:47:50.747Z\",\"system\":{\"process\":{\"ppid\":34526,\"state\":\"running\",\"cpu\":{\"total\":{\"value\":734879,\"pct\":0.0173,\"norm\":{\"pct\":0.0043}},\"start_time\":\"2018-07-04T06:56:34.863Z\"},\"pgid\":34526,\"cmdline\":\"/Applications/Firefox.app/Contents/MacOS/plugin-container.app/Contents/MacOS/plugin-container -childID 1 -isForBrowser -prefsLen 22119 -schedulerPrefs 0001,2 -greomni /Applications/Firefox.app/Contents/Resources/omni.ja -appomni /Applications/Firefox.app/Contents/Resources/browser/omni.ja -appdir /Applications/Firefox.app/Contents/Resources/browser -profile /Users/rado/Library/Application Support/Firefox/Profiles/pt6eoq1j.default-1484133908360 34526 gecko-crash-server-pipe.34526 org.mozilla.machname.231926932 tab\",\"name\":\"plugin-containe\",\"memory\":{\"size\":7489249280,\"rss\":{\"bytes\":567619584,\"pct\":0.033},\"share\":0},\"pid\":34528,\"username\":\"rado\"}},\"metricset\":{\"name\":\"process\",\"module\":\"system\",\"rtt\":43856},\"beat\":{\"hostname\":\"Rados-MacBook-Pro.local\",\"version\":\"6.3.0\",\"name\":\"Rados-MacBook-Pro.local\"},\"host\":{\"name\":\"Rados-MacBook-Pro.local\"}}]", - "offset": 3462, + "@timestamp": "2018-07-04T13:48:07,452", + "elasticsearch.index.id": "VLKxBLvUSYuIMKzpacGjRg", + "elasticsearch.index.name": "metricbeat-6.3.0-2018.07.04", + "elasticsearch.node.name": "v_VJhjV", + "elasticsearch.slowlog.id": "KUyMZWQBk9jw4gtg2y5-", + "elasticsearch.slowlog.logger": "index.indexing.slowlog.index", + "elasticsearch.slowlog.routing": "", + "elasticsearch.slowlog.source_query": "{\"@timestamp\":\"2018-07-04T13:47:50.747Z\",\"system\":{\"process\":{\"ppid\":34526,\"state\":\"running\",\"cpu\":{\"total\":{\"value\":734879,\"pct\":0.0173,\"norm\":{\"pct\":0.0043}},\"start_time\":\"2018-07-04T06:56:34.863Z\"},\"pgid\":34526,\"cmdline\":\"/Applications/Firefox.app/Contents/MacOS/plugin-container.app/Contents/MacOS/plugin-container -childID 1 -isForBrowser -prefsLen 22119 -schedulerPrefs 0001,2 -greomni /Applications/Firefox.app/Contents/Resources/omni.ja -appomni /Applications/Firefox.app/Contents/Resources/browser/omni.ja -appdir /Applications/Firefox.app/Contents/Resources/browser -profile /Users/rado/Library/Application Support/Firefox/Profiles/pt6eoq1j.default-1484133908360 34526 gecko-crash-server-pipe.34526 org.mozilla.machname.231926932 tab\",\"name\":\"plugin-containe\",\"memory\":{\"size\":7489249280,\"rss\":{\"bytes\":567619584,\"pct\":0.033},\"share\":0},\"pid\":34528,\"username\":\"rado\"}},\"metricset\":{\"name\":\"process\",\"module\":\"system\",\"rtt\":43856},\"beat\":{\"hostname\":\"Rados-MacBook-Pro.local\",\"version\":\"6.3.0\",\"name\":\"Rados-MacBook-Pro.local\"},\"host\":{\"name\":\"Rados-MacBook-Pro.local\"}}", + "elasticsearch.slowlog.took": "1.4ms", + "elasticsearch.slowlog.took_millis": 1, + "elasticsearch.slowlog.type": "doc", + "fileset.module": "elasticsearch", + "fileset.name": "slowlog", + "input.type": "log", + "log.level": "INFO", + "message": "[2018-07-04T13:48:07,452][INFO ][index.indexing.slowlog.index] [v_VJhjV] [metricbeat-6.3.0-2018.07.04/VLKxBLvUSYuIMKzpacGjRg] took[1.4ms], took_millis[1], type[doc], id[KUyMZWQBk9jw4gtg2y5-], routing[], source[{\"@timestamp\":\"2018-07-04T13:47:50.747Z\",\"system\":{\"process\":{\"ppid\":34526,\"state\":\"running\",\"cpu\":{\"total\":{\"value\":734879,\"pct\":0.0173,\"norm\":{\"pct\":0.0043}},\"start_time\":\"2018-07-04T06:56:34.863Z\"},\"pgid\":34526,\"cmdline\":\"/Applications/Firefox.app/Contents/MacOS/plugin-container.app/Contents/MacOS/plugin-container -childID 1 -isForBrowser -prefsLen 22119 -schedulerPrefs 0001,2 -greomni /Applications/Firefox.app/Contents/Resources/omni.ja -appomni /Applications/Firefox.app/Contents/Resources/browser/omni.ja -appdir /Applications/Firefox.app/Contents/Resources/browser -profile /Users/rado/Library/Application Support/Firefox/Profiles/pt6eoq1j.default-1484133908360 34526 gecko-crash-server-pipe.34526 org.mozilla.machname.231926932 tab\",\"name\":\"plugin-containe\",\"memory\":{\"size\":7489249280,\"rss\":{\"bytes\":567619584,\"pct\":0.033},\"share\":0},\"pid\":34528,\"username\":\"rado\"}},\"metricset\":{\"name\":\"process\",\"module\":\"system\",\"rtt\":43856},\"beat\":{\"hostname\":\"Rados-MacBook-Pro.local\",\"version\":\"6.3.0\",\"name\":\"Rados-MacBook-Pro.local\"},\"host\":{\"name\":\"Rados-MacBook-Pro.local\"}}]", + "offset": 3462, "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-07-04T21:51:30,411", - "elasticsearch.index.id": "VLKxBLvUSYuIMKzpacGjRg", - "elasticsearch.index.name": "metricbeat-6.3.0-2018.07.04", - "elasticsearch.node.name": "v_VJhjV", - "elasticsearch.slowlog.id": "s01HZ2QBk9jw4gtgaFtn", - "elasticsearch.slowlog.logger": "index.indexing.slowlog.index", - "elasticsearch.slowlog.routing": "", - "elasticsearch.slowlog.source_query": "\n{\n \"@timestamp\":\"2018-07-04T21:27:30.730Z\",\n \"metricset\":{\n \"name\":\"network\",\n \"module\":\"system\",\n \"rtt\":7264},\n \"system\":{\n \"network\":{\n \"name\":\"lo0\",\n \"in\":{\n \"errors\":0,\n \"dropped\":0,\n \"bytes\":77666873,\n \"packets\":244595},\n \"out\":{\n \"packets\":244595,\n \"bytes\":77666873,\n \"errors\":0,\n \"dropped\":0\n }\n }\n },\n \"beat\":{\n \"name\":\"Rados-MacBook-Pro.local\",\n \"hostname\":\"Rados-MacBook-Pro.local\",\n \"version\":\"6.3.0\"\n },\n \"host\":{\n \"name\":\"Rados-MacBook-Pro.local\"\n }\n }", - "elasticsearch.slowlog.took": "1.7ms", - "elasticsearch.slowlog.took_millis": 1, - "elasticsearch.slowlog.type": "doc", - "fileset.module": "elasticsearch", - "fileset.name": "slowlog", - "input.type": "log", + "@timestamp": "2018-07-04T21:51:30,411", + "elasticsearch.index.id": "VLKxBLvUSYuIMKzpacGjRg", + "elasticsearch.index.name": "metricbeat-6.3.0-2018.07.04", + "elasticsearch.node.name": "v_VJhjV", + "elasticsearch.slowlog.id": "s01HZ2QBk9jw4gtgaFtn", + "elasticsearch.slowlog.logger": "index.indexing.slowlog.index", + "elasticsearch.slowlog.routing": "", + "elasticsearch.slowlog.source_query": "\n{\n \"@timestamp\":\"2018-07-04T21:27:30.730Z\",\n \"metricset\":{\n \"name\":\"network\",\n \"module\":\"system\",\n \"rtt\":7264},\n \"system\":{\n \"network\":{\n \"name\":\"lo0\",\n \"in\":{\n \"errors\":0,\n \"dropped\":0,\n \"bytes\":77666873,\n \"packets\":244595},\n \"out\":{\n \"packets\":244595,\n \"bytes\":77666873,\n \"errors\":0,\n \"dropped\":0\n }\n }\n },\n \"beat\":{\n \"name\":\"Rados-MacBook-Pro.local\",\n \"hostname\":\"Rados-MacBook-Pro.local\",\n \"version\":\"6.3.0\"\n },\n \"host\":{\n \"name\":\"Rados-MacBook-Pro.local\"\n }\n }", + "elasticsearch.slowlog.took": "1.7ms", + "elasticsearch.slowlog.took_millis": 1, + "elasticsearch.slowlog.type": "doc", + "fileset.module": "elasticsearch", + "fileset.name": "slowlog", + "input.type": "log", "log.flags": [ "multiline" - ], - "log.level": "INFO", - "message": "[2018-07-04T21:51:30,411][INFO ][index.indexing.slowlog.index] [v_VJhjV] [metricbeat-6.3.0-2018.07.04/VLKxBLvUSYuIMKzpacGjRg] took[1.7ms], took_millis[1], type[doc], id[s01HZ2QBk9jw4gtgaFtn], routing[], source[\n{\n \"@timestamp\":\"2018-07-04T21:27:30.730Z\",\n \"metricset\":{\n \"name\":\"network\",\n \"module\":\"system\",\n \"rtt\":7264},\n \"system\":{\n \"network\":{\n \"name\":\"lo0\",\n \"in\":{\n \"errors\":0,\n \"dropped\":0,\n \"bytes\":77666873,\n \"packets\":244595},\n \"out\":{\n \"packets\":244595,\n \"bytes\":77666873,\n \"errors\":0,\n \"dropped\":0\n }\n }\n },\n \"beat\":{\n \"name\":\"Rados-MacBook-Pro.local\",\n \"hostname\":\"Rados-MacBook-Pro.local\",\n \"version\":\"6.3.0\"\n },\n \"host\":{\n \"name\":\"Rados-MacBook-Pro.local\"\n }\n }]", - "offset": 4753, + ], + "log.level": "INFO", + "message": "[2018-07-04T21:51:30,411][INFO ][index.indexing.slowlog.index] [v_VJhjV] [metricbeat-6.3.0-2018.07.04/VLKxBLvUSYuIMKzpacGjRg] took[1.7ms], took_millis[1], type[doc], id[s01HZ2QBk9jw4gtgaFtn], routing[], source[\n{\n \"@timestamp\":\"2018-07-04T21:27:30.730Z\",\n \"metricset\":{\n \"name\":\"network\",\n \"module\":\"system\",\n \"rtt\":7264},\n \"system\":{\n \"network\":{\n \"name\":\"lo0\",\n \"in\":{\n \"errors\":0,\n \"dropped\":0,\n \"bytes\":77666873,\n \"packets\":244595},\n \"out\":{\n \"packets\":244595,\n \"bytes\":77666873,\n \"errors\":0,\n \"dropped\":0\n }\n }\n },\n \"beat\":{\n \"name\":\"Rados-MacBook-Pro.local\",\n \"hostname\":\"Rados-MacBook-Pro.local\",\n \"version\":\"6.3.0\"\n },\n \"host\":{\n \"name\":\"Rados-MacBook-Pro.local\"\n }\n }]", + "offset": 4753, "service.name": "elasticsearch" } -] +] \ No newline at end of file diff --git a/filebeat/module/haproxy/log/test/default.log-expected.json b/filebeat/module/haproxy/log/test/default.log-expected.json index e797847d7d58..22f585bc611d 100644 --- a/filebeat/module/haproxy/log/test/default.log-expected.json +++ b/filebeat/module/haproxy/log/test/default.log-expected.json @@ -1,22 +1,24 @@ [ { - "@timestamp": "2018-09-20T15:42:59.000Z", - "fileset.module": "haproxy", - "fileset.name": "log", - "haproxy.client.ip": "1.2.3.4", - "haproxy.client.port": "40780", - "haproxy.destination.ip": "1.2.3.4", - "haproxy.destination.port": "5000", - "haproxy.frontend_name": "main", - "haproxy.geoip.continent_name": "North America", - "haproxy.geoip.country_iso_code": "US", - "haproxy.geoip.location.lat": 37.751, - "haproxy.geoip.location.lon": -97.822, - "haproxy.mode": "HTTP", - "haproxy.pid": "24551", - "haproxy.process_name": "haproxy", - "haproxy.source": "1.2.3.4", - "input.type": "log", + "@timestamp": "2018-09-20T15:42:59.000Z", + "fileset.module": "haproxy", + "fileset.name": "log", + "haproxy.client.ip": "1.2.3.4", + "haproxy.client.port": "40780", + "haproxy.destination.ip": "1.2.3.4", + "haproxy.destination.port": "5000", + "haproxy.frontend_name": "main", + "haproxy.geoip.city_name": "Mukilteo", + "haproxy.geoip.continent_name": "North America", + "haproxy.geoip.country_iso_code": "US", + "haproxy.geoip.location.lat": 47.913, + "haproxy.geoip.location.lon": -122.3042, + "haproxy.geoip.region_name": "Washington", + "haproxy.mode": "HTTP", + "haproxy.pid": "24551", + "haproxy.process_name": "haproxy", + "haproxy.source": "1.2.3.4", + "input.type": "log", "offset": 0 } -] +] \ No newline at end of file diff --git a/filebeat/module/haproxy/log/test/haproxy.log-expected.json b/filebeat/module/haproxy/log/test/haproxy.log-expected.json index 5f8e384dfc2a..243579ec85db 100644 --- a/filebeat/module/haproxy/log/test/haproxy.log-expected.json +++ b/filebeat/module/haproxy/log/test/haproxy.log-expected.json @@ -1,42 +1,44 @@ [ { - "@timestamp": "2018-07-30T09:03:52.726Z", - "fileset.module": "haproxy", - "fileset.name": "log", - "haproxy.backend_name": "docs_microservice", - "haproxy.backend_queue": 0, - "haproxy.bytes_read": 168, - "haproxy.client.ip": "1.2.3.4", - "haproxy.client.port": 38862, - "haproxy.connection_wait_time_ms": 1, - "haproxy.connections.active": 6, - "haproxy.connections.backend": 0, - "haproxy.connections.frontend": 6, - "haproxy.connections.retries": 0, - "haproxy.connections.server": 0, - "haproxy.frontend_name": "incoming~", - "haproxy.geoip.continent_name": "North America", - "haproxy.geoip.country_iso_code": "US", - "haproxy.geoip.location.lat": 37.751, - "haproxy.geoip.location.lon": -97.822, - "haproxy.http.request.captured_cookie": "-", + "@timestamp": "2018-07-30T09:03:52.726Z", + "fileset.module": "haproxy", + "fileset.name": "log", + "haproxy.backend_name": "docs_microservice", + "haproxy.backend_queue": 0, + "haproxy.bytes_read": 168, + "haproxy.client.ip": "1.2.3.4", + "haproxy.client.port": 38862, + "haproxy.connection_wait_time_ms": 1, + "haproxy.connections.active": 6, + "haproxy.connections.backend": 0, + "haproxy.connections.frontend": 6, + "haproxy.connections.retries": 0, + "haproxy.connections.server": 0, + "haproxy.frontend_name": "incoming~", + "haproxy.geoip.city_name": "Mukilteo", + "haproxy.geoip.continent_name": "North America", + "haproxy.geoip.country_iso_code": "US", + "haproxy.geoip.location.lat": 47.913, + "haproxy.geoip.location.lon": -122.3042, + "haproxy.geoip.region_name": "Washington", + "haproxy.http.request.captured_cookie": "-", "haproxy.http.request.captured_headers": [ "docs.example.internal" - ], - "haproxy.http.request.raw_request_line": "GET /component---src-pages-index-js-4b15624544f97cf0bb8f.js HTTP/1.1", - "haproxy.http.request.time_active_ms": 2, - "haproxy.http.request.time_wait_ms": 0, - "haproxy.http.request.time_wait_without_data_ms": 0, - "haproxy.http.response.captured_cookie": "-", - "haproxy.http.response.captured_headers": [], - "haproxy.http.response.status_code": 304, - "haproxy.pid": 32450, - "haproxy.process_name": "haproxy", - "haproxy.server_name": "docs", - "haproxy.server_queue": 0, - "haproxy.termination_state": "----", - "haproxy.total_waiting_time_ms": 0, - "input.type": "log", + ], + "haproxy.http.request.raw_request_line": "GET /component---src-pages-index-js-4b15624544f97cf0bb8f.js HTTP/1.1", + "haproxy.http.request.time_active_ms": 2, + "haproxy.http.request.time_wait_ms": 0, + "haproxy.http.request.time_wait_without_data_ms": 0, + "haproxy.http.response.captured_cookie": "-", + "haproxy.http.response.captured_headers": [], + "haproxy.http.response.status_code": 304, + "haproxy.pid": 32450, + "haproxy.process_name": "haproxy", + "haproxy.server_name": "docs", + "haproxy.server_queue": 0, + "haproxy.termination_state": "----", + "haproxy.total_waiting_time_ms": 0, + "input.type": "log", "offset": 0 } -] +] \ No newline at end of file diff --git a/filebeat/module/haproxy/log/test/tcplog.log-expected.json b/filebeat/module/haproxy/log/test/tcplog.log-expected.json index 48dde8738862..2c060818a4f6 100644 --- a/filebeat/module/haproxy/log/test/tcplog.log-expected.json +++ b/filebeat/module/haproxy/log/test/tcplog.log-expected.json @@ -1,29 +1,29 @@ [ { - "@timestamp": "2018-09-20T15:44:23.285Z", - "fileset.module": "haproxy", - "fileset.name": "log", - "haproxy.backend_name": "app", - "haproxy.backend_queue": 0, - "haproxy.bytes_read": 212, - "haproxy.client.ip": "127.0.0.1", - "haproxy.client.port": 40962, - "haproxy.connection_wait_time_ms": -1, - "haproxy.connections.active": 1, - "haproxy.connections.backend": 0, - "haproxy.connections.frontend": 1, - "haproxy.connections.retries": 0, - "haproxy.connections.server": 0, - "haproxy.frontend_name": "main", - "haproxy.pid": 25457, - "haproxy.process_name": "haproxy", - "haproxy.server_name": "", - "haproxy.server_queue": 0, - "haproxy.source": "127.0.0.1", - "haproxy.tcp.processing_time_ms": 0, - "haproxy.termination_state": "SC", - "haproxy.total_waiting_time_ms": -1, - "input.type": "log", + "@timestamp": "2018-09-20T15:44:23.285Z", + "fileset.module": "haproxy", + "fileset.name": "log", + "haproxy.backend_name": "app", + "haproxy.backend_queue": 0, + "haproxy.bytes_read": 212, + "haproxy.client.ip": "127.0.0.1", + "haproxy.client.port": 40962, + "haproxy.connection_wait_time_ms": -1, + "haproxy.connections.active": 1, + "haproxy.connections.backend": 0, + "haproxy.connections.frontend": 1, + "haproxy.connections.retries": 0, + "haproxy.connections.server": 0, + "haproxy.frontend_name": "main", + "haproxy.pid": 25457, + "haproxy.process_name": "haproxy", + "haproxy.server_name": "", + "haproxy.server_queue": 0, + "haproxy.source": "127.0.0.1", + "haproxy.tcp.processing_time_ms": 0, + "haproxy.termination_state": "SC", + "haproxy.total_waiting_time_ms": -1, + "input.type": "log", "offset": 0 } -] +] \ No newline at end of file diff --git a/filebeat/module/icinga/debug/test/test.log-expected.json b/filebeat/module/icinga/debug/test/test.log-expected.json index 90881595eda5..e1ca4582ad4c 100644 --- a/filebeat/module/icinga/debug/test/test.log-expected.json +++ b/filebeat/module/icinga/debug/test/test.log-expected.json @@ -1,32 +1,32 @@ [ { - "@timestamp": "2017-04-04T11:43:09.000Z", - "fileset.module": "icinga", - "fileset.name": "debug", - "icinga.debug.facility": "GraphiteWriter", - "icinga.debug.message": "Add to metric list:'icinga2.demo.services.procs.procs.perfdata.procs.warn 250 1491306189'.", - "icinga.debug.severity": "debug", - "input.type": "log", + "@timestamp": "2017-04-04T11:43:09.000Z", + "fileset.module": "icinga", + "fileset.name": "debug", + "icinga.debug.facility": "GraphiteWriter", + "icinga.debug.message": "Add to metric list:'icinga2.demo.services.procs.procs.perfdata.procs.warn 250 1491306189'.", + "icinga.debug.severity": "debug", + "input.type": "log", "offset": 0 - }, + }, { - "@timestamp": "2017-04-04T11:43:09.000Z", - "fileset.module": "icinga", - "fileset.name": "debug", - "icinga.debug.facility": "IdoMysqlConnection", - "icinga.debug.message": "Query: UPDATE icinga_servicestatus SET acknowledgement_type = '0', active_checks_enabled = '1', check_command = 'mysql_health', check_source = 'demo', check_type = '0', current_check_attempt = '1', current_notification_number = '180', current_state = '2', endpoint_object_id = 242, event_handler = '', event_handler_enabled = '1', execution_time = '0.355594', flap_detection_enabled = '0', has_been_checked = '1', instance_id = 1, is_flapping = '0', is_reachable = '1', last_check = FROM_UNIXTIME(1491306189), last_hard_state = '2', last_hard_state_change = FROM_UNIXTIME(1491290599), last_notification = FROM_UNIXTIME(1491304989), last_state_change = FROM_UNIXTIME(1491290599), last_time_critical = FROM_UNIXTIME(1491306189), last_time_unknown = FROM_UNIXTIME(1491290589), latency = '0.001466', long_output = '', max_check_attempts = '5', next_check = FROM_UNIXTIME(1491306198), next_notification = FROM_UNIXTIME(1491306789), normal_check_interval = '0.166667', notifications_enabled = '1', original_attributes = 'null', output = 'CRITICAL - cannot connect to information_schema. Access denied for user \\'test1\\'@\\'blerims-mbp.int.netways.de\\' (using password: YES)', passive_checks_enabled = '1', percent_state_change = '0', perfdata = '', problem_has_been_acknowledged = '0', process_performance_data = '1', retry_check_interval = '0.166667', scheduled_downtime_depth = '0', service_object_id = 333, should_be_scheduled = '1', state_type = '1', status_update_time = FROM_UNIXTIME(1491306189) WHERE service_object_id = 333", - "icinga.debug.severity": "debug", - "input.type": "log", + "@timestamp": "2017-04-04T11:43:09.000Z", + "fileset.module": "icinga", + "fileset.name": "debug", + "icinga.debug.facility": "IdoMysqlConnection", + "icinga.debug.message": "Query: UPDATE icinga_servicestatus SET acknowledgement_type = '0', active_checks_enabled = '1', check_command = 'mysql_health', check_source = 'demo', check_type = '0', current_check_attempt = '1', current_notification_number = '180', current_state = '2', endpoint_object_id = 242, event_handler = '', event_handler_enabled = '1', execution_time = '0.355594', flap_detection_enabled = '0', has_been_checked = '1', instance_id = 1, is_flapping = '0', is_reachable = '1', last_check = FROM_UNIXTIME(1491306189), last_hard_state = '2', last_hard_state_change = FROM_UNIXTIME(1491290599), last_notification = FROM_UNIXTIME(1491304989), last_state_change = FROM_UNIXTIME(1491290599), last_time_critical = FROM_UNIXTIME(1491306189), last_time_unknown = FROM_UNIXTIME(1491290589), latency = '0.001466', long_output = '', max_check_attempts = '5', next_check = FROM_UNIXTIME(1491306198), next_notification = FROM_UNIXTIME(1491306789), normal_check_interval = '0.166667', notifications_enabled = '1', original_attributes = 'null', output = 'CRITICAL - cannot connect to information_schema. Access denied for user \\'test1\\'@\\'blerims-mbp.int.netways.de\\' (using password: YES)', passive_checks_enabled = '1', percent_state_change = '0', perfdata = '', problem_has_been_acknowledged = '0', process_performance_data = '1', retry_check_interval = '0.166667', scheduled_downtime_depth = '0', service_object_id = 333, should_be_scheduled = '1', state_type = '1', status_update_time = FROM_UNIXTIME(1491306189) WHERE service_object_id = 333", + "icinga.debug.severity": "debug", + "input.type": "log", "offset": 141 - }, + }, { - "@timestamp": "2017-04-04T11:43:11.000Z", - "fileset.module": "icinga", - "fileset.name": "debug", - "icinga.debug.facility": "Process", - "icinga.debug.message": "Running command '/usr/lib/nagios/plugins/check_ping' '-H' 'mysql.icinga.com' '-c' '5000,100%' '-w' '3000,80%': PID 8288", - "icinga.debug.severity": "notice", - "input.type": "log", + "@timestamp": "2017-04-04T11:43:11.000Z", + "fileset.module": "icinga", + "fileset.name": "debug", + "icinga.debug.facility": "Process", + "icinga.debug.message": "Running command '/usr/lib/nagios/plugins/check_ping' '-H' 'mysql.icinga.com' '-c' '5000,100%' '-w' '3000,80%': PID 8288", + "icinga.debug.severity": "notice", + "input.type": "log", "offset": 1763 } -] +] \ No newline at end of file diff --git a/filebeat/module/icinga/main/test/test.log-expected.json b/filebeat/module/icinga/main/test/test.log-expected.json index 9cb2bce46313..5dc659a31358 100644 --- a/filebeat/module/icinga/main/test/test.log-expected.json +++ b/filebeat/module/icinga/main/test/test.log-expected.json @@ -1,35 +1,35 @@ [ { - "@timestamp": "2017-04-04T09:16:34.000Z", - "fileset.module": "icinga", - "fileset.name": "main", - "icinga.main.facility": "Notification", - "icinga.main.message": "Sending 'Recovery' notification 'demo!load!mail-icingaadmin for user 'on-call'", - "icinga.main.severity": "information", - "input.type": "log", + "@timestamp": "2017-04-04T09:16:34.000Z", + "fileset.module": "icinga", + "fileset.name": "main", + "icinga.main.facility": "Notification", + "icinga.main.message": "Sending 'Recovery' notification 'demo!load!mail-icingaadmin for user 'on-call'", + "icinga.main.severity": "information", + "input.type": "log", "offset": 0 - }, + }, { - "@timestamp": "2017-04-04T09:16:34.000Z", - "fileset.module": "icinga", - "fileset.name": "main", - "icinga.main.facility": "PluginNotificationTask", - "icinga.main.message": "Notification command for object 'demo!load' (PID: 19401, arguments: '/etc/icinga2/scripts/mail-service-notification.sh') terminated with exit code 127, output: /etc/icinga2/scripts/mail-service-notification.sh: 20: /etc/icinga2/scripts/mail-service-notification.sh: mail: not found\n/usr/bin/printf: write error: Broken pipe\n", - "icinga.main.severity": "warning", - "input.type": "log", + "@timestamp": "2017-04-04T09:16:34.000Z", + "fileset.module": "icinga", + "fileset.name": "main", + "icinga.main.facility": "PluginNotificationTask", + "icinga.main.message": "Notification command for object 'demo!load' (PID: 19401, arguments: '/etc/icinga2/scripts/mail-service-notification.sh') terminated with exit code 127, output: /etc/icinga2/scripts/mail-service-notification.sh: 20: /etc/icinga2/scripts/mail-service-notification.sh: mail: not found\n/usr/bin/printf: write error: Broken pipe\n", + "icinga.main.severity": "warning", + "input.type": "log", "log.flags": [ "multiline" - ], + ], "offset": 133 - }, + }, { - "@timestamp": "2017-04-04T09:16:48.000Z", - "fileset.module": "icinga", - "fileset.name": "main", - "icinga.main.facility": "IdoMysqlConnection", - "icinga.main.message": "Query queue items: 0, query rate: 5.38333/s (323/min 1610/5min 4778/15min);", - "icinga.main.severity": "information", - "input.type": "log", + "@timestamp": "2017-04-04T09:16:48.000Z", + "fileset.module": "icinga", + "fileset.name": "main", + "icinga.main.facility": "IdoMysqlConnection", + "icinga.main.message": "Query queue items: 0, query rate: 5.38333/s (323/min 1610/5min 4778/15min);", + "icinga.main.severity": "information", + "input.type": "log", "offset": 518 } -] +] \ No newline at end of file diff --git a/filebeat/module/icinga/startup/test/test.log-expected.json b/filebeat/module/icinga/startup/test/test.log-expected.json index f441c034ae52..efaa95e4c4ee 100644 --- a/filebeat/module/icinga/startup/test/test.log-expected.json +++ b/filebeat/module/icinga/startup/test/test.log-expected.json @@ -1,22 +1,22 @@ [ { - "@timestamp": "2018-07-23T11:50:38.896Z", - "fileset.module": "icinga", - "fileset.name": "startup", - "icinga.startup.facility": "cli", - "icinga.startup.message": "Icinga application loader (version: r2.6.3-1)", - "icinga.startup.severity": "information", - "input.type": "log", + "@timestamp": "2018-11-05T14:11:43.219Z", + "fileset.module": "icinga", + "fileset.name": "startup", + "icinga.startup.facility": "cli", + "icinga.startup.message": "Icinga application loader (version: r2.6.3-1)", + "icinga.startup.severity": "information", + "input.type": "log", "offset": 0 - }, + }, { - "@timestamp": "2018-07-23T11:50:38.896Z", - "fileset.module": "icinga", - "fileset.name": "startup", - "icinga.startup.facility": "cli", - "icinga.startup.message": "Loading configuration file(s).", - "icinga.startup.severity": "information", - "input.type": "log", + "@timestamp": "2018-11-05T14:11:43.219Z", + "fileset.module": "icinga", + "fileset.name": "startup", + "icinga.startup.facility": "cli", + "icinga.startup.message": "Loading configuration file(s).", + "icinga.startup.severity": "information", + "input.type": "log", "offset": 63 } -] +] \ No newline at end of file diff --git a/filebeat/module/iis/access/test/test.log-expected.json b/filebeat/module/iis/access/test/test.log-expected.json index a823fec9de7a..d876948e3314 100644 --- a/filebeat/module/iis/access/test/test.log-expected.json +++ b/filebeat/module/iis/access/test/test.log-expected.json @@ -1,105 +1,103 @@ [ { - "@timestamp": "2018-01-01T08:09:10.000Z", - "fileset.module": "iis", - "fileset.name": "access", - "iis.access.geoip.city_name": "Berlin", - "iis.access.geoip.continent_name": "Europe", - "iis.access.geoip.country_iso_code": "DE", - "iis.access.geoip.location.lat": 52.4908, - "iis.access.geoip.location.lon": 13.3275, - "iis.access.geoip.region_iso_code": "DE-BE", - "iis.access.geoip.region_name": "Land Berlin", - "iis.access.method": "GET", - "iis.access.port": "80", - "iis.access.query_string": "q=100", - "iis.access.referrer": "-", - "iis.access.remote_ip": "85.181.35.98", - "iis.access.request_time_ms": "123", - "iis.access.response_code": "200", - "iis.access.server_ip": "127.0.0.1", - "iis.access.sub_status": "0", - "iis.access.url": "/", - "iis.access.user_agent.device": "Other", - "iis.access.user_agent.major": "57", - "iis.access.user_agent.minor": "0", - "iis.access.user_agent.name": "Firefox", - "iis.access.user_agent.original": "Mozilla/5.0+(Windows+NT+6.1;+Win64;+x64;+rv:57.0)+Gecko/20100101+Firefox/57.0", - "iis.access.user_agent.os": "Windows", - "iis.access.user_agent.os_name": "Windows", - "iis.access.user_name": "-", - "iis.access.win32_status": "0", - "input.type": "log", + "@timestamp": "2018-01-01T08:09:10.000Z", + "fileset.module": "iis", + "fileset.name": "access", + "iis.access.geoip.city_name": "Berlin", + "iis.access.geoip.continent_name": "Europe", + "iis.access.geoip.country_iso_code": "DE", + "iis.access.geoip.location.lat": 52.5167, + "iis.access.geoip.location.lon": 13.4, + "iis.access.geoip.region_name": "Land Berlin", + "iis.access.method": "GET", + "iis.access.port": "80", + "iis.access.query_string": "q=100", + "iis.access.referrer": "-", + "iis.access.remote_ip": "85.181.35.98", + "iis.access.request_time_ms": "123", + "iis.access.response_code": "200", + "iis.access.server_ip": "127.0.0.1", + "iis.access.sub_status": "0", + "iis.access.url": "/", + "iis.access.user_agent.device": "Other", + "iis.access.user_agent.major": "57", + "iis.access.user_agent.minor": "0", + "iis.access.user_agent.name": "Firefox", + "iis.access.user_agent.original": "Mozilla/5.0+(Windows+NT+6.1;+Win64;+x64;+rv:57.0)+Gecko/20100101+Firefox/57.0", + "iis.access.user_agent.os": "Windows", + "iis.access.user_agent.os_name": "Windows", + "iis.access.user_name": "-", + "iis.access.win32_status": "0", + "input.type": "log", "offset": 257 - }, + }, { - "@timestamp": "2018-01-01T09:10:11.000Z", - "fileset.module": "iis", - "fileset.name": "access", - "iis.access.body_received.bytes": "456", - "iis.access.body_sent.bytes": "123", - "iis.access.cookie": "-", - "iis.access.hostname": "example.com", - "iis.access.method": "GET", - "iis.access.port": "80", - "iis.access.query_string": "-", - "iis.access.referrer": "-", - "iis.access.remote_ip": "127.0.0.1", - "iis.access.request_time_ms": "789", - "iis.access.response_code": "200", - "iis.access.site_name": "W3SVC1", - "iis.access.sub_status": "0", - "iis.access.url": "/", - "iis.access.user_agent.device": "Other", - "iis.access.user_agent.major": "57", - "iis.access.user_agent.minor": "0", - "iis.access.user_agent.name": "Firefox", - "iis.access.user_agent.original": "Mozilla/5.0+(Windows+NT+6.1;+Win64;+x64;+rv:57.0)+Gecko/20100101+Firefox/57.0", - "iis.access.user_agent.os": "Windows", - "iis.access.user_agent.os_name": "Windows", - "iis.access.user_name": "-", - "iis.access.win32_status": "0", - "input.type": "log", + "@timestamp": "2018-01-01T09:10:11.000Z", + "fileset.module": "iis", + "fileset.name": "access", + "iis.access.body_received.bytes": "456", + "iis.access.body_sent.bytes": "123", + "iis.access.cookie": "-", + "iis.access.hostname": "example.com", + "iis.access.method": "GET", + "iis.access.port": "80", + "iis.access.query_string": "-", + "iis.access.referrer": "-", + "iis.access.remote_ip": "127.0.0.1", + "iis.access.request_time_ms": "789", + "iis.access.response_code": "200", + "iis.access.site_name": "W3SVC1", + "iis.access.sub_status": "0", + "iis.access.url": "/", + "iis.access.user_agent.device": "Other", + "iis.access.user_agent.major": "57", + "iis.access.user_agent.minor": "0", + "iis.access.user_agent.name": "Firefox", + "iis.access.user_agent.original": "Mozilla/5.0+(Windows+NT+6.1;+Win64;+x64;+rv:57.0)+Gecko/20100101+Firefox/57.0", + "iis.access.user_agent.os": "Windows", + "iis.access.user_agent.os_name": "Windows", + "iis.access.user_name": "-", + "iis.access.win32_status": "0", + "input.type": "log", "offset": 709 - }, + }, { - "@timestamp": "2018-01-01T10:11:12.000Z", - "fileset.module": "iis", - "fileset.name": "access", - "iis.access.body_received.bytes": "456", - "iis.access.body_sent.bytes": "123", - "iis.access.cookie": "-", - "iis.access.geoip.city_name": "Berlin", - "iis.access.geoip.continent_name": "Europe", - "iis.access.geoip.country_iso_code": "DE", - "iis.access.geoip.location.lat": 52.4908, - "iis.access.geoip.location.lon": 13.3275, - "iis.access.geoip.region_iso_code": "DE-BE", - "iis.access.geoip.region_name": "Land Berlin", - "iis.access.hostname": "example.com", - "iis.access.http_version": "1.1", - "iis.access.method": "GET", - "iis.access.port": "80", - "iis.access.query_string": "-", - "iis.access.referrer": "-", - "iis.access.remote_ip": "85.181.35.98", - "iis.access.request_time_ms": "789", - "iis.access.response_code": "200", - "iis.access.server_ip": "127.0.0.1", - "iis.access.server_name": "MACHINE-NAME", - "iis.access.site_name": "W3SVC1", - "iis.access.sub_status": "0", - "iis.access.url": "/", - "iis.access.user_agent.device": "Other", - "iis.access.user_agent.major": "57", - "iis.access.user_agent.minor": "0", - "iis.access.user_agent.name": "Firefox", - "iis.access.user_agent.original": "Mozilla/5.0+(Windows+NT+6.1;+Win64;+x64;+rv:57.0)+Gecko/20100101+Firefox/57.0", - "iis.access.user_agent.os": "Windows", - "iis.access.user_agent.os_name": "Windows", - "iis.access.user_name": "-", - "iis.access.win32_status": "0", - "input.type": "log", + "@timestamp": "2018-01-01T10:11:12.000Z", + "fileset.module": "iis", + "fileset.name": "access", + "iis.access.body_received.bytes": "456", + "iis.access.body_sent.bytes": "123", + "iis.access.cookie": "-", + "iis.access.geoip.city_name": "Berlin", + "iis.access.geoip.continent_name": "Europe", + "iis.access.geoip.country_iso_code": "DE", + "iis.access.geoip.location.lat": 52.5167, + "iis.access.geoip.location.lon": 13.4, + "iis.access.geoip.region_name": "Land Berlin", + "iis.access.hostname": "example.com", + "iis.access.http_version": "1.1", + "iis.access.method": "GET", + "iis.access.port": "80", + "iis.access.query_string": "-", + "iis.access.referrer": "-", + "iis.access.remote_ip": "85.181.35.98", + "iis.access.request_time_ms": "789", + "iis.access.response_code": "200", + "iis.access.server_ip": "127.0.0.1", + "iis.access.server_name": "MACHINE-NAME", + "iis.access.site_name": "W3SVC1", + "iis.access.sub_status": "0", + "iis.access.url": "/", + "iis.access.user_agent.device": "Other", + "iis.access.user_agent.major": "57", + "iis.access.user_agent.minor": "0", + "iis.access.user_agent.name": "Firefox", + "iis.access.user_agent.original": "Mozilla/5.0+(Windows+NT+6.1;+Win64;+x64;+rv:57.0)+Gecko/20100101+Firefox/57.0", + "iis.access.user_agent.os": "Windows", + "iis.access.user_agent.os_name": "Windows", + "iis.access.user_name": "-", + "iis.access.win32_status": "0", + "input.type": "log", "offset": 1204 } -] +] \ No newline at end of file diff --git a/filebeat/module/iis/error/test/test.log-expected.json b/filebeat/module/iis/error/test/test.log-expected.json index bd41a0815b75..112bf8ffa4a5 100644 --- a/filebeat/module/iis/error/test/test.log-expected.json +++ b/filebeat/module/iis/error/test/test.log-expected.json @@ -1,87 +1,84 @@ [ { - "@timestamp": "2018-01-01T08:09:10.000Z", - "fileset.module": "iis", - "fileset.name": "error", - "iis.error.http_version": "1.1", - "iis.error.method": "GET", - "iis.error.queue_name": "-", - "iis.error.reason_phrase": "ConnLimit", - "iis.error.remote_ip": "172.31.77.6", - "iis.error.remote_port": "2094", - "iis.error.response_code": "503", - "iis.error.server_ip": "172.31.77.6", - "iis.error.server_port": "80", - "iis.error.url": "/qos/1kbfile.txt", - "input.type": "log", + "@timestamp": "2018-01-01T08:09:10.000Z", + "fileset.module": "iis", + "fileset.name": "error", + "iis.error.http_version": "1.1", + "iis.error.method": "GET", + "iis.error.queue_name": "-", + "iis.error.reason_phrase": "ConnLimit", + "iis.error.remote_ip": "172.31.77.6", + "iis.error.remote_port": "2094", + "iis.error.response_code": "503", + "iis.error.server_ip": "172.31.77.6", + "iis.error.server_port": "80", + "iis.error.url": "/qos/1kbfile.txt", + "input.type": "log", "offset": 186 - }, + }, { - "@timestamp": "2018-01-01T09:10:11.000Z", - "fileset.module": "iis", - "fileset.name": "error", - "iis.error.geoip.city_name": "Berlin", - "iis.error.geoip.continent_name": "Europe", - "iis.error.geoip.country_iso_code": "DE", - "iis.error.geoip.location.lat": 52.4908, - "iis.error.geoip.location.lon": 13.3275, - "iis.error.geoip.region_iso_code": "DE-BE", - "iis.error.geoip.region_name": "Land Berlin", - "iis.error.http_version": "1.1", - "iis.error.method": "GET", - "iis.error.queue_name": "-", - "iis.error.reason_phrase": "Hostname", - "iis.error.remote_ip": "85.181.35.98", - "iis.error.remote_port": "2780", - "iis.error.response_code": "400", - "iis.error.server_ip": "127.0.0.1", - "iis.error.server_port": "80", - "iis.error.url": "/ThisIsMyUrl.htm", - "input.type": "log", + "@timestamp": "2018-01-01T09:10:11.000Z", + "fileset.module": "iis", + "fileset.name": "error", + "iis.error.geoip.city_name": "Berlin", + "iis.error.geoip.continent_name": "Europe", + "iis.error.geoip.country_iso_code": "DE", + "iis.error.geoip.location.lat": 52.5167, + "iis.error.geoip.location.lon": 13.4, + "iis.error.geoip.region_name": "Land Berlin", + "iis.error.http_version": "1.1", + "iis.error.method": "GET", + "iis.error.queue_name": "-", + "iis.error.reason_phrase": "Hostname", + "iis.error.remote_ip": "85.181.35.98", + "iis.error.remote_port": "2780", + "iis.error.response_code": "400", + "iis.error.server_ip": "127.0.0.1", + "iis.error.server_port": "80", + "iis.error.url": "/ThisIsMyUrl.htm", + "input.type": "log", "offset": 286 - }, + }, { - "@timestamp": "2018-01-01T10:11:12.000Z", - "fileset.module": "iis", - "fileset.name": "error", - "iis.error.geoip.city_name": "Berlin", - "iis.error.geoip.continent_name": "Europe", - "iis.error.geoip.country_iso_code": "DE", - "iis.error.geoip.location.lat": 52.4908, - "iis.error.geoip.location.lon": 13.3275, - "iis.error.geoip.region_iso_code": "DE-BE", - "iis.error.geoip.region_name": "Land Berlin", - "iis.error.http_version": "2.0", - "iis.error.method": "GET", - "iis.error.queue_name": "-", - "iis.error.reason_phrase": "Version_N/S", - "iis.error.remote_ip": "85.181.35.98", - "iis.error.remote_port": "2894", - "iis.error.response_code": "505", - "iis.error.server_ip": "127.0.0.1", - "iis.error.server_port": "80", - "iis.error.url": "/", - "input.type": "log", + "@timestamp": "2018-01-01T10:11:12.000Z", + "fileset.module": "iis", + "fileset.name": "error", + "iis.error.geoip.city_name": "Berlin", + "iis.error.geoip.continent_name": "Europe", + "iis.error.geoip.country_iso_code": "DE", + "iis.error.geoip.location.lat": 52.5167, + "iis.error.geoip.location.lon": 13.4, + "iis.error.geoip.region_name": "Land Berlin", + "iis.error.http_version": "2.0", + "iis.error.method": "GET", + "iis.error.queue_name": "-", + "iis.error.reason_phrase": "Version_N/S", + "iis.error.remote_ip": "85.181.35.98", + "iis.error.remote_port": "2894", + "iis.error.response_code": "505", + "iis.error.server_ip": "127.0.0.1", + "iis.error.server_port": "80", + "iis.error.url": "/", + "input.type": "log", "offset": 384 - }, + }, { - "@timestamp": "2018-01-01T11:12:13.000Z", - "fileset.module": "iis", - "fileset.name": "error", - "iis.error.geoip.city_name": "Berlin", - "iis.error.geoip.continent_name": "Europe", - "iis.error.geoip.country_iso_code": "DE", - "iis.error.geoip.location.lat": 52.4908, - "iis.error.geoip.location.lon": 13.3275, - "iis.error.geoip.region_iso_code": "DE-BE", - "iis.error.geoip.region_name": "Land Berlin", - "iis.error.queue_name": "-", - "iis.error.reason_phrase": "Timer_MinBytesPerSecond", - "iis.error.remote_ip": "85.181.35.98", - "iis.error.remote_port": "64388", - "iis.error.server_ip": "127.0.0.1", - "iis.error.server_port": "80", - "input.type": "log", + "@timestamp": "2018-01-01T11:12:13.000Z", + "fileset.module": "iis", + "fileset.name": "error", + "iis.error.geoip.city_name": "Berlin", + "iis.error.geoip.continent_name": "Europe", + "iis.error.geoip.country_iso_code": "DE", + "iis.error.geoip.location.lat": 52.5167, + "iis.error.geoip.location.lon": 13.4, + "iis.error.geoip.region_name": "Land Berlin", + "iis.error.queue_name": "-", + "iis.error.reason_phrase": "Timer_MinBytesPerSecond", + "iis.error.remote_ip": "85.181.35.98", + "iis.error.remote_port": "64388", + "iis.error.server_ip": "127.0.0.1", + "iis.error.server_port": "80", + "input.type": "log", "offset": 470 } -] +] \ No newline at end of file diff --git a/filebeat/module/kafka/log/test/controller.log-expected.json b/filebeat/module/kafka/log/test/controller.log-expected.json index 52e59a07ff34..c61737ce7b1c 100644 --- a/filebeat/module/kafka/log/test/controller.log-expected.json +++ b/filebeat/module/kafka/log/test/controller.log-expected.json @@ -1,242 +1,242 @@ [ { - "@timestamp": "2017-08-04T10:48:21.048Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.ControllerEventManager$ControllerEventThread", - "kafka.log.component": "controller-event-thread", - "kafka.log.level": "INFO", - "kafka.log.message": "Starting", - "message": "[2017-08-04 10:48:21,048] INFO [controller-event-thread]: Starting (kafka.controller.ControllerEventManager$ControllerEventThread)", + "@timestamp": "2017-08-04T10:48:21.048Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.ControllerEventManager$ControllerEventThread", + "kafka.log.component": "controller-event-thread", + "kafka.log.level": "INFO", + "kafka.log.message": "Starting", + "message": "[2017-08-04 10:48:21,048] INFO [controller-event-thread]: Starting (kafka.controller.ControllerEventManager$ControllerEventThread)", "offset": 0 - }, - { - "@timestamp": "2017-08-04T10:48:21.063Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.KafkaController", - "kafka.log.component": "Controller 0", - "kafka.log.level": "INFO", - "kafka.log.message": "0 successfully elected as the controller", - "message": "[2017-08-04 10:48:21,063] INFO [Controller 0]: 0 successfully elected as the controller (kafka.controller.KafkaController)", + }, + { + "@timestamp": "2017-08-04T10:48:21.063Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.KafkaController", + "kafka.log.component": "Controller 0", + "kafka.log.level": "INFO", + "kafka.log.message": "0 successfully elected as the controller", + "message": "[2017-08-04 10:48:21,063] INFO [Controller 0]: 0 successfully elected as the controller (kafka.controller.KafkaController)", "offset": 131 - }, - { - "@timestamp": "2017-08-04T10:48:21.064Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.KafkaController", - "kafka.log.component": "Controller 0", - "kafka.log.level": "INFO", - "kafka.log.message": "Broker 0 starting become controller state transition", - "message": "[2017-08-04 10:48:21,064] INFO [Controller 0]: Broker 0 starting become controller state transition (kafka.controller.KafkaController)", + }, + { + "@timestamp": "2017-08-04T10:48:21.064Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.KafkaController", + "kafka.log.component": "Controller 0", + "kafka.log.level": "INFO", + "kafka.log.message": "Broker 0 starting become controller state transition", + "message": "[2017-08-04 10:48:21,064] INFO [Controller 0]: Broker 0 starting become controller state transition (kafka.controller.KafkaController)", "offset": 254 - }, - { - "@timestamp": "2017-08-04T10:48:21.082Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.KafkaController", - "kafka.log.component": "Controller 0", - "kafka.log.level": "INFO", - "kafka.log.message": "Controller 0 incremented epoch to 1", - "message": "[2017-08-04 10:48:21,082] INFO [Controller 0]: Controller 0 incremented epoch to 1 (kafka.controller.KafkaController)", + }, + { + "@timestamp": "2017-08-04T10:48:21.082Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.KafkaController", + "kafka.log.component": "Controller 0", + "kafka.log.level": "INFO", + "kafka.log.message": "Controller 0 incremented epoch to 1", + "message": "[2017-08-04 10:48:21,082] INFO [Controller 0]: Controller 0 incremented epoch to 1 (kafka.controller.KafkaController)", "offset": 389 - }, - { - "@timestamp": "2017-08-04T10:48:21.085Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.KafkaController", - "kafka.log.component": "Controller 0", - "kafka.log.level": "DEBUG", - "kafka.log.message": "Registering IsrChangeNotificationListener", - "message": "[2017-08-04 10:48:21,085] DEBUG [Controller 0]: Registering IsrChangeNotificationListener (kafka.controller.KafkaController)", + }, + { + "@timestamp": "2017-08-04T10:48:21.085Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.KafkaController", + "kafka.log.component": "Controller 0", + "kafka.log.level": "DEBUG", + "kafka.log.message": "Registering IsrChangeNotificationListener", + "message": "[2017-08-04 10:48:21,085] DEBUG [Controller 0]: Registering IsrChangeNotificationListener (kafka.controller.KafkaController)", "offset": 507 - }, - { - "@timestamp": "2017-08-04T10:48:21.154Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.ReplicaStateMachine", - "kafka.log.component": "Replica state machine on controller 0", - "kafka.log.level": "INFO", - "kafka.log.message": "Started replica state machine with initial state -> Map()", - "message": "[2017-08-04 10:48:21,154] INFO [Replica state machine on controller 0]: Started replica state machine with initial state -> Map() (kafka.controller.ReplicaStateMachine)", + }, + { + "@timestamp": "2017-08-04T10:48:21.154Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.ReplicaStateMachine", + "kafka.log.component": "Replica state machine on controller 0", + "kafka.log.level": "INFO", + "kafka.log.message": "Started replica state machine with initial state -> Map()", + "message": "[2017-08-04 10:48:21,154] INFO [Replica state machine on controller 0]: Started replica state machine with initial state -> Map() (kafka.controller.ReplicaStateMachine)", "offset": 632 - }, - { - "@timestamp": "2017-08-04T10:48:21.156Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.PartitionStateMachine", - "kafka.log.component": "Partition state machine on Controller 0", - "kafka.log.level": "INFO", - "kafka.log.message": "Started partition state machine with initial state -> Map()", - "message": "[2017-08-04 10:48:21,156] INFO [Partition state machine on Controller 0]: Started partition state machine with initial state -> Map() (kafka.controller.PartitionStateMachine)", + }, + { + "@timestamp": "2017-08-04T10:48:21.156Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.PartitionStateMachine", + "kafka.log.component": "Partition state machine on Controller 0", + "kafka.log.level": "INFO", + "kafka.log.message": "Started partition state machine with initial state -> Map()", + "message": "[2017-08-04 10:48:21,156] INFO [Partition state machine on Controller 0]: Started partition state machine with initial state -> Map() (kafka.controller.PartitionStateMachine)", "offset": 801 - }, - { - "@timestamp": "2017-08-04T10:48:21.157Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.KafkaController", - "kafka.log.component": "Controller 0", - "kafka.log.level": "INFO", - "kafka.log.message": "Broker 0 is ready to serve as the new controller with epoch 1", - "message": "[2017-08-04 10:48:21,157] INFO [Controller 0]: Broker 0 is ready to serve as the new controller with epoch 1 (kafka.controller.KafkaController)", + }, + { + "@timestamp": "2017-08-04T10:48:21.157Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.KafkaController", + "kafka.log.component": "Controller 0", + "kafka.log.level": "INFO", + "kafka.log.message": "Broker 0 is ready to serve as the new controller with epoch 1", + "message": "[2017-08-04 10:48:21,157] INFO [Controller 0]: Broker 0 is ready to serve as the new controller with epoch 1 (kafka.controller.KafkaController)", "offset": 976 - }, - { - "@timestamp": "2017-08-04T10:48:21.165Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.PartitionStateMachine", - "kafka.log.component": "Partition state machine on Controller 0", - "kafka.log.level": "INFO", - "kafka.log.message": "Invoking state change to OnlinePartition for partitions ", - "message": "[2017-08-04 10:48:21,165] INFO [Partition state machine on Controller 0]: Invoking state change to OnlinePartition for partitions (kafka.controller.PartitionStateMachine)", + }, + { + "@timestamp": "2017-08-04T10:48:21.165Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.PartitionStateMachine", + "kafka.log.component": "Partition state machine on Controller 0", + "kafka.log.level": "INFO", + "kafka.log.message": "Invoking state change to OnlinePartition for partitions ", + "message": "[2017-08-04 10:48:21,165] INFO [Partition state machine on Controller 0]: Invoking state change to OnlinePartition for partitions (kafka.controller.PartitionStateMachine)", "offset": 1120 - }, - { - "@timestamp": "2017-08-04T11:44:22.588Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.KafkaController", - "kafka.log.component": "Controller 0", - "kafka.log.level": "DEBUG", - "kafka.log.message": "Live brokers: ", - "message": "[2017-08-04 11:44:22,588] DEBUG [Controller 0]: Live brokers: (kafka.controller.KafkaController)", + }, + { + "@timestamp": "2017-08-04T11:44:22.588Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.KafkaController", + "kafka.log.component": "Controller 0", + "kafka.log.level": "DEBUG", + "kafka.log.message": "Live brokers: ", + "message": "[2017-08-04 11:44:22,588] DEBUG [Controller 0]: Live brokers: (kafka.controller.KafkaController)", "offset": 1292 - }, - { - "@timestamp": "2017-08-04T11:44:25.094Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.ControllerEventManager$ControllerEventThread", - "kafka.log.component": "controller-event-thread", - "kafka.log.level": "INFO", - "kafka.log.message": "Shutting down", - "message": "[2017-08-04 11:44:25,094] INFO [controller-event-thread]: Shutting down (kafka.controller.ControllerEventManager$ControllerEventThread)", + }, + { + "@timestamp": "2017-08-04T11:44:25.094Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.ControllerEventManager$ControllerEventThread", + "kafka.log.component": "controller-event-thread", + "kafka.log.level": "INFO", + "kafka.log.message": "Shutting down", + "message": "[2017-08-04 11:44:25,094] INFO [controller-event-thread]: Shutting down (kafka.controller.ControllerEventManager$ControllerEventThread)", "offset": 1390 - }, - { - "@timestamp": "2017-08-04T11:44:25.095Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.ControllerEventManager$ControllerEventThread", - "kafka.log.component": "controller-event-thread", - "kafka.log.level": "INFO", - "kafka.log.message": "Stopped", - "message": "[2017-08-04 11:44:25,095] INFO [controller-event-thread]: Stopped (kafka.controller.ControllerEventManager$ControllerEventThread)", + }, + { + "@timestamp": "2017-08-04T11:44:25.095Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.ControllerEventManager$ControllerEventThread", + "kafka.log.component": "controller-event-thread", + "kafka.log.level": "INFO", + "kafka.log.message": "Stopped", + "message": "[2017-08-04 11:44:25,095] INFO [controller-event-thread]: Stopped (kafka.controller.ControllerEventManager$ControllerEventThread)", "offset": 1526 - }, - { - "@timestamp": "2017-08-04T11:44:25.097Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.ControllerEventManager$ControllerEventThread", - "kafka.log.component": "controller-event-thread", - "kafka.log.level": "INFO", - "kafka.log.message": "Shutdown completed", - "message": "[2017-08-04 11:44:25,097] INFO [controller-event-thread]: Shutdown completed (kafka.controller.ControllerEventManager$ControllerEventThread)", + }, + { + "@timestamp": "2017-08-04T11:44:25.097Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.ControllerEventManager$ControllerEventThread", + "kafka.log.component": "controller-event-thread", + "kafka.log.level": "INFO", + "kafka.log.message": "Shutdown completed", + "message": "[2017-08-04 11:44:25,097] INFO [controller-event-thread]: Shutdown completed (kafka.controller.ControllerEventManager$ControllerEventThread)", "offset": 1656 - }, - { - "@timestamp": "2017-08-04T11:44:25.099Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.KafkaController", - "kafka.log.component": "Controller 0", - "kafka.log.level": "DEBUG", - "kafka.log.message": "Controller resigning, broker id 0", - "message": "[2017-08-04 11:44:25,099] DEBUG [Controller 0]: Controller resigning, broker id 0 (kafka.controller.KafkaController)", + }, + { + "@timestamp": "2017-08-04T11:44:25.099Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.KafkaController", + "kafka.log.component": "Controller 0", + "kafka.log.level": "DEBUG", + "kafka.log.message": "Controller resigning, broker id 0", + "message": "[2017-08-04 11:44:25,099] DEBUG [Controller 0]: Controller resigning, broker id 0 (kafka.controller.KafkaController)", "offset": 1797 - }, - { - "@timestamp": "2017-08-04T11:44:25.100Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.KafkaController", - "kafka.log.component": "Controller 0", - "kafka.log.level": "DEBUG", - "kafka.log.message": "De-registering IsrChangeNotificationListener", - "message": "[2017-08-04 11:44:25,100] DEBUG [Controller 0]: De-registering IsrChangeNotificationListener (kafka.controller.KafkaController)", + }, + { + "@timestamp": "2017-08-04T11:44:25.100Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.KafkaController", + "kafka.log.component": "Controller 0", + "kafka.log.level": "DEBUG", + "kafka.log.message": "De-registering IsrChangeNotificationListener", + "message": "[2017-08-04 11:44:25,100] DEBUG [Controller 0]: De-registering IsrChangeNotificationListener (kafka.controller.KafkaController)", "offset": 1914 - }, - { - "@timestamp": "2017-08-04T11:44:25.105Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.PartitionStateMachine", - "kafka.log.component": "Partition state machine on Controller 0", - "kafka.log.level": "INFO", - "kafka.log.message": "Stopped partition state machine", - "message": "[2017-08-04 11:44:25,105] INFO [Partition state machine on Controller 0]: Stopped partition state machine (kafka.controller.PartitionStateMachine)", + }, + { + "@timestamp": "2017-08-04T11:44:25.105Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.PartitionStateMachine", + "kafka.log.component": "Partition state machine on Controller 0", + "kafka.log.level": "INFO", + "kafka.log.message": "Stopped partition state machine", + "message": "[2017-08-04 11:44:25,105] INFO [Partition state machine on Controller 0]: Stopped partition state machine (kafka.controller.PartitionStateMachine)", "offset": 2042 - }, - { - "@timestamp": "2017-08-04T11:44:25.111Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.ReplicaStateMachine", - "kafka.log.component": "Replica state machine on controller 0", - "kafka.log.level": "INFO", - "kafka.log.message": "Stopped replica state machine", - "message": "[2017-08-04 11:44:25,111] INFO [Replica state machine on controller 0]: Stopped replica state machine (kafka.controller.ReplicaStateMachine)", + }, + { + "@timestamp": "2017-08-04T11:44:25.111Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.ReplicaStateMachine", + "kafka.log.component": "Replica state machine on controller 0", + "kafka.log.level": "INFO", + "kafka.log.message": "Stopped replica state machine", + "message": "[2017-08-04 11:44:25,111] INFO [Replica state machine on controller 0]: Stopped replica state machine (kafka.controller.ReplicaStateMachine)", "offset": 2189 - }, - { - "@timestamp": "2017-08-04T11:44:25.112Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.RequestSendThread", - "kafka.log.component": "Controller-0-to-broker-0-send-thread", - "kafka.log.level": "INFO", - "kafka.log.message": "Shutting down", - "message": "[2017-08-04 11:44:25,112] INFO [Controller-0-to-broker-0-send-thread]: Shutting down (kafka.controller.RequestSendThread)", + }, + { + "@timestamp": "2017-08-04T11:44:25.112Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.RequestSendThread", + "kafka.log.component": "Controller-0-to-broker-0-send-thread", + "kafka.log.level": "INFO", + "kafka.log.message": "Shutting down", + "message": "[2017-08-04 11:44:25,112] INFO [Controller-0-to-broker-0-send-thread]: Shutting down (kafka.controller.RequestSendThread)", "offset": 2330 - }, - { - "@timestamp": "2017-08-04T11:44:25.112Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.RequestSendThread", - "kafka.log.component": "Controller-0-to-broker-0-send-thread", - "kafka.log.level": "INFO", - "kafka.log.message": "Stopped", - "message": "[2017-08-04 11:44:25,112] INFO [Controller-0-to-broker-0-send-thread]: Stopped (kafka.controller.RequestSendThread)", + }, + { + "@timestamp": "2017-08-04T11:44:25.112Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.RequestSendThread", + "kafka.log.component": "Controller-0-to-broker-0-send-thread", + "kafka.log.level": "INFO", + "kafka.log.message": "Stopped", + "message": "[2017-08-04 11:44:25,112] INFO [Controller-0-to-broker-0-send-thread]: Stopped (kafka.controller.RequestSendThread)", "offset": 2452 - }, - { - "@timestamp": "2017-08-04T11:44:25.113Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.controller.RequestSendThread", - "kafka.log.component": "Controller-0-to-broker-0-send-thread", - "kafka.log.level": "INFO", - "kafka.log.message": "Shutdown completed", - "message": "[2017-08-04 11:44:25,113] INFO [Controller-0-to-broker-0-send-thread]: Shutdown completed (kafka.controller.RequestSendThread)", + }, + { + "@timestamp": "2017-08-04T11:44:25.113Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.controller.RequestSendThread", + "kafka.log.component": "Controller-0-to-broker-0-send-thread", + "kafka.log.level": "INFO", + "kafka.log.message": "Shutdown completed", + "message": "[2017-08-04 11:44:25,113] INFO [Controller-0-to-broker-0-send-thread]: Shutdown completed (kafka.controller.RequestSendThread)", "offset": 2568 } -] +] \ No newline at end of file diff --git a/filebeat/module/kafka/log/test/server.log-expected.json b/filebeat/module/kafka/log/test/server.log-expected.json index a9d711eecca5..bf1b18b109ae 100644 --- a/filebeat/module/kafka/log/test/server.log-expected.json +++ b/filebeat/module/kafka/log/test/server.log-expected.json @@ -1,242 +1,242 @@ [ { - "@timestamp": "2017-08-04T10:48:20.377Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.server.KafkaServer", - "kafka.log.component": "unknown", - "kafka.log.level": "INFO", - "kafka.log.message": "starting", - "message": "[2017-08-04 10:48:20,377] INFO starting (kafka.server.KafkaServer)", + "@timestamp": "2017-08-04T10:48:20.377Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.server.KafkaServer", + "kafka.log.component": "unknown", + "kafka.log.level": "INFO", + "kafka.log.message": "starting", + "message": "[2017-08-04 10:48:20,377] INFO starting (kafka.server.KafkaServer)", "offset": 0 - }, - { - "@timestamp": "2017-08-04T10:48:20.379Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.server.KafkaServer", - "kafka.log.component": "unknown", - "kafka.log.level": "INFO", - "kafka.log.message": "Connecting to zookeeper on localhost:2181", - "message": "[2017-08-04 10:48:20,379] INFO Connecting to zookeeper on localhost:2181 (kafka.server.KafkaServer)", + }, + { + "@timestamp": "2017-08-04T10:48:20.379Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.server.KafkaServer", + "kafka.log.component": "unknown", + "kafka.log.level": "INFO", + "kafka.log.message": "Connecting to zookeeper on localhost:2181", + "message": "[2017-08-04 10:48:20,379] INFO Connecting to zookeeper on localhost:2181 (kafka.server.KafkaServer)", "offset": 67 - }, - { - "@timestamp": "2017-08-04T10:48:20.400Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "org.apache.zookeeper.ZooKeeper", - "kafka.log.component": "unknown", - "kafka.log.level": "INFO", - "kafka.log.message": "Client environment:java.io.tmpdir=/tmp", - "message": "[2017-08-04 10:48:20,400] INFO Client environment:java.io.tmpdir=/tmp (org.apache.zookeeper.ZooKeeper)", + }, + { + "@timestamp": "2017-08-04T10:48:20.400Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "org.apache.zookeeper.ZooKeeper", + "kafka.log.component": "unknown", + "kafka.log.level": "INFO", + "kafka.log.message": "Client environment:java.io.tmpdir=/tmp", + "message": "[2017-08-04 10:48:20,400] INFO Client environment:java.io.tmpdir=/tmp (org.apache.zookeeper.ZooKeeper)", "offset": 167 - }, - { - "@timestamp": "2017-08-04T10:48:20.400Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "org.apache.zookeeper.ZooKeeper", - "kafka.log.component": "unknown", - "kafka.log.level": "INFO", - "kafka.log.message": "Client environment:java.compiler=", - "message": "[2017-08-04 10:48:20,400] INFO Client environment:java.compiler= (org.apache.zookeeper.ZooKeeper)", + }, + { + "@timestamp": "2017-08-04T10:48:20.400Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "org.apache.zookeeper.ZooKeeper", + "kafka.log.component": "unknown", + "kafka.log.level": "INFO", + "kafka.log.message": "Client environment:java.compiler=", + "message": "[2017-08-04 10:48:20,400] INFO Client environment:java.compiler= (org.apache.zookeeper.ZooKeeper)", "offset": 270 - }, - { - "@timestamp": "2017-08-04T10:48:20.401Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "org.apache.zookeeper.ZooKeeper", - "kafka.log.component": "unknown", - "kafka.log.level": "INFO", - "kafka.log.message": "Initiating client connection, connectString=localhost:2181 sessionTimeout=6000 watcher=org.I0Itec.zkclient.ZkClient@5ffead27", - "message": "[2017-08-04 10:48:20,401] INFO Initiating client connection, connectString=localhost:2181 sessionTimeout=6000 watcher=org.I0Itec.zkclient.ZkClient@5ffead27 (org.apache.zookeeper.ZooKeeper)", + }, + { + "@timestamp": "2017-08-04T10:48:20.401Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "org.apache.zookeeper.ZooKeeper", + "kafka.log.component": "unknown", + "kafka.log.level": "INFO", + "kafka.log.message": "Initiating client connection, connectString=localhost:2181 sessionTimeout=6000 watcher=org.I0Itec.zkclient.ZkClient@5ffead27", + "message": "[2017-08-04 10:48:20,401] INFO Initiating client connection, connectString=localhost:2181 sessionTimeout=6000 watcher=org.I0Itec.zkclient.ZkClient@5ffead27 (org.apache.zookeeper.ZooKeeper)", "offset": 372 - }, - { - "@timestamp": "2017-08-04T10:48:20.413Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "org.I0Itec.zkclient.ZkClient", - "kafka.log.component": "unknown", - "kafka.log.level": "INFO", - "kafka.log.message": "Waiting for keeper state SyncConnected", - "message": "[2017-08-04 10:48:20,413] INFO Waiting for keeper state SyncConnected (org.I0Itec.zkclient.ZkClient)", + }, + { + "@timestamp": "2017-08-04T10:48:20.413Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "org.I0Itec.zkclient.ZkClient", + "kafka.log.component": "unknown", + "kafka.log.level": "INFO", + "kafka.log.message": "Waiting for keeper state SyncConnected", + "message": "[2017-08-04 10:48:20,413] INFO Waiting for keeper state SyncConnected (org.I0Itec.zkclient.ZkClient)", "offset": 561 - }, - { - "@timestamp": "2017-08-04T10:48:20.415Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "org.apache.zookeeper.ClientCnxn", - "kafka.log.component": "unknown", - "kafka.log.level": "INFO", - "kafka.log.message": "Opening socket connection to server localhost/0:0:0:0:0:0:0:1:2181. Will not attempt to authenticate using SASL (unknown error)", - "message": "[2017-08-04 10:48:20,415] INFO Opening socket connection to server localhost/0:0:0:0:0:0:0:1:2181. Will not attempt to authenticate using SASL (unknown error) (org.apache.zookeeper.ClientCnxn)", + }, + { + "@timestamp": "2017-08-04T10:48:20.415Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "org.apache.zookeeper.ClientCnxn", + "kafka.log.component": "unknown", + "kafka.log.level": "INFO", + "kafka.log.message": "Opening socket connection to server localhost/0:0:0:0:0:0:0:1:2181. Will not attempt to authenticate using SASL (unknown error)", + "message": "[2017-08-04 10:48:20,415] INFO Opening socket connection to server localhost/0:0:0:0:0:0:0:1:2181. Will not attempt to authenticate using SASL (unknown error) (org.apache.zookeeper.ClientCnxn)", "offset": 662 - }, - { - "@timestamp": "2017-08-04T10:48:20.420Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "org.apache.zookeeper.ClientCnxn", - "kafka.log.component": "unknown", - "kafka.log.level": "INFO", - "kafka.log.message": "Socket connection established to localhost/0:0:0:0:0:0:0:1:2181, initiating session", - "message": "[2017-08-04 10:48:20,420] INFO Socket connection established to localhost/0:0:0:0:0:0:0:1:2181, initiating session (org.apache.zookeeper.ClientCnxn)", + }, + { + "@timestamp": "2017-08-04T10:48:20.420Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "org.apache.zookeeper.ClientCnxn", + "kafka.log.component": "unknown", + "kafka.log.level": "INFO", + "kafka.log.message": "Socket connection established to localhost/0:0:0:0:0:0:0:1:2181, initiating session", + "message": "[2017-08-04 10:48:20,420] INFO Socket connection established to localhost/0:0:0:0:0:0:0:1:2181, initiating session (org.apache.zookeeper.ClientCnxn)", "offset": 855 - }, - { - "@timestamp": "2017-08-04T10:48:20.457Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "org.apache.zookeeper.ClientCnxn", - "kafka.log.component": "unknown", - "kafka.log.level": "INFO", - "kafka.log.message": "Session establishment complete on server localhost/0:0:0:0:0:0:0:1:2181, sessionid = 0x15dabf8d4140000, negotiated timeout = 6000", - "message": "[2017-08-04 10:48:20,457] INFO Session establishment complete on server localhost/0:0:0:0:0:0:0:1:2181, sessionid = 0x15dabf8d4140000, negotiated timeout = 6000 (org.apache.zookeeper.ClientCnxn)", + }, + { + "@timestamp": "2017-08-04T10:48:20.457Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "org.apache.zookeeper.ClientCnxn", + "kafka.log.component": "unknown", + "kafka.log.level": "INFO", + "kafka.log.message": "Session establishment complete on server localhost/0:0:0:0:0:0:0:1:2181, sessionid = 0x15dabf8d4140000, negotiated timeout = 6000", + "message": "[2017-08-04 10:48:20,457] INFO Session establishment complete on server localhost/0:0:0:0:0:0:0:1:2181, sessionid = 0x15dabf8d4140000, negotiated timeout = 6000 (org.apache.zookeeper.ClientCnxn)", "offset": 1004 - }, - { - "@timestamp": "2017-08-04T10:48:20.458Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "org.I0Itec.zkclient.ZkClient", - "kafka.log.component": "unknown", - "kafka.log.level": "INFO", - "kafka.log.message": "zookeeper state changed (SyncConnected)", - "message": "[2017-08-04 10:48:20,458] INFO zookeeper state changed (SyncConnected) (org.I0Itec.zkclient.ZkClient)", + }, + { + "@timestamp": "2017-08-04T10:48:20.458Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "org.I0Itec.zkclient.ZkClient", + "kafka.log.component": "unknown", + "kafka.log.level": "INFO", + "kafka.log.message": "zookeeper state changed (SyncConnected)", + "message": "[2017-08-04 10:48:20,458] INFO zookeeper state changed (SyncConnected) (org.I0Itec.zkclient.ZkClient)", "offset": 1199 - }, - { - "@timestamp": "2017-08-04T10:48:20.748Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.server.BrokerMetadataCheckpoint", - "kafka.log.component": "unknown", - "kafka.log.level": "WARN", - "kafka.log.message": "No meta.properties file under dir /tmp/kafka-logs/meta.properties", - "message": "[2017-08-04 10:48:20,748] WARN No meta.properties file under dir /tmp/kafka-logs/meta.properties (kafka.server.BrokerMetadataCheckpoint)", + }, + { + "@timestamp": "2017-08-04T10:48:20.748Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.server.BrokerMetadataCheckpoint", + "kafka.log.component": "unknown", + "kafka.log.level": "WARN", + "kafka.log.message": "No meta.properties file under dir /tmp/kafka-logs/meta.properties", + "message": "[2017-08-04 10:48:20,748] WARN No meta.properties file under dir /tmp/kafka-logs/meta.properties (kafka.server.BrokerMetadataCheckpoint)", "offset": 1301 - }, - { - "@timestamp": "2017-08-04T10:48:20.800Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.server.ClientQuotaManager$ThrottledRequestReaper", - "kafka.log.component": "ThrottledRequestReaper-Fetch", - "kafka.log.level": "INFO", - "kafka.log.message": "Starting", - "message": "[2017-08-04 10:48:20,800] INFO [ThrottledRequestReaper-Fetch]: Starting (kafka.server.ClientQuotaManager$ThrottledRequestReaper)", + }, + { + "@timestamp": "2017-08-04T10:48:20.800Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.server.ClientQuotaManager$ThrottledRequestReaper", + "kafka.log.component": "ThrottledRequestReaper-Fetch", + "kafka.log.level": "INFO", + "kafka.log.message": "Starting", + "message": "[2017-08-04 10:48:20,800] INFO [ThrottledRequestReaper-Fetch]: Starting (kafka.server.ClientQuotaManager$ThrottledRequestReaper)", "offset": 1438 - }, - { - "@timestamp": "2017-08-04T10:48:20.866Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.log.LogManager", - "kafka.log.component": "unknown", - "kafka.log.level": "INFO", - "kafka.log.message": "Log directory '/tmp/kafka-logs' not found, creating it.", - "message": "[2017-08-04 10:48:20,866] INFO Log directory '/tmp/kafka-logs' not found, creating it. (kafka.log.LogManager)", + }, + { + "@timestamp": "2017-08-04T10:48:20.866Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.log.LogManager", + "kafka.log.component": "unknown", + "kafka.log.level": "INFO", + "kafka.log.message": "Log directory '/tmp/kafka-logs' not found, creating it.", + "message": "[2017-08-04 10:48:20,866] INFO Log directory '/tmp/kafka-logs' not found, creating it. (kafka.log.LogManager)", "offset": 1567 - }, - { - "@timestamp": "2017-08-04T10:48:20.873Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.log.LogManager", - "kafka.log.component": "unknown", - "kafka.log.level": "INFO", - "kafka.log.message": "Loading logs.", - "message": "[2017-08-04 10:48:20,873] INFO Loading logs. (kafka.log.LogManager)", + }, + { + "@timestamp": "2017-08-04T10:48:20.873Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.log.LogManager", + "kafka.log.component": "unknown", + "kafka.log.level": "INFO", + "kafka.log.message": "Loading logs.", + "message": "[2017-08-04 10:48:20,873] INFO Loading logs. (kafka.log.LogManager)", "offset": 1677 - }, - { - "@timestamp": "2017-08-04T10:48:21.062Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper", - "kafka.log.component": "ExpirationReaper-0-Heartbeat", - "kafka.log.level": "INFO", - "kafka.log.message": "Starting", - "message": "[2017-08-04 10:48:21,062] INFO [ExpirationReaper-0-Heartbeat]: Starting (kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper)", + }, + { + "@timestamp": "2017-08-04T10:48:21.062Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper", + "kafka.log.component": "ExpirationReaper-0-Heartbeat", + "kafka.log.level": "INFO", + "kafka.log.message": "Starting", + "message": "[2017-08-04 10:48:21,062] INFO [ExpirationReaper-0-Heartbeat]: Starting (kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper)", "offset": 1745 - }, - { - "@timestamp": "2017-08-04T10:48:21.063Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.utils.ZKCheckedEphemeral", - "kafka.log.component": "unknown", - "kafka.log.level": "INFO", - "kafka.log.message": "Result of znode creation is: OK", - "message": "[2017-08-04 10:48:21,063] INFO Result of znode creation is: OK (kafka.utils.ZKCheckedEphemeral)", + }, + { + "@timestamp": "2017-08-04T10:48:21.063Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.utils.ZKCheckedEphemeral", + "kafka.log.component": "unknown", + "kafka.log.level": "INFO", + "kafka.log.message": "Result of znode creation is: OK", + "message": "[2017-08-04 10:48:21,063] INFO Result of znode creation is: OK (kafka.utils.ZKCheckedEphemeral)", "offset": 1881 - }, - { - "@timestamp": "2017-08-04T10:48:21.095Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.coordinator.group.GroupMetadataManager", - "kafka.log.component": "Group Metadata Manager on Broker 0", - "kafka.log.level": "INFO", - "kafka.log.message": "Removed 0 expired offsets in 1 milliseconds.", - "message": "[2017-08-04 10:48:21,095] INFO [Group Metadata Manager on Broker 0]: Removed 0 expired offsets in 1 milliseconds. (kafka.coordinator.group.GroupMetadataManager)", + }, + { + "@timestamp": "2017-08-04T10:48:21.095Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.coordinator.group.GroupMetadataManager", + "kafka.log.component": "Group Metadata Manager on Broker 0", + "kafka.log.level": "INFO", + "kafka.log.message": "Removed 0 expired offsets in 1 milliseconds.", + "message": "[2017-08-04 10:48:21,095] INFO [Group Metadata Manager on Broker 0]: Removed 0 expired offsets in 1 milliseconds. (kafka.coordinator.group.GroupMetadataManager)", "offset": 1977 - }, - { - "@timestamp": "2017-08-04T10:48:21.127Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.coordinator.transaction.ProducerIdManager", - "kafka.log.component": "ProducerId Manager 0", - "kafka.log.level": "INFO", - "kafka.log.message": "Acquired new producerId block (brokerId:0,blockStartProducerId:0,blockEndProducerId:999) by writing to Zk with path version 1", - "message": "[2017-08-04 10:48:21,127] INFO [ProducerId Manager 0]: Acquired new producerId block (brokerId:0,blockStartProducerId:0,blockEndProducerId:999) by writing to Zk with path version 1 (kafka.coordinator.transaction.ProducerIdManager)", + }, + { + "@timestamp": "2017-08-04T10:48:21.127Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.coordinator.transaction.ProducerIdManager", + "kafka.log.component": "ProducerId Manager 0", + "kafka.log.level": "INFO", + "kafka.log.message": "Acquired new producerId block (brokerId:0,blockStartProducerId:0,blockEndProducerId:999) by writing to Zk with path version 1", + "message": "[2017-08-04 10:48:21,127] INFO [ProducerId Manager 0]: Acquired new producerId block (brokerId:0,blockStartProducerId:0,blockEndProducerId:999) by writing to Zk with path version 1 (kafka.coordinator.transaction.ProducerIdManager)", "offset": 2138 - }, - { - "@timestamp": "2017-08-04T10:48:21.162Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.coordinator.transaction.TransactionCoordinator", - "kafka.log.component": "Transaction Coordinator 0", - "kafka.log.level": "INFO", - "kafka.log.message": "Starting up.", - "message": "[2017-08-04 10:48:21,162] INFO [Transaction Coordinator 0]: Starting up. (kafka.coordinator.transaction.TransactionCoordinator)", + }, + { + "@timestamp": "2017-08-04T10:48:21.162Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.coordinator.transaction.TransactionCoordinator", + "kafka.log.component": "Transaction Coordinator 0", + "kafka.log.level": "INFO", + "kafka.log.message": "Starting up.", + "message": "[2017-08-04 10:48:21,162] INFO [Transaction Coordinator 0]: Starting up. (kafka.coordinator.transaction.TransactionCoordinator)", "offset": 2369 - }, - { - "@timestamp": "2017-08-04T10:48:21.167Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "kafka.coordinator.transaction.TransactionMarkerChannelManager", - "kafka.log.component": "Transaction Marker Channel Manager 0", - "kafka.log.level": "INFO", - "kafka.log.message": "Starting", - "message": "[2017-08-04 10:48:21,167] INFO [Transaction Marker Channel Manager 0]: Starting (kafka.coordinator.transaction.TransactionMarkerChannelManager)", + }, + { + "@timestamp": "2017-08-04T10:48:21.167Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "kafka.coordinator.transaction.TransactionMarkerChannelManager", + "kafka.log.component": "Transaction Marker Channel Manager 0", + "kafka.log.level": "INFO", + "kafka.log.message": "Starting", + "message": "[2017-08-04 10:48:21,167] INFO [Transaction Marker Channel Manager 0]: Starting (kafka.coordinator.transaction.TransactionMarkerChannelManager)", "offset": 2497 } -] +] \ No newline at end of file diff --git a/filebeat/module/kafka/log/test/state-change-1.1.0.log-expected.json b/filebeat/module/kafka/log/test/state-change-1.1.0.log-expected.json index f87d9378c571..152d490a4664 100644 --- a/filebeat/module/kafka/log/test/state-change-1.1.0.log-expected.json +++ b/filebeat/module/kafka/log/test/state-change-1.1.0.log-expected.json @@ -1,14 +1,14 @@ [ { - "@timestamp": "2018-07-16T10:17:06.489Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "state.change.logger", - "kafka.log.component": "Broker id=30", - "kafka.log.level": "TRACE", - "kafka.log.message": "Cached leader info PartitionState(controllerEpoch=25, leader=-1, leaderEpoch=15, isr=[10], zkVersion=15, replicas=[10], offlineReplicas=[10]) for partition __consumer_offsets-16 in response to UpdateMetadata request sent by controller 20 epoch 25 with correlation id 8", - "message": "[2018-07-16 10:17:06,489] TRACE [Broker id=30] Cached leader info PartitionState(controllerEpoch=25, leader=-1, leaderEpoch=15, isr=[10], zkVersion=15, replicas=[10], offlineReplicas=[10]) for partition __consumer_offsets-16 in response to UpdateMetadata request sent by controller 20 epoch 25 with correlation id 8 (state.change.logger)", + "@timestamp": "2018-07-16T10:17:06.489Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "state.change.logger", + "kafka.log.component": "Broker id=30", + "kafka.log.level": "TRACE", + "kafka.log.message": "Cached leader info PartitionState(controllerEpoch=25, leader=-1, leaderEpoch=15, isr=[10], zkVersion=15, replicas=[10], offlineReplicas=[10]) for partition __consumer_offsets-16 in response to UpdateMetadata request sent by controller 20 epoch 25 with correlation id 8", + "message": "[2018-07-16 10:17:06,489] TRACE [Broker id=30] Cached leader info PartitionState(controllerEpoch=25, leader=-1, leaderEpoch=15, isr=[10], zkVersion=15, replicas=[10], offlineReplicas=[10]) for partition __consumer_offsets-16 in response to UpdateMetadata request sent by controller 20 epoch 25 with correlation id 8 (state.change.logger)", "offset": 0 } -] +] \ No newline at end of file diff --git a/filebeat/module/kafka/log/test/state-change-2.0.0.log-expected.json b/filebeat/module/kafka/log/test/state-change-2.0.0.log-expected.json index 18311a4dd206..beb08aef3cc5 100644 --- a/filebeat/module/kafka/log/test/state-change-2.0.0.log-expected.json +++ b/filebeat/module/kafka/log/test/state-change-2.0.0.log-expected.json @@ -1,17 +1,17 @@ [ { - "@timestamp": "2018-10-31T15:09:30.451Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "state.change.logger", - "kafka.log.component": "Broker id=20", - "kafka.log.level": "TRACE", - "kafka.log.message": "Cached leader info PartitionState(controllerEpoch=5, leader=20, leaderEpoch=0, isr=[20], zkVersion=0, replicas=[20], offlineReplicas=[]) for partition foo-0 in response to UpdateMetadata request sent by controller 10 epoch 5 with correlation id 146", + "@timestamp": "2018-10-31T15:09:30.451Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "state.change.logger", + "kafka.log.component": "Broker id=20", + "kafka.log.level": "TRACE", + "kafka.log.message": "Cached leader info PartitionState(controllerEpoch=5, leader=20, leaderEpoch=0, isr=[20], zkVersion=0, replicas=[20], offlineReplicas=[]) for partition foo-0 in response to UpdateMetadata request sent by controller 10 epoch 5 with correlation id 146", "log.flags": [ "multiline" - ], - "message": "[2018-10-31 15:09:30,451] TRACE [Broker id=20] Cached leader info PartitionState(controllerEpoch=5, leader=20, leaderEpoch=0, isr=[20], zkVersion=0, replicas=[20], offlineReplicas=[]) for partition foo-0 in response to UpdateMetadata request sent by controller 10 epoch 5 with correlation id 146 (state.change.logger)\n", + ], + "message": "[2018-10-31 15:09:30,451] TRACE [Broker id=20] Cached leader info PartitionState(controllerEpoch=5, leader=20, leaderEpoch=0, isr=[20], zkVersion=0, replicas=[20], offlineReplicas=[]) for partition foo-0 in response to UpdateMetadata request sent by controller 10 epoch 5 with correlation id 146 (state.change.logger)\n", "offset": 0 } -] +] \ No newline at end of file diff --git a/filebeat/module/kafka/log/test/state-change.log-expected.json b/filebeat/module/kafka/log/test/state-change.log-expected.json index b81ce0c62d85..ae61c0ac613d 100644 --- a/filebeat/module/kafka/log/test/state-change.log-expected.json +++ b/filebeat/module/kafka/log/test/state-change.log-expected.json @@ -1,14 +1,14 @@ [ { - "@timestamp": "2017-08-04T10:48:21.428Z", - "fileset.module": "kafka", - "fileset.name": "log", - "input.type": "log", - "kafka.log.class": "state.change.logger", - "kafka.log.component": "unknown", - "kafka.log.level": "TRACE", - "kafka.log.message": "Controller 0 epoch 1 received response {error_code=0} for a request sent to broker baldur:9092 (id: 0 rack: null)", - "message": "[2017-08-04 10:48:21,428] TRACE Controller 0 epoch 1 received response {error_code=0} for a request sent to broker baldur:9092 (id: 0 rack: null) (state.change.logger)", + "@timestamp": "2017-08-04T10:48:21.428Z", + "fileset.module": "kafka", + "fileset.name": "log", + "input.type": "log", + "kafka.log.class": "state.change.logger", + "kafka.log.component": "unknown", + "kafka.log.level": "TRACE", + "kafka.log.message": "Controller 0 epoch 1 received response {error_code=0} for a request sent to broker baldur:9092 (id: 0 rack: null)", + "message": "[2017-08-04 10:48:21,428] TRACE Controller 0 epoch 1 received response {error_code=0} for a request sent to broker baldur:9092 (id: 0 rack: null) (state.change.logger)", "offset": 0 } -] +] \ No newline at end of file diff --git a/filebeat/module/kibana/log/test/test.log-expected.json b/filebeat/module/kibana/log/test/test.log-expected.json index 82238373a4c0..f4c9f3c9d203 100644 --- a/filebeat/module/kibana/log/test/test.log-expected.json +++ b/filebeat/module/kibana/log/test/test.log-expected.json @@ -1,72 +1,72 @@ [ { - "@timestamp": "2018-05-09T10:57:55.000Z", - "fileset.module": "kibana", - "fileset.name": "log", - "http.request.method": "get", - "http.response.content_length": 9, - "http.response.elapsed_time": 26, - "http.response.status_code": 304, - "input.type": "log", - "kibana.log.meta.method": "get", - "kibana.log.meta.req.headers.accept": "*/*", - "kibana.log.meta.req.headers.accept-encoding": "gzip, deflate, br", - "kibana.log.meta.req.headers.accept-language": "en-US,en;q=0.9,de;q=0.8", - "kibana.log.meta.req.headers.connection": "keep-alive", - "kibana.log.meta.req.headers.host": "localhost:5601", - "kibana.log.meta.req.headers.if-modified-since": "Thu, 03 May 2018 09:45:28 GMT", - "kibana.log.meta.req.headers.if-none-match": "\"24234c1c81b3948758c1a0be8e5a65386ca94c52\"", - "kibana.log.meta.req.headers.origin": "http://localhost:5601", - "kibana.log.meta.req.headers.referer": "http://localhost:5601/app/kibana", - "kibana.log.meta.req.headers.user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36", - "kibana.log.meta.req.referer": "http://localhost:5601/app/kibana", - "kibana.log.meta.req.remoteAddress": "127.0.0.1", - "kibana.log.meta.req.url": "/ui/fonts/open_sans/open_sans_v15_latin_600.woff2", - "kibana.log.meta.req.userAgent": "127.0.0.1", - "kibana.log.meta.statusCode": 304, - "kibana.log.meta.type": "response", - "kibana.log.tags": [], - "message": "GET /ui/fonts/open_sans/open_sans_v15_latin_600.woff2 304 26ms - 9.0B", - "offset": 0, - "process.pid": 69410, + "@timestamp": "2018-05-09T10:57:55.000Z", + "fileset.module": "kibana", + "fileset.name": "log", + "http.request.method": "get", + "http.response.content_length": 9, + "http.response.elapsed_time": 26, + "http.response.status_code": 304, + "input.type": "log", + "kibana.log.meta.method": "get", + "kibana.log.meta.req.headers.accept": "*/*", + "kibana.log.meta.req.headers.accept-encoding": "gzip, deflate, br", + "kibana.log.meta.req.headers.accept-language": "en-US,en;q=0.9,de;q=0.8", + "kibana.log.meta.req.headers.connection": "keep-alive", + "kibana.log.meta.req.headers.host": "localhost:5601", + "kibana.log.meta.req.headers.if-modified-since": "Thu, 03 May 2018 09:45:28 GMT", + "kibana.log.meta.req.headers.if-none-match": "\"24234c1c81b3948758c1a0be8e5a65386ca94c52\"", + "kibana.log.meta.req.headers.origin": "http://localhost:5601", + "kibana.log.meta.req.headers.referer": "http://localhost:5601/app/kibana", + "kibana.log.meta.req.headers.user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36", + "kibana.log.meta.req.referer": "http://localhost:5601/app/kibana", + "kibana.log.meta.req.remoteAddress": "127.0.0.1", + "kibana.log.meta.req.url": "/ui/fonts/open_sans/open_sans_v15_latin_600.woff2", + "kibana.log.meta.req.userAgent": "127.0.0.1", + "kibana.log.meta.statusCode": 304, + "kibana.log.meta.type": "response", + "kibana.log.tags": [], + "message": "GET /ui/fonts/open_sans/open_sans_v15_latin_600.woff2 304 26ms - 9.0B", + "offset": 0, + "process.pid": 69410, "service.name": [ "kibana" ] - }, + }, { - "@timestamp": "2018-05-09T10:59:12.000Z", - "fileset.module": "kibana", - "fileset.name": "log", - "input.type": "log", - "kibana.log.meta.type": "log", + "@timestamp": "2018-05-09T10:59:12.000Z", + "fileset.module": "kibana", + "fileset.name": "log", + "input.type": "log", + "kibana.log.meta.type": "log", "kibana.log.tags": [ - "debug", - "monitoring-ui", + "debug", + "monitoring-ui", "kibana-monitoring" - ], - "message": "Fetching data from kibana_stats collector", - "offset": 920, - "process.pid": 69776, + ], + "message": "Fetching data from kibana_stats collector", + "offset": 920, + "process.pid": 69776, "service.name": [ "kibana" ] - }, + }, { - "@timestamp": "2018-05-09T10:59:12.000Z", - "fileset.module": "kibana", - "fileset.name": "log", - "input.type": "log", - "kibana.log.meta.type": "log", + "@timestamp": "2018-05-09T10:59:12.000Z", + "fileset.module": "kibana", + "fileset.name": "log", + "input.type": "log", + "kibana.log.meta.type": "log", "kibana.log.tags": [ - "reporting", - "debug", + "reporting", + "debug", "exportTypes" - ], - "message": "Found exportType at /Users/ruflin/Downloads/6.3/kibana-6.3.0-darwin-x86_64/node_modules/x-pack/plugins/reporting/export_types/csv/server/index.js", - "offset": 1090, - "process.pid": 69776, + ], + "message": "Found exportType at /Users/ruflin/Downloads/6.3/kibana-6.3.0-darwin-x86_64/node_modules/x-pack/plugins/reporting/export_types/csv/server/index.js", + "offset": 1090, + "process.pid": 69776, "service.name": [ "kibana" ] } -] +] \ No newline at end of file diff --git a/filebeat/module/logstash/log/test/logstash-plain.log-expected.json b/filebeat/module/logstash/log/test/logstash-plain.log-expected.json index acf355b38d15..3c8bf917eb0e 100644 --- a/filebeat/module/logstash/log/test/logstash-plain.log-expected.json +++ b/filebeat/module/logstash/log/test/logstash-plain.log-expected.json @@ -1,25 +1,25 @@ [ { - "@timestamp": "2017-10-23T14:20:12,046", - "fileset.module": "logstash", - "fileset.name": "log", - "input.type": "log", - "logstash.log.level": "INFO", - "logstash.log.message": "Initializing module {:module_name=>\"fb_apache\", :directory=>\"/usr/share/logstash/modules/fb_apache/configuration\"}", - "logstash.log.module": "logstash.modules.scaffold", + "@timestamp": "2017-10-23T14:20:12,046", + "fileset.module": "logstash", + "fileset.name": "log", + "input.type": "log", + "logstash.log.level": "INFO", + "logstash.log.message": "Initializing module {:module_name=>\"fb_apache\", :directory=>\"/usr/share/logstash/modules/fb_apache/configuration\"}", + "logstash.log.module": "logstash.modules.scaffold", "offset": 0 - }, + }, { - "@timestamp": "2017-11-20T03:55:00,318", - "fileset.module": "logstash", - "fileset.name": "log", - "input.type": "log", + "@timestamp": "2017-11-20T03:55:00,318", + "fileset.module": "logstash", + "fileset.name": "log", + "input.type": "log", "log.flags": [ "multiline" - ], - "logstash.log.level": "INFO", - "logstash.log.message": "(0.058950s) Select Name as [person.name]\n, Address as [person.address]\nfrom people\n", - "logstash.log.module": "logstash.inputs.jdbc ", + ], + "logstash.log.level": "INFO", + "logstash.log.message": "(0.058950s) Select Name as [person.name]\n, Address as [person.address]\nfrom people\n", + "logstash.log.module": "logstash.inputs.jdbc ", "offset": 175 } -] +] \ No newline at end of file diff --git a/filebeat/module/logstash/slowlog/test/slowlog-plain.log-expected.json b/filebeat/module/logstash/slowlog/test/slowlog-plain.log-expected.json index debd784181ed..14de14eec624 100644 --- a/filebeat/module/logstash/slowlog/test/slowlog-plain.log-expected.json +++ b/filebeat/module/logstash/slowlog/test/slowlog-plain.log-expected.json @@ -1,18 +1,18 @@ [ { - "@timestamp": "2017-10-30T09:57:58,243", - "fileset.module": "logstash", - "fileset.name": "slowlog", - "input.type": "log", - "logstash.slowlog.event": "\"{\\\"@version\\\":\\\"1\\\",\\\"@timestamp\\\":\\\"2017-10-30T13:57:55.130Z\\\",\\\"host\\\":\\\"sashimi\\\",\\\"sequence\\\":0,\\\"message\\\":\\\"Hello world!\\\"}\"", - "logstash.slowlog.level": "WARN", - "logstash.slowlog.message": "event processing time {:plugin_params=>{\"time\"=>3, \"id\"=>\"e4e12a4e3082615c5427079bf4250dbfa338ebac10f8ea9912d7b98a14f56b8c\"}, :took_in_nanos=>3027675106, :took_in_millis=>3027, :event=>\"{\\\"@version\\\":\\\"1\\\",\\\"@timestamp\\\":\\\"2017-10-30T13:57:55.130Z\\\",\\\"host\\\":\\\"sashimi\\\",\\\"sequence\\\":0,\\\"message\\\":\\\"Hello world!\\\"}\"}", - "logstash.slowlog.module": "slowlog.logstash.filters.sleep", - "logstash.slowlog.plugin_name": "sleep", - "logstash.slowlog.plugin_params": "{\"time\"=>3, \"id\"=>\"e4e12a4e3082615c5427079bf4250dbfa338ebac10f8ea9912d7b98a14f56b8c\"}", - "logstash.slowlog.plugin_type": "filters", - "logstash.slowlog.took_in_millis": 3027, - "logstash.slowlog.took_in_nanos": 3027675106, + "@timestamp": "2017-10-30T09:57:58,243", + "fileset.module": "logstash", + "fileset.name": "slowlog", + "input.type": "log", + "logstash.slowlog.event": "\"{\\\"@version\\\":\\\"1\\\",\\\"@timestamp\\\":\\\"2017-10-30T13:57:55.130Z\\\",\\\"host\\\":\\\"sashimi\\\",\\\"sequence\\\":0,\\\"message\\\":\\\"Hello world!\\\"}\"", + "logstash.slowlog.level": "WARN", + "logstash.slowlog.message": "event processing time {:plugin_params=>{\"time\"=>3, \"id\"=>\"e4e12a4e3082615c5427079bf4250dbfa338ebac10f8ea9912d7b98a14f56b8c\"}, :took_in_nanos=>3027675106, :took_in_millis=>3027, :event=>\"{\\\"@version\\\":\\\"1\\\",\\\"@timestamp\\\":\\\"2017-10-30T13:57:55.130Z\\\",\\\"host\\\":\\\"sashimi\\\",\\\"sequence\\\":0,\\\"message\\\":\\\"Hello world!\\\"}\"}", + "logstash.slowlog.module": "slowlog.logstash.filters.sleep", + "logstash.slowlog.plugin_name": "sleep", + "logstash.slowlog.plugin_params": "{\"time\"=>3, \"id\"=>\"e4e12a4e3082615c5427079bf4250dbfa338ebac10f8ea9912d7b98a14f56b8c\"}", + "logstash.slowlog.plugin_type": "filters", + "logstash.slowlog.took_in_millis": 3027, + "logstash.slowlog.took_in_nanos": 3027675106, "offset": 0 } -] +] \ No newline at end of file diff --git a/filebeat/module/mongodb/log/test/mongodb-debian-3.2.11.log-expected.json b/filebeat/module/mongodb/log/test/mongodb-debian-3.2.11.log-expected.json index 612f5487e3ab..ed97671ea286 100644 --- a/filebeat/module/mongodb/log/test/mongodb-debian-3.2.11.log-expected.json +++ b/filebeat/module/mongodb/log/test/mongodb-debian-3.2.11.log-expected.json @@ -1,376 +1,376 @@ [ { - "@timestamp": "2018-02-05T12:44:56.657Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "CONTROL", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": "git version: 009580ad490190ba33d1c6253ebd8d91808923e4", - "mongodb.log.severity": "I", + "@timestamp": "2018-02-05T12:44:56.657Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "CONTROL", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": "git version: 009580ad490190ba33d1c6253ebd8d91808923e4", + "mongodb.log.severity": "I", "offset": 0 - }, - { - "@timestamp": "2018-02-05T12:44:56.657Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "CONTROL", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": "modules: none", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T12:44:56.657Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "CONTROL", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": "modules: none", + "mongodb.log.severity": "I", "offset": 110 - }, - { - "@timestamp": "2018-02-05T12:44:56.657Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "CONTROL", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": "OpenSSL version: OpenSSL 1.0.2l 25 May 2017", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T12:44:56.657Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "CONTROL", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": "OpenSSL version: OpenSSL 1.0.2l 25 May 2017", + "mongodb.log.severity": "I", "offset": 180 - }, - { - "@timestamp": "2018-02-05T12:44:56.677Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "STORAGE", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": "wiredtiger_open config: create,cache_size=8G,session_max=20000,eviction=(threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0),", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T12:44:56.677Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "STORAGE", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": "wiredtiger_open config: create,cache_size=8G,session_max=20000,eviction=(threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0),", + "mongodb.log.severity": "I", "offset": 281 - }, - { - "@timestamp": "2018-02-05T12:44:56.724Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "FTDC", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": "Initializing full-time diagnostic data capture with directory '/var/lib/mongodb/diagnostic.data'", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T12:44:56.724Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "FTDC", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": "Initializing full-time diagnostic data capture with directory '/var/lib/mongodb/diagnostic.data'", + "mongodb.log.severity": "I", "offset": 621 - }, - { - "@timestamp": "2018-02-05T12:44:56.724Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "HostnameCanonicalizationWorker", - "mongodb.log.message": "Starting hostname canonicalization worker", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T12:44:56.724Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "HostnameCanonicalizationWorker", + "mongodb.log.message": "Starting hostname canonicalization worker", + "mongodb.log.severity": "I", "offset": 774 - }, - { - "@timestamp": "2018-02-05T12:44:56.744Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": "waiting for connections on port 27017", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T12:44:56.744Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": "waiting for connections on port 27017", + "mongodb.log.severity": "I", "offset": 889 - }, - { - "@timestamp": "2018-02-05T12:50:55.170Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "conn1", - "mongodb.log.message": "end connection 127.0.0.1:55404 (0 connections now open)", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T12:50:55.170Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "conn1", + "mongodb.log.message": "end connection 127.0.0.1:55404 (0 connections now open)", + "mongodb.log.severity": "I", "offset": 983 - }, - { - "@timestamp": "2018-02-05T12:50:55.487Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": "connection accepted from 127.0.0.1:55406 #2 (1 connection now open)", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T12:50:55.487Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": "connection accepted from 127.0.0.1:55406 #2 (1 connection now open)", + "mongodb.log.severity": "I", "offset": 1087 - }, - { - "@timestamp": "2018-02-05T13:49:45.606Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "CONTROL", - "mongodb.log.context": "signalProcessingThread", - "mongodb.log.message": "now exiting", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T13:49:45.606Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "CONTROL", + "mongodb.log.context": "signalProcessingThread", + "mongodb.log.message": "now exiting", + "mongodb.log.severity": "I", "offset": 1211 - }, - { - "@timestamp": "2018-02-05T13:49:45.606Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "signalProcessingThread", - "mongodb.log.message": "closing listening socket: 7", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T13:49:45.606Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "signalProcessingThread", + "mongodb.log.message": "closing listening socket: 7", + "mongodb.log.severity": "I", "offset": 1288 - }, - { - "@timestamp": "2018-02-05T13:49:45.606Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "signalProcessingThread", - "mongodb.log.message": "removing socket file: /run/mongodb/mongodb-27017.sock", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T13:49:45.606Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "signalProcessingThread", + "mongodb.log.message": "removing socket file: /run/mongodb/mongodb-27017.sock", + "mongodb.log.severity": "I", "offset": 1381 - }, - { - "@timestamp": "2018-02-05T13:49:45.606Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "signalProcessingThread", - "mongodb.log.message": "shutdown: going to flush diaglog...", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T13:49:45.606Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "signalProcessingThread", + "mongodb.log.message": "shutdown: going to flush diaglog...", + "mongodb.log.severity": "I", "offset": 1500 - }, - { - "@timestamp": "2018-02-05T13:49:45.606Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "signalProcessingThread", - "mongodb.log.message": "shutdown: going to close sockets...", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T13:49:45.606Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "signalProcessingThread", + "mongodb.log.message": "shutdown: going to close sockets...", + "mongodb.log.severity": "I", "offset": 1601 - }, - { - "@timestamp": "2018-02-05T13:49:45.688Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "STORAGE", - "mongodb.log.context": "signalProcessingThread", - "mongodb.log.message": "shutdown: removing fs lock...", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T13:49:45.688Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "STORAGE", + "mongodb.log.context": "signalProcessingThread", + "mongodb.log.message": "shutdown: removing fs lock...", + "mongodb.log.severity": "I", "offset": 1702 - }, - { - "@timestamp": "2018-02-05T12:44:56.657Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "CONTROL", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": "db version v3.2.11", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T12:44:56.657Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "CONTROL", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": "db version v3.2.11", + "mongodb.log.severity": "I", "offset": 1797 - }, - { - "@timestamp": "2018-02-05T12:44:56.657Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "CONTROL", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": "build environment:", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T12:44:56.657Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "CONTROL", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": "build environment:", + "mongodb.log.severity": "I", "offset": 1872 - }, - { - "@timestamp": "2018-02-05T12:44:56.657Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "CONTROL", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": " distarch: x86_64", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T12:44:56.657Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "CONTROL", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": " distarch: x86_64", + "mongodb.log.severity": "I", "offset": 1947 - }, - { - "@timestamp": "2018-02-05T12:44:56.657Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "CONTROL", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": "options: { config: \"/etc/mongodb.conf\", net: { bindIp: \"127.0.0.1\", unixDomainSocket: { pathPrefix: \"/run/mongodb\" } }, storage: { dbPath: \"/var/lib/mongodb\", journal: { enabled: true } }, systemLog: { destination: \"file\", logAppend: true, path: \"/var/log/mongodb/mongodb.log\" } }", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T12:44:56.657Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "CONTROL", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": "options: { config: \"/etc/mongodb.conf\", net: { bindIp: \"127.0.0.1\", unixDomainSocket: { pathPrefix: \"/run/mongodb\" } }, storage: { dbPath: \"/var/lib/mongodb\", journal: { enabled: true } }, systemLog: { destination: \"file\", logAppend: true, path: \"/var/log/mongodb/mongodb.log\" } }", + "mongodb.log.severity": "I", "offset": 2024 - }, - { - "@timestamp": "2018-02-05T12:50:55.170Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": "connection accepted from 127.0.0.1:55404 #1 (1 connection now open)", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T12:50:55.170Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": "connection accepted from 127.0.0.1:55404 #1 (1 connection now open)", + "mongodb.log.severity": "I", "offset": 2361 - }, - { - "@timestamp": "2018-02-05T12:50:56.180Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "conn3", - "mongodb.log.message": "end connection 127.0.0.1:55414 (0 connections now open)", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T12:50:56.180Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "conn3", + "mongodb.log.message": "end connection 127.0.0.1:55414 (0 connections now open)", + "mongodb.log.severity": "I", "offset": 2485 - }, - { - "@timestamp": "2018-02-05T13:15:42.095Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "conn4", - "mongodb.log.message": "end connection 127.0.0.1:58336 (0 connections now open)", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T13:15:42.095Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "conn4", + "mongodb.log.message": "end connection 127.0.0.1:58336 (0 connections now open)", + "mongodb.log.severity": "I", "offset": 2589 - }, - { - "@timestamp": "2018-02-05T13:49:45.606Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "signalProcessingThread", - "mongodb.log.message": "shutdown: going to close listening sockets...", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T13:49:45.606Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "signalProcessingThread", + "mongodb.log.message": "shutdown: going to close listening sockets...", + "mongodb.log.severity": "I", "offset": 2693 - }, - { - "@timestamp": "2018-02-05T13:49:45.606Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "STORAGE", - "mongodb.log.context": "signalProcessingThread", - "mongodb.log.message": "WiredTigerKVEngine shutting down", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T13:49:45.606Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "STORAGE", + "mongodb.log.context": "signalProcessingThread", + "mongodb.log.message": "WiredTigerKVEngine shutting down", + "mongodb.log.severity": "I", "offset": 2804 - }, - { - "@timestamp": "2018-02-05T13:49:45.688Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "CONTROL", - "mongodb.log.context": "signalProcessingThread", - "mongodb.log.message": "dbexit: rc: 0", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T13:49:45.688Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "CONTROL", + "mongodb.log.context": "signalProcessingThread", + "mongodb.log.message": "dbexit: rc: 0", + "mongodb.log.severity": "I", "offset": 2902 - }, - { - "@timestamp": "2018-02-05T12:44:56.657Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "CONTROL", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": "MongoDB starting : pid=29803 port=27017 dbpath=/var/lib/mongodb 64-bit host=sleipnir", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T12:44:56.657Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "CONTROL", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": "MongoDB starting : pid=29803 port=27017 dbpath=/var/lib/mongodb 64-bit host=sleipnir", + "mongodb.log.severity": "I", "offset": 2982 - }, - { - "@timestamp": "2018-02-05T12:44:56.657Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "CONTROL", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": "allocator: tcmalloc", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T12:44:56.657Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "CONTROL", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": "allocator: tcmalloc", + "mongodb.log.severity": "I", "offset": 3123 - }, - { - "@timestamp": "2018-02-05T12:44:56.657Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "CONTROL", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": " target_arch: x86_64", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T12:44:56.657Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "CONTROL", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": " target_arch: x86_64", + "mongodb.log.severity": "I", "offset": 3199 - }, - { - "@timestamp": "2018-02-05T12:50:55.487Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "conn2", - "mongodb.log.message": "end connection 127.0.0.1:55406 (0 connections now open)", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T12:50:55.487Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "conn2", + "mongodb.log.message": "end connection 127.0.0.1:55406 (0 connections now open)", + "mongodb.log.severity": "I", "offset": 3279 - }, - { - "@timestamp": "2018-02-05T12:50:56.180Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": "connection accepted from 127.0.0.1:55414 #3 (1 connection now open)", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T12:50:56.180Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": "connection accepted from 127.0.0.1:55414 #3 (1 connection now open)", + "mongodb.log.severity": "I", "offset": 3383 - }, - { - "@timestamp": "2018-02-05T13:11:41.401Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "initandlisten", - "mongodb.log.message": "connection accepted from 127.0.0.1:58336 #4 (1 connection now open)", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T13:11:41.401Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "initandlisten", + "mongodb.log.message": "connection accepted from 127.0.0.1:58336 #4 (1 connection now open)", + "mongodb.log.severity": "I", "offset": 3507 - }, - { - "@timestamp": "2018-02-05T13:49:45.605Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "CONTROL", - "mongodb.log.context": "signalProcessingThread", - "mongodb.log.message": "got signal 15 (Terminated), will terminate after current cmd ends", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T13:49:45.605Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "CONTROL", + "mongodb.log.context": "signalProcessingThread", + "mongodb.log.message": "got signal 15 (Terminated), will terminate after current cmd ends", + "mongodb.log.severity": "I", "offset": 3631 - }, - { - "@timestamp": "2018-02-05T13:49:45.605Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "FTDC", - "mongodb.log.context": "signalProcessingThread", - "mongodb.log.message": "Shutting down full-time diagnostic data capture", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T13:49:45.605Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "FTDC", + "mongodb.log.context": "signalProcessingThread", + "mongodb.log.message": "Shutting down full-time diagnostic data capture", + "mongodb.log.severity": "I", "offset": 3762 - }, - { - "@timestamp": "2018-02-05T13:49:45.606Z", - "fileset.module": "mongodb", - "fileset.name": "log", - "input.type": "log", - "mongodb.log.component": "NETWORK", - "mongodb.log.context": "signalProcessingThread", - "mongodb.log.message": "closing listening socket: 6", - "mongodb.log.severity": "I", + }, + { + "@timestamp": "2018-02-05T13:49:45.606Z", + "fileset.module": "mongodb", + "fileset.name": "log", + "input.type": "log", + "mongodb.log.component": "NETWORK", + "mongodb.log.context": "signalProcessingThread", + "mongodb.log.message": "closing listening socket: 6", + "mongodb.log.severity": "I", "offset": 3875 } -] +] \ No newline at end of file diff --git a/filebeat/module/nginx/access/test/test.log-expected.json b/filebeat/module/nginx/access/test/test.log-expected.json index 2731df9b0864..9796c5e317da 100644 --- a/filebeat/module/nginx/access/test/test.log-expected.json +++ b/filebeat/module/nginx/access/test/test.log-expected.json @@ -1,211 +1,208 @@ [ { - "@timestamp": "2016-12-07T10:05:07.000Z", - "fileset.module": "nginx", - "fileset.name": "access", - "input.type": "log", - "nginx.access.body_sent.bytes": "571", - "nginx.access.http_version": "1.1", - "nginx.access.method": "GET", - "nginx.access.referrer": "-", - "nginx.access.remote_ip": "10.0.0.2", + "@timestamp": "2016-12-07T10:05:07.000Z", + "fileset.module": "nginx", + "fileset.name": "access", + "input.type": "log", + "nginx.access.body_sent.bytes": "571", + "nginx.access.http_version": "1.1", + "nginx.access.method": "GET", + "nginx.access.referrer": "-", + "nginx.access.remote_ip": "10.0.0.2", "nginx.access.remote_ip_list": [ - "10.0.0.2", - "10.0.0.1", + "10.0.0.2", + "10.0.0.1", "127.0.0.1" - ], - "nginx.access.response_code": "200", - "nginx.access.url": "/ocelot", - "nginx.access.user_agent.device": "Other", - "nginx.access.user_agent.major": "49", - "nginx.access.user_agent.minor": "0", - "nginx.access.user_agent.name": "Firefox", - "nginx.access.user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0", - "nginx.access.user_agent.os": "Mac OS X 10.12", - "nginx.access.user_agent.os_major": "10", - "nginx.access.user_agent.os_minor": "12", - "nginx.access.user_agent.os_name": "Mac OS X", - "nginx.access.user_name": "-", + ], + "nginx.access.response_code": "200", + "nginx.access.url": "/ocelot", + "nginx.access.user_agent.device": "Other", + "nginx.access.user_agent.major": "49", + "nginx.access.user_agent.minor": "0", + "nginx.access.user_agent.name": "Firefox", + "nginx.access.user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0", + "nginx.access.user_agent.os": "Mac OS X 10.12", + "nginx.access.user_agent.os_major": "10", + "nginx.access.user_agent.os_minor": "12", + "nginx.access.user_agent.os_name": "Mac OS X", + "nginx.access.user_name": "-", "offset": 0 - }, + }, { - "@timestamp": "2017-05-29T19:02:48.000Z", - "fileset.module": "nginx", - "fileset.name": "access", - "input.type": "log", - "nginx.access.body_sent.bytes": "612", - "nginx.access.http_version": "1.1", - "nginx.access.method": "GET", - "nginx.access.referrer": "-", - "nginx.access.remote_ip": "172.17.0.1", + "@timestamp": "2017-05-29T19:02:48.000Z", + "fileset.module": "nginx", + "fileset.name": "access", + "input.type": "log", + "nginx.access.body_sent.bytes": "612", + "nginx.access.http_version": "1.1", + "nginx.access.method": "GET", + "nginx.access.referrer": "-", + "nginx.access.remote_ip": "172.17.0.1", "nginx.access.remote_ip_list": [ "172.17.0.1" - ], - "nginx.access.response_code": "404", - "nginx.access.url": "/stringpatch", - "nginx.access.user_agent.device": "Other", - "nginx.access.user_agent.major": "15", - "nginx.access.user_agent.minor": "0", - "nginx.access.user_agent.name": "Firefox Alpha", - "nginx.access.user_agent.original": "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2", - "nginx.access.user_agent.os": "Windows 7", - "nginx.access.user_agent.os_name": "Windows 7", - "nginx.access.user_agent.patch": "a2", - "nginx.access.user_name": "-", + ], + "nginx.access.response_code": "404", + "nginx.access.url": "/stringpatch", + "nginx.access.user_agent.device": "Other", + "nginx.access.user_agent.major": "15", + "nginx.access.user_agent.minor": "0", + "nginx.access.user_agent.name": "Firefox Alpha", + "nginx.access.user_agent.original": "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2", + "nginx.access.user_agent.os": "Windows 7", + "nginx.access.user_agent.os_name": "Windows 7", + "nginx.access.user_agent.patch": "a2", + "nginx.access.user_name": "-", "offset": 183 - }, + }, { - "@timestamp": "2016-12-07T10:05:07.000Z", - "fileset.module": "nginx", - "fileset.name": "access", - "input.type": "log", - "nginx.access.body_sent.bytes": "571", - "nginx.access.geoip.city_name": "Berlin", - "nginx.access.geoip.continent_name": "Europe", - "nginx.access.geoip.country_iso_code": "DE", - "nginx.access.geoip.location.lat": 52.4908, - "nginx.access.geoip.location.lon": 13.3275, - "nginx.access.geoip.region_iso_code": "DE-BE", - "nginx.access.geoip.region_name": "Land Berlin", - "nginx.access.http_version": "1.1", - "nginx.access.method": "GET", - "nginx.access.referrer": "-", - "nginx.access.remote_ip": "85.181.35.98", + "@timestamp": "2016-12-07T10:05:07.000Z", + "fileset.module": "nginx", + "fileset.name": "access", + "input.type": "log", + "nginx.access.body_sent.bytes": "571", + "nginx.access.geoip.city_name": "Berlin", + "nginx.access.geoip.continent_name": "Europe", + "nginx.access.geoip.country_iso_code": "DE", + "nginx.access.geoip.location.lat": 52.5167, + "nginx.access.geoip.location.lon": 13.4, + "nginx.access.geoip.region_name": "Land Berlin", + "nginx.access.http_version": "1.1", + "nginx.access.method": "GET", + "nginx.access.referrer": "-", + "nginx.access.remote_ip": "85.181.35.98", "nginx.access.remote_ip_list": [ - "10.0.0.2", - "10.0.0.1", + "10.0.0.2", + "10.0.0.1", "85.181.35.98" - ], - "nginx.access.response_code": "200", - "nginx.access.url": "/ocelot", - "nginx.access.user_agent.device": "Other", - "nginx.access.user_agent.major": "49", - "nginx.access.user_agent.minor": "0", - "nginx.access.user_agent.name": "Firefox", - "nginx.access.user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0", - "nginx.access.user_agent.os": "Mac OS X 10.12", - "nginx.access.user_agent.os_major": "10", - "nginx.access.user_agent.os_minor": "12", - "nginx.access.user_agent.os_name": "Mac OS X", - "nginx.access.user_name": "-", + ], + "nginx.access.response_code": "200", + "nginx.access.url": "/ocelot", + "nginx.access.user_agent.device": "Other", + "nginx.access.user_agent.major": "49", + "nginx.access.user_agent.minor": "0", + "nginx.access.user_agent.name": "Firefox", + "nginx.access.user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0", + "nginx.access.user_agent.os": "Mac OS X 10.12", + "nginx.access.user_agent.os_major": "10", + "nginx.access.user_agent.os_minor": "12", + "nginx.access.user_agent.os_name": "Mac OS X", + "nginx.access.user_name": "-", "offset": 341 - }, + }, { - "@timestamp": "2016-12-07T10:05:07.000Z", - "fileset.module": "nginx", - "fileset.name": "access", - "input.type": "log", - "nginx.access.body_sent.bytes": "571", - "nginx.access.geoip.city_name": "Berlin", - "nginx.access.geoip.continent_name": "Europe", - "nginx.access.geoip.country_iso_code": "DE", - "nginx.access.geoip.location.lat": 52.4908, - "nginx.access.geoip.location.lon": 13.3275, - "nginx.access.geoip.region_iso_code": "DE-BE", - "nginx.access.geoip.region_name": "Land Berlin", - "nginx.access.http_version": "1.1", - "nginx.access.method": "GET", - "nginx.access.referrer": "-", - "nginx.access.remote_ip": "85.181.35.98", + "@timestamp": "2016-12-07T10:05:07.000Z", + "fileset.module": "nginx", + "fileset.name": "access", + "input.type": "log", + "nginx.access.body_sent.bytes": "571", + "nginx.access.geoip.city_name": "Berlin", + "nginx.access.geoip.continent_name": "Europe", + "nginx.access.geoip.country_iso_code": "DE", + "nginx.access.geoip.location.lat": 52.5167, + "nginx.access.geoip.location.lon": 13.4, + "nginx.access.geoip.region_name": "Land Berlin", + "nginx.access.http_version": "1.1", + "nginx.access.method": "GET", + "nginx.access.referrer": "-", + "nginx.access.remote_ip": "85.181.35.98", "nginx.access.remote_ip_list": [ "85.181.35.98" - ], - "nginx.access.response_code": "200", - "nginx.access.url": "/ocelot", - "nginx.access.user_agent.device": "Other", - "nginx.access.user_agent.major": "49", - "nginx.access.user_agent.minor": "0", - "nginx.access.user_agent.name": "Firefox", - "nginx.access.user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0", - "nginx.access.user_agent.os": "Mac OS X 10.12", - "nginx.access.user_agent.os_major": "10", - "nginx.access.user_agent.os_minor": "12", - "nginx.access.user_agent.os_name": "Mac OS X", - "nginx.access.user_name": "-", + ], + "nginx.access.response_code": "200", + "nginx.access.url": "/ocelot", + "nginx.access.user_agent.device": "Other", + "nginx.access.user_agent.major": "49", + "nginx.access.user_agent.minor": "0", + "nginx.access.user_agent.name": "Firefox", + "nginx.access.user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0", + "nginx.access.user_agent.os": "Mac OS X 10.12", + "nginx.access.user_agent.os_major": "10", + "nginx.access.user_agent.os_minor": "12", + "nginx.access.user_agent.os_name": "Mac OS X", + "nginx.access.user_name": "-", "offset": 527 - }, + }, { - "@timestamp": "2016-01-22T13:18:29.000Z", - "fileset.module": "nginx", - "fileset.name": "access", - "input.type": "log", - "nginx.access.body_sent.bytes": "25507", - "nginx.access.geoip.city_name": "Springfield", - "nginx.access.geoip.continent_name": "North America", - "nginx.access.geoip.country_iso_code": "US", - "nginx.access.geoip.location.lat": 39.772, - "nginx.access.geoip.location.lon": -89.6859, - "nginx.access.geoip.region_iso_code": "US-IL", - "nginx.access.geoip.region_name": "Illinois", - "nginx.access.http_version": "1.1", - "nginx.access.method": "GET", - "nginx.access.referrer": "-", - "nginx.access.remote_ip": "199.96.1.1", + "@timestamp": "2016-01-22T13:18:29.000Z", + "fileset.module": "nginx", + "fileset.name": "access", + "input.type": "log", + "nginx.access.body_sent.bytes": "25507", + "nginx.access.geoip.city_name": "Springfield", + "nginx.access.geoip.continent_name": "North America", + "nginx.access.geoip.country_iso_code": "US", + "nginx.access.geoip.location.lat": 39.772, + "nginx.access.geoip.location.lon": -89.6859, + "nginx.access.geoip.region_name": "Illinois", + "nginx.access.http_version": "1.1", + "nginx.access.method": "GET", + "nginx.access.referrer": "-", + "nginx.access.remote_ip": "199.96.1.1", "nginx.access.remote_ip_list": [ - "10.5.102.222", - "199.96.1.1", - "204.246.1.1", + "10.5.102.222", + "199.96.1.1", + "204.246.1.1", "10.2.1.185" - ], - "nginx.access.response_code": "200", - "nginx.access.url": "/assets/xxxx?q=100", - "nginx.access.user_agent.device": "Other", - "nginx.access.user_agent.name": "Other", - "nginx.access.user_agent.original": "Amazon CloudFront", - "nginx.access.user_agent.os": "Other", - "nginx.access.user_agent.os_name": "Other", - "nginx.access.user_name": "-", + ], + "nginx.access.response_code": "200", + "nginx.access.url": "/assets/xxxx?q=100", + "nginx.access.user_agent.device": "Other", + "nginx.access.user_agent.name": "Other", + "nginx.access.user_agent.original": "Amazon CloudFront", + "nginx.access.user_agent.os": "Other", + "nginx.access.user_agent.os_name": "Other", + "nginx.access.user_name": "-", "offset": 693 - }, + }, { - "@timestamp": "2016-12-30T06:47:09.000Z", - "fileset.module": "nginx", - "fileset.name": "access", - "input.type": "log", - "nginx.access.body_sent.bytes": "8571", - "nginx.access.geoip.continent_name": "Europe", - "nginx.access.geoip.country_iso_code": "PT", - "nginx.access.geoip.location.lat": 39.5, - "nginx.access.geoip.location.lon": -8.0, - "nginx.access.http_version": "1.1", - "nginx.access.method": "GET", - "nginx.access.referrer": "-", - "nginx.access.remote_ip": "2a03:0000:10ff:f00f:0000:0000:0:8000", + "@timestamp": "2016-12-30T06:47:09.000Z", + "fileset.module": "nginx", + "fileset.name": "access", + "input.type": "log", + "nginx.access.body_sent.bytes": "8571", + "nginx.access.geoip.continent_name": "Europe", + "nginx.access.geoip.country_iso_code": "PT", + "nginx.access.geoip.location.lat": 39.5, + "nginx.access.geoip.location.lon": -8.0, + "nginx.access.http_version": "1.1", + "nginx.access.method": "GET", + "nginx.access.referrer": "-", + "nginx.access.remote_ip": "2a03:0000:10ff:f00f:0000:0000:0:8000", "nginx.access.remote_ip_list": [ - "2a03:0000:10ff:f00f:0000:0000:0:8000", - "10.225.192.17", + "2a03:0000:10ff:f00f:0000:0000:0:8000", + "10.225.192.17", "10.2.2.121" - ], - "nginx.access.response_code": "404", - "nginx.access.url": "/test.html", - "nginx.access.user_agent.device": "Spider", - "nginx.access.user_agent.major": "1", - "nginx.access.user_agent.minor": "0", - "nginx.access.user_agent.name": "Facebot", - "nginx.access.user_agent.original": "Mozilla/5.0 (compatible; Facebot 1.0; https://developers.facebook.com/docs/sharing/webmasters/crawler)", - "nginx.access.user_agent.os": "Other", - "nginx.access.user_agent.os_name": "Other", - "nginx.access.user_name": "-", + ], + "nginx.access.response_code": "404", + "nginx.access.url": "/test.html", + "nginx.access.user_agent.device": "Spider", + "nginx.access.user_agent.major": "1", + "nginx.access.user_agent.minor": "0", + "nginx.access.user_agent.name": "Facebot", + "nginx.access.user_agent.original": "Mozilla/5.0 (compatible; Facebot 1.0; https://developers.facebook.com/docs/sharing/webmasters/crawler)", + "nginx.access.user_agent.os": "Other", + "nginx.access.user_agent.os_name": "Other", + "nginx.access.user_name": "-", "offset": 845 - }, + }, { - "@timestamp": "2018-04-12T07:48:40.000Z", - "fileset.module": "nginx", - "fileset.name": "access", - "input.type": "log", - "nginx.access.body_sent.bytes": "0", - "nginx.access.referrer": "-", - "nginx.access.remote_ip": "127.0.0.1", + "@timestamp": "2018-04-12T07:48:40.000Z", + "fileset.module": "nginx", + "fileset.name": "access", + "input.type": "log", + "nginx.access.body_sent.bytes": "0", + "nginx.access.referrer": "-", + "nginx.access.remote_ip": "127.0.0.1", "nginx.access.remote_ip_list": [ "127.0.0.1" - ], - "nginx.access.response_code": "400", - "nginx.access.user_agent.device": "Other", - "nginx.access.user_agent.name": "Other", - "nginx.access.user_agent.original": "-", - "nginx.access.user_agent.os": "Other", - "nginx.access.user_agent.os_name": "Other", - "nginx.access.user_name": "-", + ], + "nginx.access.response_code": "400", + "nginx.access.user_agent.device": "Other", + "nginx.access.user_agent.name": "Other", + "nginx.access.user_agent.original": "-", + "nginx.access.user_agent.os": "Other", + "nginx.access.user_agent.os_name": "Other", + "nginx.access.user_name": "-", "offset": 1085 } -] +] \ No newline at end of file diff --git a/filebeat/module/nginx/error/test/error.log-expected.json b/filebeat/module/nginx/error/test/error.log-expected.json index 73dfd9ef8e3f..35e829158c6f 100644 --- a/filebeat/module/nginx/error/test/error.log-expected.json +++ b/filebeat/module/nginx/error/test/error.log-expected.json @@ -1,26 +1,26 @@ [ { - "@timestamp": "2016-10-25T14:49:34.000Z", - "fileset.module": "nginx", - "fileset.name": "error", - "input.type": "log", - "nginx.error.connection_id": "1", - "nginx.error.level": "error", - "nginx.error.message": "open() \"/usr/local/Cellar/nginx/1.10.2_1/html/favicon.ico\" failed (2: No such file or directory), client: 127.0.0.1, server: localhost, request: \"GET /favicon.ico HTTP/1.1\", host: \"localhost:8080\", referrer: \"http://localhost:8080/\"", - "nginx.error.pid": "54053", - "nginx.error.tid": "0", + "@timestamp": "2016-10-25T14:49:34.000Z", + "fileset.module": "nginx", + "fileset.name": "error", + "input.type": "log", + "nginx.error.connection_id": "1", + "nginx.error.level": "error", + "nginx.error.message": "open() \"/usr/local/Cellar/nginx/1.10.2_1/html/favicon.ico\" failed (2: No such file or directory), client: 127.0.0.1, server: localhost, request: \"GET /favicon.ico HTTP/1.1\", host: \"localhost:8080\", referrer: \"http://localhost:8080/\"", + "nginx.error.pid": "54053", + "nginx.error.tid": "0", "offset": 0 - }, + }, { - "@timestamp": "2016-10-25T14:50:44.000Z", - "fileset.module": "nginx", - "fileset.name": "error", - "input.type": "log", - "nginx.error.connection_id": "3", - "nginx.error.level": "error", - "nginx.error.message": "open() \"/usr/local/Cellar/nginx/1.10.2_1/html/adsasd\" failed (2: No such file or directory), client: 127.0.0.1, server: localhost, request: \"GET /adsasd HTTP/1.1\", host: \"localhost:8080\"", - "nginx.error.pid": "54053", - "nginx.error.tid": "0", + "@timestamp": "2016-10-25T14:50:44.000Z", + "fileset.module": "nginx", + "fileset.name": "error", + "input.type": "log", + "nginx.error.connection_id": "3", + "nginx.error.level": "error", + "nginx.error.message": "open() \"/usr/local/Cellar/nginx/1.10.2_1/html/adsasd\" failed (2: No such file or directory), client: 127.0.0.1, server: localhost, request: \"GET /adsasd HTTP/1.1\", host: \"localhost:8080\"", + "nginx.error.pid": "54053", + "nginx.error.tid": "0", "offset": 273 } -] +] \ No newline at end of file diff --git a/filebeat/module/osquery/result/test/test.log-expected.json b/filebeat/module/osquery/result/test/test.log-expected.json index c6892cc64ce3..41504497d038 100644 --- a/filebeat/module/osquery/result/test/test.log-expected.json +++ b/filebeat/module/osquery/result/test/test.log-expected.json @@ -1,29 +1,29 @@ [ { - "@timestamp": "2017-12-28T14:40:08.000Z", - "fileset.module": "osquery", - "fileset.name": "result", - "input.type": "log", - "offset": 0, - "osquery.result.action": "removed", - "osquery.result.calendar_time": "Thu Dec 28 14:40:08 2017 UTC", - "osquery.result.columns.blocks": "122061322", - "osquery.result.columns.blocks_available": "75966945", - "osquery.result.columns.blocks_free": "121274885", - "osquery.result.columns.blocks_size": "4096", - "osquery.result.columns.device": "/dev/disk1s4", - "osquery.result.columns.device_alias": "/dev/disk1s4", - "osquery.result.columns.flags": "345018372", - "osquery.result.columns.inodes": "9223372036854775807", - "osquery.result.columns.inodes_free": "9223372036854775804", - "osquery.result.columns.path": "/private/var/vm", - "osquery.result.columns.type": "apfs", - "osquery.result.counter": "1", - "osquery.result.decorations.host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", - "osquery.result.decorations.username": "tsg", - "osquery.result.epoch": "0", - "osquery.result.host_identifier": "192-168-0-4.rdsnet.ro", - "osquery.result.name": "pack_it-compliance_mounts", + "@timestamp": "2017-12-28T14:40:08.000Z", + "fileset.module": "osquery", + "fileset.name": "result", + "input.type": "log", + "offset": 0, + "osquery.result.action": "removed", + "osquery.result.calendar_time": "Thu Dec 28 14:40:08 2017 UTC", + "osquery.result.columns.blocks": "122061322", + "osquery.result.columns.blocks_available": "75966945", + "osquery.result.columns.blocks_free": "121274885", + "osquery.result.columns.blocks_size": "4096", + "osquery.result.columns.device": "/dev/disk1s4", + "osquery.result.columns.device_alias": "/dev/disk1s4", + "osquery.result.columns.flags": "345018372", + "osquery.result.columns.inodes": "9223372036854775807", + "osquery.result.columns.inodes_free": "9223372036854775804", + "osquery.result.columns.path": "/private/var/vm", + "osquery.result.columns.type": "apfs", + "osquery.result.counter": "1", + "osquery.result.decorations.host_uuid": "4AB2906D-5516-5794-AF54-86D1D7F533F3", + "osquery.result.decorations.username": "tsg", + "osquery.result.epoch": "0", + "osquery.result.host_identifier": "192-168-0-4.rdsnet.ro", + "osquery.result.name": "pack_it-compliance_mounts", "osquery.result.unix_time": "1514472008" } -] +] \ No newline at end of file diff --git a/filebeat/module/postgresql/log/test/postgresql-9.6-debian-with-slowlog.log-expected.json b/filebeat/module/postgresql/log/test/postgresql-9.6-debian-with-slowlog.log-expected.json index 2ba05c6cf45b..5499d6ca20fd 100644 --- a/filebeat/module/postgresql/log/test/postgresql-9.6-debian-with-slowlog.log-expected.json +++ b/filebeat/module/postgresql/log/test/postgresql-9.6-debian-with-slowlog.log-expected.json @@ -1,290 +1,290 @@ [ { - "@timestamp": "2017-07-31T13:36:42.585Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", - "message": "2017-07-31 13:36:42.585 CEST [4974] LOG: database system was shut down at 2017-06-17 16:58:04 CEST", - "offset": 0, - "postgresql.log.level": "LOG", - "postgresql.log.message": "database system was shut down at 2017-06-17 16:58:04 CEST", - "postgresql.log.thread_id": "4974", - "postgresql.log.timestamp": "2017-07-31 13:36:42.585", + "@timestamp": "2017-07-31T13:36:42.585Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", + "message": "2017-07-31 13:36:42.585 CEST [4974] LOG: database system was shut down at 2017-06-17 16:58:04 CEST", + "offset": 0, + "postgresql.log.level": "LOG", + "postgresql.log.message": "database system was shut down at 2017-06-17 16:58:04 CEST", + "postgresql.log.thread_id": "4974", + "postgresql.log.timestamp": "2017-07-31 13:36:42.585", "postgresql.log.timezone": "CEST" - }, + }, { - "@timestamp": "2017-07-31T13:36:42.605Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", - "message": "2017-07-31 13:36:42.605 CEST [4974] LOG: MultiXact member wraparound protections are now enabled", - "offset": 100, - "postgresql.log.level": "LOG", - "postgresql.log.message": "MultiXact member wraparound protections are now enabled", - "postgresql.log.thread_id": "4974", - "postgresql.log.timestamp": "2017-07-31 13:36:42.605", + "@timestamp": "2017-07-31T13:36:42.605Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", + "message": "2017-07-31 13:36:42.605 CEST [4974] LOG: MultiXact member wraparound protections are now enabled", + "offset": 100, + "postgresql.log.level": "LOG", + "postgresql.log.message": "MultiXact member wraparound protections are now enabled", + "postgresql.log.thread_id": "4974", + "postgresql.log.timestamp": "2017-07-31 13:36:42.605", "postgresql.log.timezone": "CEST" - }, + }, { - "@timestamp": "2017-07-31T13:36:42.615Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", - "message": "2017-07-31 13:36:42.615 CEST [4978] LOG: autovacuum launcher started", - "offset": 198, - "postgresql.log.level": "LOG", - "postgresql.log.message": "autovacuum launcher started", - "postgresql.log.thread_id": "4978", - "postgresql.log.timestamp": "2017-07-31 13:36:42.615", + "@timestamp": "2017-07-31T13:36:42.615Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", + "message": "2017-07-31 13:36:42.615 CEST [4978] LOG: autovacuum launcher started", + "offset": 198, + "postgresql.log.level": "LOG", + "postgresql.log.message": "autovacuum launcher started", + "postgresql.log.thread_id": "4978", + "postgresql.log.timestamp": "2017-07-31 13:36:42.615", "postgresql.log.timezone": "CEST" - }, + }, { - "@timestamp": "2017-07-31T13:36:42.616Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", - "message": "2017-07-31 13:36:42.616 CEST [4973] LOG: database system is ready to accept connections", - "offset": 268, - "postgresql.log.level": "LOG", - "postgresql.log.message": "database system is ready to accept connections", - "postgresql.log.thread_id": "4973", - "postgresql.log.timestamp": "2017-07-31 13:36:42.616", + "@timestamp": "2017-07-31T13:36:42.616Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", + "message": "2017-07-31 13:36:42.616 CEST [4973] LOG: database system is ready to accept connections", + "offset": 268, + "postgresql.log.level": "LOG", + "postgresql.log.message": "database system is ready to accept connections", + "postgresql.log.thread_id": "4973", + "postgresql.log.timestamp": "2017-07-31 13:36:42.616", "postgresql.log.timezone": "CEST" - }, + }, { - "@timestamp": "2017-07-31T13:36:42.956Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", - "message": "2017-07-31 13:36:42.956 CEST [4980] [unknown]@[unknown] LOG: incomplete startup packet", - "offset": 357, - "postgresql.log.database": "unknown", - "postgresql.log.level": "LOG", - "postgresql.log.message": "incomplete startup packet", - "postgresql.log.thread_id": "4980", - "postgresql.log.timestamp": "2017-07-31 13:36:42.956", - "postgresql.log.timezone": "CEST", + "@timestamp": "2017-07-31T13:36:42.956Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", + "message": "2017-07-31 13:36:42.956 CEST [4980] [unknown]@[unknown] LOG: incomplete startup packet", + "offset": 357, + "postgresql.log.database": "unknown", + "postgresql.log.level": "LOG", + "postgresql.log.message": "incomplete startup packet", + "postgresql.log.thread_id": "4980", + "postgresql.log.timestamp": "2017-07-31 13:36:42.956", + "postgresql.log.timezone": "CEST", "postgresql.log.user": "unknown" - }, + }, { - "@timestamp": "2017-07-31T13:36:43.557Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", + "@timestamp": "2017-07-31T13:36:43.557Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", "log.flags": [ "multiline" - ], - "message": "2017-07-31 13:36:43.557 CEST [4983] postgres@postgres LOG: duration: 37.118 ms statement: SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", - "offset": 445, - "postgresql.log.database": "postgres", - "postgresql.log.duration": "37.118", - "postgresql.log.level": "LOG", - "postgresql.log.query": "SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", - "postgresql.log.thread_id": "4983", - "postgresql.log.timestamp": "2017-07-31 13:36:43.557", - "postgresql.log.timezone": "CEST", + ], + "message": "2017-07-31 13:36:43.557 CEST [4983] postgres@postgres LOG: duration: 37.118 ms statement: SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", + "offset": 445, + "postgresql.log.database": "postgres", + "postgresql.log.duration": "37.118", + "postgresql.log.level": "LOG", + "postgresql.log.query": "SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", + "postgresql.log.thread_id": "4983", + "postgresql.log.timestamp": "2017-07-31 13:36:43.557", + "postgresql.log.timezone": "CEST", "postgresql.log.user": "postgres" - }, + }, { - "@timestamp": "2017-07-31T13:36:44.104Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", + "@timestamp": "2017-07-31T13:36:44.104Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", "log.flags": [ "multiline" - ], - "message": "2017-07-31 13:36:44.104 CEST [4986] postgres@postgres LOG: duration: 2.895 ms statement: SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", - "offset": 873, - "postgresql.log.database": "postgres", - "postgresql.log.duration": "2.895", - "postgresql.log.level": "LOG", - "postgresql.log.query": "SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", - "postgresql.log.thread_id": "4986", - "postgresql.log.timestamp": "2017-07-31 13:36:44.104", - "postgresql.log.timezone": "CEST", + ], + "message": "2017-07-31 13:36:44.104 CEST [4986] postgres@postgres LOG: duration: 2.895 ms statement: SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", + "offset": 873, + "postgresql.log.database": "postgres", + "postgresql.log.duration": "2.895", + "postgresql.log.level": "LOG", + "postgresql.log.query": "SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", + "postgresql.log.thread_id": "4986", + "postgresql.log.timestamp": "2017-07-31 13:36:44.104", + "postgresql.log.timezone": "CEST", "postgresql.log.user": "postgres" - }, + }, { - "@timestamp": "2017-07-31T13:36:44.642Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", + "@timestamp": "2017-07-31T13:36:44.642Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", "log.flags": [ "multiline" - ], - "message": "2017-07-31 13:36:44.642 CEST [4989] postgres@postgres LOG: duration: 2.809 ms statement: SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", - "offset": 1300, - "postgresql.log.database": "postgres", - "postgresql.log.duration": "2.809", - "postgresql.log.level": "LOG", - "postgresql.log.query": "SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", - "postgresql.log.thread_id": "4989", - "postgresql.log.timestamp": "2017-07-31 13:36:44.642", - "postgresql.log.timezone": "CEST", + ], + "message": "2017-07-31 13:36:44.642 CEST [4989] postgres@postgres LOG: duration: 2.809 ms statement: SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", + "offset": 1300, + "postgresql.log.database": "postgres", + "postgresql.log.duration": "2.809", + "postgresql.log.level": "LOG", + "postgresql.log.query": "SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", + "postgresql.log.thread_id": "4989", + "postgresql.log.timestamp": "2017-07-31 13:36:44.642", + "postgresql.log.timezone": "CEST", "postgresql.log.user": "postgres" - }, + }, { - "@timestamp": "2017-07-31T13:39:16.249Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", - "message": "2017-07-31 13:39:16.249 CEST [5407] postgres@users FATAL: database \"users\" does not exist", - "offset": 1727, - "postgresql.log.database": "users", - "postgresql.log.level": "FATAL", - "postgresql.log.message": "database \"users\" does not exist", - "postgresql.log.thread_id": "5407", - "postgresql.log.timestamp": "2017-07-31 13:39:16.249", - "postgresql.log.timezone": "CEST", + "@timestamp": "2017-07-31T13:39:16.249Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", + "message": "2017-07-31 13:39:16.249 CEST [5407] postgres@users FATAL: database \"users\" does not exist", + "offset": 1727, + "postgresql.log.database": "users", + "postgresql.log.level": "FATAL", + "postgresql.log.message": "database \"users\" does not exist", + "postgresql.log.thread_id": "5407", + "postgresql.log.timestamp": "2017-07-31 13:39:16.249", + "postgresql.log.timezone": "CEST", "postgresql.log.user": "postgres" - }, + }, { - "@timestamp": "2017-07-31T13:39:17.945Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", - "message": "2017-07-31 13:39:17.945 CEST [5500] postgres@user FATAL: database \"user\" does not exist", - "offset": 1818, - "postgresql.log.database": "user", - "postgresql.log.level": "FATAL", - "postgresql.log.message": "database \"user\" does not exist", - "postgresql.log.thread_id": "5500", - "postgresql.log.timestamp": "2017-07-31 13:39:17.945", - "postgresql.log.timezone": "CEST", + "@timestamp": "2017-07-31T13:39:17.945Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", + "message": "2017-07-31 13:39:17.945 CEST [5500] postgres@user FATAL: database \"user\" does not exist", + "offset": 1818, + "postgresql.log.database": "user", + "postgresql.log.level": "FATAL", + "postgresql.log.message": "database \"user\" does not exist", + "postgresql.log.thread_id": "5500", + "postgresql.log.timestamp": "2017-07-31 13:39:17.945", + "postgresql.log.timezone": "CEST", "postgresql.log.user": "postgres" - }, + }, { - "@timestamp": "2017-07-31T13:39:21.025Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", + "@timestamp": "2017-07-31T13:39:21.025Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", "log.flags": [ "multiline" - ], - "message": "2017-07-31 13:39:21.025 CEST [5404] postgres@postgres LOG: duration: 37.598 ms statement: SELECT n.nspname as \"Schema\",\n\t c.relname as \"Name\",\n\t CASE c.relkind WHEN 'r' THEN 'table' WHEN 'v' THEN 'view' WHEN 'm' THEN 'materialized view' WHEN 'i' THEN 'index' WHEN 'S' THEN 'sequence' WHEN 's' THEN 'special' WHEN 'f' THEN 'foreign table' END as \"Type\",\n\t pg_catalog.pg_get_userbyid(c.relowner) as \"Owner\"\n\tFROM pg_catalog.pg_class c\n\t LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace\n\tWHERE c.relkind IN ('r','')\n\t AND n.nspname <> 'pg_catalog'\n\t AND n.nspname <> 'information_schema'\n\t AND n.nspname !~ '^pg_toast'\n\t AND pg_catalog.pg_table_is_visible(c.oid)\n\tORDER BY 1,2;", - "offset": 1907, - "postgresql.log.database": "postgres", - "postgresql.log.duration": "37.598", - "postgresql.log.level": "LOG", - "postgresql.log.query": "SELECT n.nspname as \"Schema\",\n\t c.relname as \"Name\",\n\t CASE c.relkind WHEN 'r' THEN 'table' WHEN 'v' THEN 'view' WHEN 'm' THEN 'materialized view' WHEN 'i' THEN 'index' WHEN 'S' THEN 'sequence' WHEN 's' THEN 'special' WHEN 'f' THEN 'foreign table' END as \"Type\",\n\t pg_catalog.pg_get_userbyid(c.relowner) as \"Owner\"\n\tFROM pg_catalog.pg_class c\n\t LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace\n\tWHERE c.relkind IN ('r','')\n\t AND n.nspname <> 'pg_catalog'\n\t AND n.nspname <> 'information_schema'\n\t AND n.nspname !~ '^pg_toast'\n\t AND pg_catalog.pg_table_is_visible(c.oid)\n\tORDER BY 1,2;", - "postgresql.log.thread_id": "5404", - "postgresql.log.timestamp": "2017-07-31 13:39:21.025", - "postgresql.log.timezone": "CEST", + ], + "message": "2017-07-31 13:39:21.025 CEST [5404] postgres@postgres LOG: duration: 37.598 ms statement: SELECT n.nspname as \"Schema\",\n\t c.relname as \"Name\",\n\t CASE c.relkind WHEN 'r' THEN 'table' WHEN 'v' THEN 'view' WHEN 'm' THEN 'materialized view' WHEN 'i' THEN 'index' WHEN 'S' THEN 'sequence' WHEN 's' THEN 'special' WHEN 'f' THEN 'foreign table' END as \"Type\",\n\t pg_catalog.pg_get_userbyid(c.relowner) as \"Owner\"\n\tFROM pg_catalog.pg_class c\n\t LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace\n\tWHERE c.relkind IN ('r','')\n\t AND n.nspname <> 'pg_catalog'\n\t AND n.nspname <> 'information_schema'\n\t AND n.nspname !~ '^pg_toast'\n\t AND pg_catalog.pg_table_is_visible(c.oid)\n\tORDER BY 1,2;", + "offset": 1907, + "postgresql.log.database": "postgres", + "postgresql.log.duration": "37.598", + "postgresql.log.level": "LOG", + "postgresql.log.query": "SELECT n.nspname as \"Schema\",\n\t c.relname as \"Name\",\n\t CASE c.relkind WHEN 'r' THEN 'table' WHEN 'v' THEN 'view' WHEN 'm' THEN 'materialized view' WHEN 'i' THEN 'index' WHEN 'S' THEN 'sequence' WHEN 's' THEN 'special' WHEN 'f' THEN 'foreign table' END as \"Type\",\n\t pg_catalog.pg_get_userbyid(c.relowner) as \"Owner\"\n\tFROM pg_catalog.pg_class c\n\t LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace\n\tWHERE c.relkind IN ('r','')\n\t AND n.nspname <> 'pg_catalog'\n\t AND n.nspname <> 'information_schema'\n\t AND n.nspname !~ '^pg_toast'\n\t AND pg_catalog.pg_table_is_visible(c.oid)\n\tORDER BY 1,2;", + "postgresql.log.thread_id": "5404", + "postgresql.log.timestamp": "2017-07-31 13:39:21.025", + "postgresql.log.timezone": "CEST", "postgresql.log.user": "postgres" - }, + }, { - "@timestamp": "2017-07-31T13:39:31.619Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", - "message": "2017-07-31 13:39:31.619 CEST [5502] postgres@clients LOG: duration: 9.482 ms statement: select * from clients;", - "offset": 2620, - "postgresql.log.database": "clients", - "postgresql.log.duration": "9.482", - "postgresql.log.level": "LOG", - "postgresql.log.query": "select * from clients;", - "postgresql.log.thread_id": "5502", - "postgresql.log.timestamp": "2017-07-31 13:39:31.619", - "postgresql.log.timezone": "CEST", + "@timestamp": "2017-07-31T13:39:31.619Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", + "message": "2017-07-31 13:39:31.619 CEST [5502] postgres@clients LOG: duration: 9.482 ms statement: select * from clients;", + "offset": 2620, + "postgresql.log.database": "clients", + "postgresql.log.duration": "9.482", + "postgresql.log.level": "LOG", + "postgresql.log.query": "select * from clients;", + "postgresql.log.thread_id": "5502", + "postgresql.log.timestamp": "2017-07-31 13:39:31.619", + "postgresql.log.timezone": "CEST", "postgresql.log.user": "postgres" - }, + }, { - "@timestamp": "2017-07-31T13:39:40.147Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", - "message": "2017-07-31 13:39:40.147 CEST [5502] postgres@clients LOG: duration: 0.765 ms statement: select id from clients;", - "offset": 2733, - "postgresql.log.database": "clients", - "postgresql.log.duration": "0.765", - "postgresql.log.level": "LOG", - "postgresql.log.query": "select id from clients;", - "postgresql.log.thread_id": "5502", - "postgresql.log.timestamp": "2017-07-31 13:39:40.147", - "postgresql.log.timezone": "CEST", + "@timestamp": "2017-07-31T13:39:40.147Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", + "message": "2017-07-31 13:39:40.147 CEST [5502] postgres@clients LOG: duration: 0.765 ms statement: select id from clients;", + "offset": 2733, + "postgresql.log.database": "clients", + "postgresql.log.duration": "0.765", + "postgresql.log.level": "LOG", + "postgresql.log.query": "select id from clients;", + "postgresql.log.thread_id": "5502", + "postgresql.log.timestamp": "2017-07-31 13:39:40.147", + "postgresql.log.timezone": "CEST", "postgresql.log.user": "postgres" - }, + }, { - "@timestamp": "2017-07-31T13:40:54.310Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", + "@timestamp": "2017-07-31T13:40:54.310Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", "log.flags": [ "multiline" - ], - "message": "2017-07-31 13:40:54.310 CEST [5502] postgres@clients LOG: duration: 26.082 ms statement: SELECT n.nspname as \"Schema\",\n\t c.relname as \"Name\",\n\t CASE c.relkind WHEN 'r' THEN 'table' WHEN 'v' THEN 'view' WHEN 'm' THEN 'materialized view' WHEN 'i' THEN 'index' WHEN 'S' THEN 'sequence' WHEN 's' THEN 'special' WHEN 'f' THEN 'foreign table' END as \"Type\",\n\t pg_catalog.pg_get_userbyid(c.relowner) as \"Owner\"\n\tFROM pg_catalog.pg_class c\n\t LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace\n\tWHERE c.relkind IN ('r','')\n\t AND n.nspname <> 'pg_catalog'\n\t AND n.nspname <> 'information_schema'\n\t AND n.nspname !~ '^pg_toast'\n\t AND pg_catalog.pg_table_is_visible(c.oid)\n\tORDER BY 1,2;", - "offset": 2847, - "postgresql.log.database": "clients", - "postgresql.log.duration": "26.082", - "postgresql.log.level": "LOG", - "postgresql.log.query": "SELECT n.nspname as \"Schema\",\n\t c.relname as \"Name\",\n\t CASE c.relkind WHEN 'r' THEN 'table' WHEN 'v' THEN 'view' WHEN 'm' THEN 'materialized view' WHEN 'i' THEN 'index' WHEN 'S' THEN 'sequence' WHEN 's' THEN 'special' WHEN 'f' THEN 'foreign table' END as \"Type\",\n\t pg_catalog.pg_get_userbyid(c.relowner) as \"Owner\"\n\tFROM pg_catalog.pg_class c\n\t LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace\n\tWHERE c.relkind IN ('r','')\n\t AND n.nspname <> 'pg_catalog'\n\t AND n.nspname <> 'information_schema'\n\t AND n.nspname !~ '^pg_toast'\n\t AND pg_catalog.pg_table_is_visible(c.oid)\n\tORDER BY 1,2;", - "postgresql.log.thread_id": "5502", - "postgresql.log.timestamp": "2017-07-31 13:40:54.310", - "postgresql.log.timezone": "CEST", + ], + "message": "2017-07-31 13:40:54.310 CEST [5502] postgres@clients LOG: duration: 26.082 ms statement: SELECT n.nspname as \"Schema\",\n\t c.relname as \"Name\",\n\t CASE c.relkind WHEN 'r' THEN 'table' WHEN 'v' THEN 'view' WHEN 'm' THEN 'materialized view' WHEN 'i' THEN 'index' WHEN 'S' THEN 'sequence' WHEN 's' THEN 'special' WHEN 'f' THEN 'foreign table' END as \"Type\",\n\t pg_catalog.pg_get_userbyid(c.relowner) as \"Owner\"\n\tFROM pg_catalog.pg_class c\n\t LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace\n\tWHERE c.relkind IN ('r','')\n\t AND n.nspname <> 'pg_catalog'\n\t AND n.nspname <> 'information_schema'\n\t AND n.nspname !~ '^pg_toast'\n\t AND pg_catalog.pg_table_is_visible(c.oid)\n\tORDER BY 1,2;", + "offset": 2847, + "postgresql.log.database": "clients", + "postgresql.log.duration": "26.082", + "postgresql.log.level": "LOG", + "postgresql.log.query": "SELECT n.nspname as \"Schema\",\n\t c.relname as \"Name\",\n\t CASE c.relkind WHEN 'r' THEN 'table' WHEN 'v' THEN 'view' WHEN 'm' THEN 'materialized view' WHEN 'i' THEN 'index' WHEN 'S' THEN 'sequence' WHEN 's' THEN 'special' WHEN 'f' THEN 'foreign table' END as \"Type\",\n\t pg_catalog.pg_get_userbyid(c.relowner) as \"Owner\"\n\tFROM pg_catalog.pg_class c\n\t LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace\n\tWHERE c.relkind IN ('r','')\n\t AND n.nspname <> 'pg_catalog'\n\t AND n.nspname <> 'information_schema'\n\t AND n.nspname !~ '^pg_toast'\n\t AND pg_catalog.pg_table_is_visible(c.oid)\n\tORDER BY 1,2;", + "postgresql.log.thread_id": "5502", + "postgresql.log.timestamp": "2017-07-31 13:40:54.310", + "postgresql.log.timezone": "CEST", "postgresql.log.user": "postgres" - }, + }, { - "@timestamp": "2017-07-31T13:43:22.645Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", - "message": "2017-07-31 13:43:22.645 CEST [5502] postgres@clients LOG: duration: 36.162 ms statement: create table cats(name varchar(50) primary key, toy varchar (50) not null, born timestamp not null);", - "offset": 3559, - "postgresql.log.database": "clients", - "postgresql.log.duration": "36.162", - "postgresql.log.level": "LOG", - "postgresql.log.query": "create table cats(name varchar(50) primary key, toy varchar (50) not null, born timestamp not null);", - "postgresql.log.thread_id": "5502", - "postgresql.log.timestamp": "2017-07-31 13:43:22.645", - "postgresql.log.timezone": "CEST", + "@timestamp": "2017-07-31T13:43:22.645Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", + "message": "2017-07-31 13:43:22.645 CEST [5502] postgres@clients LOG: duration: 36.162 ms statement: create table cats(name varchar(50) primary key, toy varchar (50) not null, born timestamp not null);", + "offset": 3559, + "postgresql.log.database": "clients", + "postgresql.log.duration": "36.162", + "postgresql.log.level": "LOG", + "postgresql.log.query": "create table cats(name varchar(50) primary key, toy varchar (50) not null, born timestamp not null);", + "postgresql.log.thread_id": "5502", + "postgresql.log.timestamp": "2017-07-31 13:43:22.645", + "postgresql.log.timezone": "CEST", "postgresql.log.user": "postgres" - }, + }, { - "@timestamp": "2017-07-31T13:46:02.670Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", - "message": "2017-07-31 13:46:02.670 CEST [5502] postgres@c$lients LOG: duration: 10.540 ms statement: insert into cats(name, toy, born) values('kate', 'ball', now());", - "offset": 3751, - "postgresql.log.database": "c$lients", - "postgresql.log.duration": "10.540", - "postgresql.log.level": "LOG", - "postgresql.log.query": "insert into cats(name, toy, born) values('kate', 'ball', now());", - "postgresql.log.thread_id": "5502", - "postgresql.log.timestamp": "2017-07-31 13:46:02.670", - "postgresql.log.timezone": "CEST", + "@timestamp": "2017-07-31T13:46:02.670Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", + "message": "2017-07-31 13:46:02.670 CEST [5502] postgres@c$lients LOG: duration: 10.540 ms statement: insert into cats(name, toy, born) values('kate', 'ball', now());", + "offset": 3751, + "postgresql.log.database": "c$lients", + "postgresql.log.duration": "10.540", + "postgresql.log.level": "LOG", + "postgresql.log.query": "insert into cats(name, toy, born) values('kate', 'ball', now());", + "postgresql.log.thread_id": "5502", + "postgresql.log.timestamp": "2017-07-31 13:46:02.670", + "postgresql.log.timezone": "CEST", "postgresql.log.user": "postgres" - }, + }, { - "@timestamp": "2017-07-31T13:46:23.016Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", - "message": "2017-07-31 13:46:23.016 CEST [5502] postgres@_clients$db LOG: duration: 5.156 ms statement: insert into cats(name, toy, born) values('frida', 'horse', now());", - "offset": 3908, - "postgresql.log.database": "_clients$db", - "postgresql.log.duration": "5.156", - "postgresql.log.level": "LOG", - "postgresql.log.query": "insert into cats(name, toy, born) values('frida', 'horse', now());", - "postgresql.log.thread_id": "5502", - "postgresql.log.timestamp": "2017-07-31 13:46:23.016", - "postgresql.log.timezone": "CEST", + "@timestamp": "2017-07-31T13:46:23.016Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", + "message": "2017-07-31 13:46:23.016 CEST [5502] postgres@_clients$db LOG: duration: 5.156 ms statement: insert into cats(name, toy, born) values('frida', 'horse', now());", + "offset": 3908, + "postgresql.log.database": "_clients$db", + "postgresql.log.duration": "5.156", + "postgresql.log.level": "LOG", + "postgresql.log.query": "insert into cats(name, toy, born) values('frida', 'horse', now());", + "postgresql.log.thread_id": "5502", + "postgresql.log.timestamp": "2017-07-31 13:46:23.016", + "postgresql.log.timezone": "CEST", "postgresql.log.user": "postgres" - }, + }, { - "@timestamp": "2017-07-31T13:46:55.637Z", - "fileset.module": "postgresql", - "fileset.name": "log", - "input.type": "log", - "message": "2017-07-31 13:46:55.637 CEST [5502] postgres@clients_db LOG: duration: 25.871 ms statement: create table dogs(name varchar(50) primary key, owner varchar (50) not null, born timestamp not null);", - "offset": 4069, - "postgresql.log.database": "clients_db", - "postgresql.log.duration": "25.871", - "postgresql.log.level": "LOG", - "postgresql.log.query": "create table dogs(name varchar(50) primary key, owner varchar (50) not null, born timestamp not null);", - "postgresql.log.thread_id": "5502", - "postgresql.log.timestamp": "2017-07-31 13:46:55.637", - "postgresql.log.timezone": "CEST", + "@timestamp": "2017-07-31T13:46:55.637Z", + "fileset.module": "postgresql", + "fileset.name": "log", + "input.type": "log", + "message": "2017-07-31 13:46:55.637 CEST [5502] postgres@clients_db LOG: duration: 25.871 ms statement: create table dogs(name varchar(50) primary key, owner varchar (50) not null, born timestamp not null);", + "offset": 4069, + "postgresql.log.database": "clients_db", + "postgresql.log.duration": "25.871", + "postgresql.log.level": "LOG", + "postgresql.log.query": "create table dogs(name varchar(50) primary key, owner varchar (50) not null, born timestamp not null);", + "postgresql.log.thread_id": "5502", + "postgresql.log.timestamp": "2017-07-31 13:46:55.637", + "postgresql.log.timezone": "CEST", "postgresql.log.user": "postgres" } -] +] \ No newline at end of file diff --git a/filebeat/module/redis/log/test/test.log-expected.json b/filebeat/module/redis/log/test/test.log-expected.json index bbd47176fdbd..caab13a8c191 100644 --- a/filebeat/module/redis/log/test/test.log-expected.json +++ b/filebeat/module/redis/log/test/test.log-expected.json @@ -1,40 +1,40 @@ [ { - "@timestamp": "2018-05-30T12:23:52.442Z", - "fileset.module": "redis", - "fileset.name": "log", - "input.type": "log", - "offset": 0, - "redis.log.level": "notice", - "redis.log.message": "Saving the final RDB snapshot before exiting.", - "redis.log.pid": "98738", + "@timestamp": "2018-05-30T12:23:52.442Z", + "fileset.module": "redis", + "fileset.name": "log", + "input.type": "log", + "offset": 0, + "redis.log.level": "notice", + "redis.log.message": "Saving the final RDB snapshot before exiting.", + "redis.log.pid": "98738", "redis.log.role": "master" - }, + }, { - "@timestamp": "2018-05-30T10:05:20.000Z", - "fileset.module": "redis", - "fileset.name": "log", - "input.type": "log", - "offset": 76, - "redis.log.level": "debug", + "@timestamp": "2018-05-30T10:05:20.000Z", + "fileset.module": "redis", + "fileset.name": "log", + "input.type": "log", + "offset": 76, + "redis.log.level": "debug", "redis.log.message": "0 clients connected (0 slaves), 618932 bytes in use, 0 shared objects." - }, + }, { - "@timestamp": "2018-05-31T04:32:08.000Z", - "fileset.module": "redis", - "fileset.name": "log", - "input.type": "log", - "offset": 165, - "redis.log.level": "notice", + "@timestamp": "2018-05-31T04:32:08.000Z", + "fileset.module": "redis", + "fileset.name": "log", + "input.type": "log", + "offset": 165, + "redis.log.level": "notice", "redis.log.message": "The server is now ready to accept connections on port 6379\"" - }, + }, { - "@timestamp": "2017-05-30T10:57:24.000Z", - "fileset.module": "redis", - "fileset.name": "log", - "input.type": "log", - "offset": 250, - "redis.log.message": "Received SIGINT scheduling shutdown...", + "@timestamp": "2017-05-30T10:57:24.000Z", + "fileset.module": "redis", + "fileset.name": "log", + "input.type": "log", + "offset": 250, + "redis.log.message": "Received SIGINT scheduling shutdown...", "redis.log.pid": "5092" } -] +] \ No newline at end of file diff --git a/filebeat/module/system/auth/test/test.log-expected.json b/filebeat/module/system/auth/test/test.log-expected.json index 150fd3cd4fd1..1905c6fbc7a3 100644 --- a/filebeat/module/system/auth/test/test.log-expected.json +++ b/filebeat/module/system/auth/test/test.log-expected.json @@ -1,148 +1,148 @@ [ { - "@timestamp": "2018-02-21T21:54:44.000Z", - "fileset.module": "system", - "fileset.name": "auth", - "input.type": "log", - "offset": 0, - "system.auth.hostname": "localhost", - "system.auth.pid": "3402", - "system.auth.ssh.event": "Accepted", - "system.auth.ssh.ip": "10.0.2.2", - "system.auth.ssh.method": "publickey", - "system.auth.ssh.port": "63673", - "system.auth.ssh.signature": "RSA 39:33:99:e9:a0:dc:f2:33:a3:e5:72:3b:7c:3a:56:84", - "system.auth.timestamp": "Feb 21 21:54:44", + "@timestamp": "2018-02-21T21:54:44.000Z", + "fileset.module": "system", + "fileset.name": "auth", + "input.type": "log", + "offset": 0, + "system.auth.hostname": "localhost", + "system.auth.pid": "3402", + "system.auth.ssh.event": "Accepted", + "system.auth.ssh.ip": "10.0.2.2", + "system.auth.ssh.method": "publickey", + "system.auth.ssh.port": "63673", + "system.auth.ssh.signature": "RSA 39:33:99:e9:a0:dc:f2:33:a3:e5:72:3b:7c:3a:56:84", + "system.auth.timestamp": "Feb 21 21:54:44", "system.auth.user": "vagrant" - }, + }, { - "@timestamp": "2018-02-23T00:13:35.000Z", - "fileset.module": "system", - "fileset.name": "auth", - "input.type": "log", - "offset": 152, - "system.auth.hostname": "localhost", - "system.auth.pid": "7483", - "system.auth.ssh.event": "Accepted", - "system.auth.ssh.ip": "192.168.33.1", - "system.auth.ssh.method": "password", - "system.auth.ssh.port": "58803", - "system.auth.timestamp": "Feb 23 00:13:35", + "@timestamp": "2018-02-23T00:13:35.000Z", + "fileset.module": "system", + "fileset.name": "auth", + "input.type": "log", + "offset": 152, + "system.auth.hostname": "localhost", + "system.auth.pid": "7483", + "system.auth.ssh.event": "Accepted", + "system.auth.ssh.ip": "192.168.33.1", + "system.auth.ssh.method": "password", + "system.auth.ssh.port": "58803", + "system.auth.timestamp": "Feb 23 00:13:35", "system.auth.user": "vagrant" - }, + }, { - "@timestamp": "2018-02-21T21:56:12.000Z", - "fileset.module": "system", - "fileset.name": "auth", - "input.type": "log", - "offset": 254, - "system.auth.hostname": "localhost", - "system.auth.pid": "3430", - "system.auth.ssh.event": "Invalid", - "system.auth.ssh.ip": "10.0.2.2", - "system.auth.timestamp": "Feb 21 21:56:12", + "@timestamp": "2018-02-21T21:56:12.000Z", + "fileset.module": "system", + "fileset.name": "auth", + "input.type": "log", + "offset": 254, + "system.auth.hostname": "localhost", + "system.auth.pid": "3430", + "system.auth.ssh.event": "Invalid", + "system.auth.ssh.ip": "10.0.2.2", + "system.auth.timestamp": "Feb 21 21:56:12", "system.auth.user": "test" - }, + }, { - "@timestamp": "2018-02-20T08:35:22.000Z", - "fileset.module": "system", - "fileset.name": "auth", - "input.type": "log", - "offset": 324, - "system.auth.hostname": "slave22", - "system.auth.pid": "5774", - "system.auth.ssh.event": "Failed", - "system.auth.ssh.geoip.continent_name": "Asia", - "system.auth.ssh.geoip.country_iso_code": "CN", - "system.auth.ssh.geoip.location.lat": 23.1167, - "system.auth.ssh.geoip.location.lon": 113.25, - "system.auth.ssh.geoip.region_iso_code": "CN-GD", - "system.auth.ssh.geoip.region_name": "Guangdong", - "system.auth.ssh.ip": "116.31.116.24", - "system.auth.ssh.method": "password", - "system.auth.ssh.port": "29160", - "system.auth.timestamp": "Feb 20 08:35:22", + "@timestamp": "2018-02-20T08:35:22.000Z", + "fileset.module": "system", + "fileset.name": "auth", + "input.type": "log", + "offset": 324, + "system.auth.hostname": "slave22", + "system.auth.pid": "5774", + "system.auth.ssh.event": "Failed", + "system.auth.ssh.geoip.city_name": "Shenzhen", + "system.auth.ssh.geoip.continent_name": "Asia", + "system.auth.ssh.geoip.country_iso_code": "CN", + "system.auth.ssh.geoip.location.lat": 22.5333, + "system.auth.ssh.geoip.location.lon": 114.1333, + "system.auth.ssh.geoip.region_name": "Guangdong", + "system.auth.ssh.ip": "116.31.116.24", + "system.auth.ssh.method": "password", + "system.auth.ssh.port": "29160", + "system.auth.timestamp": "Feb 20 08:35:22", "system.auth.user": "root" - }, + }, { - "@timestamp": "2018-02-21T23:35:33.000Z", - "fileset.module": "system", - "fileset.name": "auth", - "input.type": "log", - "offset": 420, - "system.auth.hostname": "localhost", - "system.auth.sudo.command": "/bin/ls", - "system.auth.sudo.pwd": "/home/vagrant", - "system.auth.sudo.tty": "pts/0", - "system.auth.sudo.user": "root", - "system.auth.timestamp": "Feb 21 23:35:33", + "@timestamp": "2018-02-21T23:35:33.000Z", + "fileset.module": "system", + "fileset.name": "auth", + "input.type": "log", + "offset": 420, + "system.auth.hostname": "localhost", + "system.auth.sudo.command": "/bin/ls", + "system.auth.sudo.pwd": "/home/vagrant", + "system.auth.sudo.tty": "pts/0", + "system.auth.sudo.user": "root", + "system.auth.timestamp": "Feb 21 23:35:33", "system.auth.user": "vagrant" - }, + }, { - "@timestamp": "2018-02-19T15:30:04.000Z", - "fileset.module": "system", - "fileset.name": "auth", - "input.type": "log", - "offset": 522, - "system.auth.hostname": "slave22", - "system.auth.pid": "18406", - "system.auth.ssh.dropped_ip": "123.57.245.163", + "@timestamp": "2018-02-19T15:30:04.000Z", + "fileset.module": "system", + "fileset.name": "auth", + "input.type": "log", + "offset": 522, + "system.auth.hostname": "slave22", + "system.auth.pid": "18406", + "system.auth.ssh.dropped_ip": "123.57.245.163", "system.auth.timestamp": "Feb 19 15:30:04" - }, + }, { - "@timestamp": "2018-02-23T00:08:48.000Z", - "fileset.module": "system", - "fileset.name": "auth", - "input.type": "log", - "offset": 617, - "system.auth.hostname": "localhost", - "system.auth.sudo.command": "/bin/cat /var/log/secure", - "system.auth.sudo.pwd": "/home/vagrant", - "system.auth.sudo.tty": "pts/1", - "system.auth.sudo.user": "root", - "system.auth.timestamp": "Feb 23 00:08:48", + "@timestamp": "2018-02-23T00:08:48.000Z", + "fileset.module": "system", + "fileset.name": "auth", + "input.type": "log", + "offset": 617, + "system.auth.hostname": "localhost", + "system.auth.sudo.command": "/bin/cat /var/log/secure", + "system.auth.sudo.pwd": "/home/vagrant", + "system.auth.sudo.tty": "pts/1", + "system.auth.sudo.user": "root", + "system.auth.timestamp": "Feb 23 00:08:48", "system.auth.user": "vagrant" - }, + }, { - "@timestamp": "2018-02-24T00:13:02.000Z", - "fileset.module": "system", - "fileset.name": "auth", - "input.type": "log", - "offset": 736, - "system.auth.hostname": "precise32", - "system.auth.sudo.command": "/bin/ls", - "system.auth.sudo.error": "user NOT in sudoers", - "system.auth.sudo.pwd": "/home/vagrant", - "system.auth.sudo.tty": "pts/1", - "system.auth.sudo.user": "root", - "system.auth.timestamp": "Feb 24 00:13:02", + "@timestamp": "2018-02-24T00:13:02.000Z", + "fileset.module": "system", + "fileset.name": "auth", + "input.type": "log", + "offset": 736, + "system.auth.hostname": "precise32", + "system.auth.sudo.command": "/bin/ls", + "system.auth.sudo.error": "user NOT in sudoers", + "system.auth.sudo.pwd": "/home/vagrant", + "system.auth.sudo.tty": "pts/1", + "system.auth.sudo.user": "root", + "system.auth.timestamp": "Feb 24 00:13:02", "system.auth.user": "tsg" - }, + }, { - "@timestamp": "2018-02-22T11:47:05.000Z", - "fileset.module": "system", - "fileset.name": "auth", - "input.type": "log", - "offset": 861, - "system.auth.groupadd.gid": "48", - "system.auth.groupadd.name": "apache", - "system.auth.hostname": "localhost", - "system.auth.pid": "6991", + "@timestamp": "2018-02-22T11:47:05.000Z", + "fileset.module": "system", + "fileset.name": "auth", + "input.type": "log", + "offset": 861, + "system.auth.groupadd.gid": "48", + "system.auth.groupadd.name": "apache", + "system.auth.hostname": "localhost", + "system.auth.pid": "6991", "system.auth.timestamp": "Feb 22 11:47:05" - }, + }, { - "@timestamp": "2018-02-22T11:47:05.000Z", - "fileset.module": "system", - "fileset.name": "auth", - "input.type": "log", - "offset": 934, - "system.auth.hostname": "localhost", - "system.auth.pid": "6995", - "system.auth.timestamp": "Feb 22 11:47:05", - "system.auth.useradd.gid": "48", - "system.auth.useradd.home": "/usr/share/httpd", - "system.auth.useradd.name": "apache", - "system.auth.useradd.shell": "/sbin/nologin", + "@timestamp": "2018-02-22T11:47:05.000Z", + "fileset.module": "system", + "fileset.name": "auth", + "input.type": "log", + "offset": 934, + "system.auth.hostname": "localhost", + "system.auth.pid": "6995", + "system.auth.timestamp": "Feb 22 11:47:05", + "system.auth.useradd.gid": "48", + "system.auth.useradd.home": "/usr/share/httpd", + "system.auth.useradd.name": "apache", + "system.auth.useradd.shell": "/sbin/nologin", "system.auth.useradd.uid": "48" } -] +] \ No newline at end of file diff --git a/filebeat/module/system/syslog/test/darwin-syslog-sample.log-expected.json b/filebeat/module/system/syslog/test/darwin-syslog-sample.log-expected.json index 66d012679aa0..cb6cf3b3d430 100644 --- a/filebeat/module/system/syslog/test/darwin-syslog-sample.log-expected.json +++ b/filebeat/module/system/syslog/test/darwin-syslog-sample.log-expected.json @@ -1,38 +1,38 @@ [ { - "@timestamp": "2018-12-13T11:35:28.000Z", - "fileset.module": "system", - "fileset.name": "syslog", - "input.type": "log", + "@timestamp": "2018-12-13T11:35:28.000Z", + "fileset.module": "system", + "fileset.name": "syslog", + "input.type": "log", "log.flags": [ "multiline" - ], - "offset": 0, - "system.syslog.hostname": "a-mac-with-esc-key", - "system.syslog.message": "2016-12-13 11:35:28.420 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] -[KSAgentApp updateProductWithProductID:usingEngine:] Checking for updates for \"All Products\" using engine \n\t\t>>\n\t\tprocessor=\n\t\t\tisProcessing=NO actionsCompleted=0 progress=0.00\n\t\t\terrors=0 currentActionErrors=0\n\t\t\tevents=0 currentActionEvents=0\n\t\t\tactionQueue=( )\n\t\t>\n\t\tdelegate=(null)\n\t\tserverInfoStore=(null)\n\t\terrors=0\n\t>", - "system.syslog.pid": "21412", - "system.syslog.program": "GoogleSoftwareUpdateAgent", + ], + "offset": 0, + "system.syslog.hostname": "a-mac-with-esc-key", + "system.syslog.message": "2016-12-13 11:35:28.420 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] -[KSAgentApp updateProductWithProductID:usingEngine:] Checking for updates for \"All Products\" using engine \n\t\t>>\n\t\tprocessor=\n\t\t\tisProcessing=NO actionsCompleted=0 progress=0.00\n\t\t\terrors=0 currentActionErrors=0\n\t\t\tevents=0 currentActionEvents=0\n\t\t\tactionQueue=( )\n\t\t>\n\t\tdelegate=(null)\n\t\tserverInfoStore=(null)\n\t\terrors=0\n\t>", + "system.syslog.pid": "21412", + "system.syslog.program": "GoogleSoftwareUpdateAgent", "system.syslog.timestamp": "Dec 13 11:35:28" - }, + }, { - "@timestamp": "2018-12-13T11:35:28.000Z", - "fileset.module": "system", - "fileset.name": "syslog", - "input.type": "log", - "offset": 907, - "system.syslog.hostname": "a-mac-with-esc-key", - "system.syslog.message": "2016-12-13 11:35:28.421 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] -[KSUpdateEngine updateAllExceptProduct:] KSUpdateEngine updating all installed products, except:'com.google.Keystone'.", - "system.syslog.pid": "21412", - "system.syslog.program": "GoogleSoftwareUpdateAgent", + "@timestamp": "2018-12-13T11:35:28.000Z", + "fileset.module": "system", + "fileset.name": "syslog", + "input.type": "log", + "offset": 907, + "system.syslog.hostname": "a-mac-with-esc-key", + "system.syslog.message": "2016-12-13 11:35:28.421 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] -[KSUpdateEngine updateAllExceptProduct:] KSUpdateEngine updating all installed products, except:'com.google.Keystone'.", + "system.syslog.pid": "21412", + "system.syslog.program": "GoogleSoftwareUpdateAgent", "system.syslog.timestamp": "Dec 13 11:35:28" - }, + }, { - "@timestamp": "2018-04-04T03:39:57.000Z", - "fileset.module": "system", - "fileset.name": "syslog", - "input.type": "log", - "offset": 1176, - "system.syslog.message": "--- last message repeated 1 time ---", + "@timestamp": "2018-04-04T03:39:57.000Z", + "fileset.module": "system", + "fileset.name": "syslog", + "input.type": "log", + "offset": 1176, + "system.syslog.message": "--- last message repeated 1 time ---", "system.syslog.timestamp": "Apr 4 03:39:57" } -] +] \ No newline at end of file diff --git a/filebeat/module/traefik/access/test/test.log-expected.json b/filebeat/module/traefik/access/test/test.log-expected.json index 682f8ff02802..54151c2ea67c 100644 --- a/filebeat/module/traefik/access/test/test.log-expected.json +++ b/filebeat/module/traefik/access/test/test.log-expected.json @@ -1,55 +1,54 @@ [ { - "@timestamp": "2017-10-02T20:22:07.000Z", - "fileset.module": "traefik", - "fileset.name": "access", - "input.type": "log", - "offset": 0, - "traefik.access.body_sent.bytes": "0", - "traefik.access.http_version": "1.1", - "traefik.access.method": "GET", - "traefik.access.referrer": "http://example.com/login", - "traefik.access.remote_ip": "192.168.33.1", - "traefik.access.response_code": "304", - "traefik.access.url": "/ui/favicons/favicon-16x16.png", - "traefik.access.user_agent.device": "Other", - "traefik.access.user_agent.major": "61", - "traefik.access.user_agent.minor": "0", - "traefik.access.user_agent.name": "Chrome", - "traefik.access.user_agent.original": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36", - "traefik.access.user_agent.os": "Linux", - "traefik.access.user_agent.os_name": "Linux", - "traefik.access.user_agent.patch": "3163", + "@timestamp": "2017-10-02T20:22:07.000Z", + "fileset.module": "traefik", + "fileset.name": "access", + "input.type": "log", + "offset": 0, + "traefik.access.body_sent.bytes": "0", + "traefik.access.http_version": "1.1", + "traefik.access.method": "GET", + "traefik.access.referrer": "http://example.com/login", + "traefik.access.remote_ip": "192.168.33.1", + "traefik.access.response_code": "304", + "traefik.access.url": "/ui/favicons/favicon-16x16.png", + "traefik.access.user_agent.device": "Other", + "traefik.access.user_agent.major": "61", + "traefik.access.user_agent.minor": "0", + "traefik.access.user_agent.name": "Chrome", + "traefik.access.user_agent.original": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36", + "traefik.access.user_agent.os": "Linux", + "traefik.access.user_agent.os_name": "Linux", + "traefik.access.user_agent.patch": "3163", "traefik.access.user_name": "-" - }, + }, { - "@timestamp": "2017-10-02T20:22:08.000Z", - "fileset.module": "traefik", - "fileset.name": "access", - "input.type": "log", - "offset": 280, - "traefik.access.body_sent.bytes": "0", - "traefik.access.geoip.city_name": "Berlin", - "traefik.access.geoip.continent_name": "Europe", - "traefik.access.geoip.country_iso_code": "DE", - "traefik.access.geoip.location.lat": 52.4908, - "traefik.access.geoip.location.lon": 13.3275, - "traefik.access.geoip.region_iso_code": "DE-BE", - "traefik.access.geoip.region_name": "Land Berlin", - "traefik.access.http_version": "1.1", - "traefik.access.method": "GET", - "traefik.access.referrer": "http://example.com/login", - "traefik.access.remote_ip": "85.181.35.98", - "traefik.access.response_code": "304", - "traefik.access.url": "/ui/favicons/favicon.ico", - "traefik.access.user_agent.device": "Other", - "traefik.access.user_agent.major": "61", - "traefik.access.user_agent.minor": "0", - "traefik.access.user_agent.name": "Chrome", - "traefik.access.user_agent.original": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36", - "traefik.access.user_agent.os": "Linux", - "traefik.access.user_agent.os_name": "Linux", - "traefik.access.user_agent.patch": "3163", + "@timestamp": "2017-10-02T20:22:08.000Z", + "fileset.module": "traefik", + "fileset.name": "access", + "input.type": "log", + "offset": 280, + "traefik.access.body_sent.bytes": "0", + "traefik.access.geoip.city_name": "Berlin", + "traefik.access.geoip.continent_name": "Europe", + "traefik.access.geoip.country_iso_code": "DE", + "traefik.access.geoip.location.lat": 52.5167, + "traefik.access.geoip.location.lon": 13.4, + "traefik.access.geoip.region_name": "Land Berlin", + "traefik.access.http_version": "1.1", + "traefik.access.method": "GET", + "traefik.access.referrer": "http://example.com/login", + "traefik.access.remote_ip": "85.181.35.98", + "traefik.access.response_code": "304", + "traefik.access.url": "/ui/favicons/favicon.ico", + "traefik.access.user_agent.device": "Other", + "traefik.access.user_agent.major": "61", + "traefik.access.user_agent.minor": "0", + "traefik.access.user_agent.name": "Chrome", + "traefik.access.user_agent.original": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36", + "traefik.access.user_agent.os": "Linux", + "traefik.access.user_agent.os_name": "Linux", + "traefik.access.user_agent.patch": "3163", "traefik.access.user_name": "-" } -] +] \ No newline at end of file diff --git a/x-pack/filebeat/module/suricata/eve/test/eve-alerts.log-expected.json b/x-pack/filebeat/module/suricata/eve/test/eve-alerts.log-expected.json index 23886c5847fa..7bd2b03cc0d7 100644 --- a/x-pack/filebeat/module/suricata/eve/test/eve-alerts.log-expected.json +++ b/x-pack/filebeat/module/suricata/eve/test/eve-alerts.log-expected.json @@ -17,7 +17,6 @@ "http.response.status_code": "200", "input.type": "log", "offset": 0, - "prospector.type": "log", "source_ecs.ip": "192.168.1.146", "source_ecs.port": 32858, "suricata.eve.alert.action": "allowed", @@ -81,7 +80,6 @@ "http.response.status_code": "200", "input.type": "log", "offset": 723, - "prospector.type": "log", "source_ecs.ip": "192.168.1.146", "source_ecs.port": 32864, "suricata.eve.alert.action": "allowed", @@ -145,7 +143,6 @@ "http.response.status_code": "200", "input.type": "log", "offset": 1445, - "prospector.type": "log", "source_ecs.ip": "192.168.1.146", "source_ecs.port": 32870, "suricata.eve.alert.action": "allowed", @@ -209,7 +206,6 @@ "http.response.status_code": "200", "input.type": "log", "offset": 2168, - "prospector.type": "log", "source_ecs.ip": "192.168.1.146", "source_ecs.port": 32872, "suricata.eve.alert.action": "allowed", @@ -273,7 +269,6 @@ "http.response.status_code": "200", "input.type": "log", "offset": 2889, - "prospector.type": "log", "source_ecs.ip": "192.168.1.146", "source_ecs.port": 32876, "suricata.eve.alert.action": "allowed", @@ -337,7 +332,6 @@ "http.response.status_code": "200", "input.type": "log", "offset": 3611, - "prospector.type": "log", "source_ecs.ip": "192.168.1.146", "source_ecs.port": 32892, "suricata.eve.alert.action": "allowed", @@ -401,7 +395,6 @@ "http.response.status_code": "200", "input.type": "log", "offset": 4334, - "prospector.type": "log", "source_ecs.ip": "192.168.1.146", "source_ecs.port": 37742, "suricata.eve.alert.action": "allowed", @@ -463,7 +456,6 @@ "http.response.status_code": "304", "input.type": "log", "offset": 5140, - "prospector.type": "log", "source_ecs.ip": "192.168.1.146", "source_ecs.port": 52340, "suricata.eve.alert.action": "allowed", @@ -525,7 +517,6 @@ "http.response.status_code": "200", "input.type": "log", "offset": 5931, - "prospector.type": "log", "source_ecs.ip": "192.168.1.146", "source_ecs.port": 52340, "suricata.eve.alert.action": "allowed", @@ -587,7 +578,6 @@ "http.response.status_code": "200", "input.type": "log", "offset": 6734, - "prospector.type": "log", "source_ecs.ip": "192.168.1.146", "source_ecs.port": 37742, "suricata.eve.alert.action": "allowed", @@ -649,7 +639,6 @@ "http.response.status_code": "200", "input.type": "log", "offset": 7630, - "prospector.type": "log", "source_ecs.ip": "192.168.1.146", "source_ecs.port": 37742, "suricata.eve.alert.action": "allowed", @@ -711,7 +700,6 @@ "http.response.status_code": "200", "input.type": "log", "offset": 8533, - "prospector.type": "log", "source_ecs.ip": "192.168.1.146", "source_ecs.port": 37742, "suricata.eve.alert.action": "allowed", @@ -773,7 +761,6 @@ "http.response.status_code": "200", "input.type": "log", "offset": 9443, - "prospector.type": "log", "source_ecs.ip": "192.168.1.146", "source_ecs.port": 52340, "suricata.eve.alert.action": "allowed", @@ -835,7 +822,6 @@ "http.response.status_code": "200", "input.type": "log", "offset": 10252, - "prospector.type": "log", "source_ecs.ip": "192.168.1.146", "source_ecs.port": 52340, "suricata.eve.alert.action": "allowed", @@ -897,7 +883,6 @@ "http.response.status_code": "200", "input.type": "log", "offset": 11147, - "prospector.type": "log", "source_ecs.ip": "192.168.1.146", "source_ecs.port": 52340, "suricata.eve.alert.action": "allowed", @@ -959,7 +944,6 @@ "http.response.status_code": "200", "input.type": "log", "offset": 12048, - "prospector.type": "log", "source_ecs.ip": "192.168.1.146", "source_ecs.port": 52340, "suricata.eve.alert.action": "allowed", @@ -1021,7 +1005,6 @@ "http.response.status_code": "200", "input.type": "log", "offset": 12951, - "prospector.type": "log", "source_ecs.ip": "192.168.1.146", "source_ecs.port": 52340, "suricata.eve.alert.action": "allowed", @@ -1083,7 +1066,6 @@ "http.response.status_code": "200", "input.type": "log", "offset": 13860, - "prospector.type": "log", "source_ecs.ip": "192.168.1.146", "source_ecs.port": 52340, "suricata.eve.alert.action": "allowed", @@ -1144,7 +1126,6 @@ "http.request.method": "GET", "input.type": "log", "offset": 14767, - "prospector.type": "log", "source_ecs.ip": "192.168.1.146", "source_ecs.port": 52340, "suricata.eve.alert.action": "allowed", @@ -1204,7 +1185,6 @@ "http.request.method": "GET", "input.type": "log", "offset": 15651, - "prospector.type": "log", "source_ecs.ip": "192.168.1.146", "source_ecs.port": 52340, "suricata.eve.alert.action": "allowed", @@ -1247,4 +1227,4 @@ "user_agent.os.full_name": "Debian", "user_agent.os.name": "Debian" } -] \ No newline at end of file +] diff --git a/x-pack/filebeat/module/suricata/eve/test/eve-small.log-expected.json b/x-pack/filebeat/module/suricata/eve/test/eve-small.log-expected.json index cd493ef74737..e8ce871d341c 100644 --- a/x-pack/filebeat/module/suricata/eve/test/eve-small.log-expected.json +++ b/x-pack/filebeat/module/suricata/eve/test/eve-small.log-expected.json @@ -8,7 +8,6 @@ "fileset.name": "eve", "input.type": "log", "offset": 0, - "prospector.type": "log", "source_ecs.ip": "192.168.86.85", "source_ecs.port": 55406, "suricata.eve.dest_ip": "192.168.253.112", @@ -37,7 +36,6 @@ "fileset.name": "eve", "input.type": "log", "offset": 350, - "prospector.type": "log", "source_ecs.ip": "192.168.86.85", "source_ecs.port": 55641, "suricata.eve.alert.action": "allowed", @@ -81,7 +79,6 @@ "http.response.status_code": "200", "input.type": "log", "offset": 985, - "prospector.type": "log", "source_ecs.ip": "192.168.86.85", "source_ecs.port": 56119, "suricata.eve.dest_ip": "192.168.86.28", @@ -129,7 +126,6 @@ "http.response.status_code": "200", "input.type": "log", "offset": 1507, - "prospector.type": "log", "source_ecs.ip": "192.168.86.28", "source_ecs.port": 8008, "suricata.eve.app_proto": "http", @@ -182,7 +178,6 @@ "fileset.name": "eve", "input.type": "log", "offset": 2347, - "prospector.type": "log", "source_ecs.ip": "192.168.86.1", "source_ecs.port": 53, "suricata.eve.dest_ip": "192.168.86.85", @@ -212,7 +207,6 @@ "fileset.name": "eve", "input.type": "log", "offset": 2687, - "prospector.type": "log", "suricata.eve.event_type": "stats", "suricata.eve.stats.app_layer.flow.dcerpc_tcp": 0, "suricata.eve.stats.app_layer.flow.dcerpc_udp": 0, @@ -348,7 +342,6 @@ "fileset.name": "eve", "input.type": "log", "offset": 4683, - "prospector.type": "log", "source_ecs.ip": "192.168.86.85", "source_ecs.port": 56187, "suricata.eve.dest_ip": "17.142.164.13", @@ -381,7 +374,6 @@ "fileset.name": "eve", "input.type": "log", "offset": 5308, - "prospector.type": "log", "source_ecs.ip": "fe80:0000:0000:0000:fada:0cff:fedc:87f1", "source_ecs.port": 546, "suricata.eve.app_proto": "failed", @@ -407,4 +399,4 @@ "suricata" ] } -] \ No newline at end of file +] From e0dd265ed9d907b5c6afc7445a47e0d84765e942 Mon Sep 17 00:00:00 2001 From: Nicolas Ruflin Date: Mon, 5 Nov 2018 08:41:17 -0500 Subject: [PATCH 06/11] Update filebeat/Makefile Co-Authored-By: ph --- filebeat/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/filebeat/Makefile b/filebeat/Makefile index 6e0bd3fe9792..d771b206816b 100644 --- a/filebeat/Makefile +++ b/filebeat/Makefile @@ -34,7 +34,7 @@ collect-docs: python-env @mkdir -p docs/modules @${PYTHON_ENV}/bin/python ${ES_BEATS}/filebeat/scripts/docs_collector.py --beat ${BEAT_NAME} -# Generate inputs for prospectors +# Generate imports for inputs .PHONY: imports imports: python-env @mkdir -p include From 0168d43fa953d962ba369a1b45bf066a821570e7 Mon Sep 17 00:00:00 2001 From: Pier-Hugues Pellerin Date: Mon, 5 Nov 2018 11:39:17 -0500 Subject: [PATCH 07/11] generate with ES snapshot --- filebeat/module/haproxy/log/test/default.log-expected.json | 1 + filebeat/module/haproxy/log/test/haproxy.log-expected.json | 1 + filebeat/module/icinga/startup/test/test.log-expected.json | 4 ++-- filebeat/module/iis/access/test/test.log-expected.json | 2 ++ filebeat/module/iis/error/test/test.log-expected.json | 3 +++ filebeat/module/nginx/access/test/test.log-expected.json | 3 +++ filebeat/module/system/auth/test/test.log-expected.json | 1 + filebeat/module/traefik/access/test/test.log-expected.json | 1 + 8 files changed, 14 insertions(+), 2 deletions(-) diff --git a/filebeat/module/haproxy/log/test/default.log-expected.json b/filebeat/module/haproxy/log/test/default.log-expected.json index 22f585bc611d..88b0e26ab5ae 100644 --- a/filebeat/module/haproxy/log/test/default.log-expected.json +++ b/filebeat/module/haproxy/log/test/default.log-expected.json @@ -13,6 +13,7 @@ "haproxy.geoip.country_iso_code": "US", "haproxy.geoip.location.lat": 47.913, "haproxy.geoip.location.lon": -122.3042, + "haproxy.geoip.region_iso_code": "US-WA", "haproxy.geoip.region_name": "Washington", "haproxy.mode": "HTTP", "haproxy.pid": "24551", diff --git a/filebeat/module/haproxy/log/test/haproxy.log-expected.json b/filebeat/module/haproxy/log/test/haproxy.log-expected.json index 243579ec85db..98f02332fab6 100644 --- a/filebeat/module/haproxy/log/test/haproxy.log-expected.json +++ b/filebeat/module/haproxy/log/test/haproxy.log-expected.json @@ -20,6 +20,7 @@ "haproxy.geoip.country_iso_code": "US", "haproxy.geoip.location.lat": 47.913, "haproxy.geoip.location.lon": -122.3042, + "haproxy.geoip.region_iso_code": "US-WA", "haproxy.geoip.region_name": "Washington", "haproxy.http.request.captured_cookie": "-", "haproxy.http.request.captured_headers": [ diff --git a/filebeat/module/icinga/startup/test/test.log-expected.json b/filebeat/module/icinga/startup/test/test.log-expected.json index efaa95e4c4ee..f0915ec8f53f 100644 --- a/filebeat/module/icinga/startup/test/test.log-expected.json +++ b/filebeat/module/icinga/startup/test/test.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2018-11-05T14:11:43.219Z", + "@timestamp": "2018-11-05T16:36:43.079Z", "fileset.module": "icinga", "fileset.name": "startup", "icinga.startup.facility": "cli", @@ -10,7 +10,7 @@ "offset": 0 }, { - "@timestamp": "2018-11-05T14:11:43.219Z", + "@timestamp": "2018-11-05T16:36:43.079Z", "fileset.module": "icinga", "fileset.name": "startup", "icinga.startup.facility": "cli", diff --git a/filebeat/module/iis/access/test/test.log-expected.json b/filebeat/module/iis/access/test/test.log-expected.json index d876948e3314..60f227700012 100644 --- a/filebeat/module/iis/access/test/test.log-expected.json +++ b/filebeat/module/iis/access/test/test.log-expected.json @@ -8,6 +8,7 @@ "iis.access.geoip.country_iso_code": "DE", "iis.access.geoip.location.lat": 52.5167, "iis.access.geoip.location.lon": 13.4, + "iis.access.geoip.region_iso_code": "DE-BE", "iis.access.geoip.region_name": "Land Berlin", "iis.access.method": "GET", "iis.access.port": "80", @@ -73,6 +74,7 @@ "iis.access.geoip.country_iso_code": "DE", "iis.access.geoip.location.lat": 52.5167, "iis.access.geoip.location.lon": 13.4, + "iis.access.geoip.region_iso_code": "DE-BE", "iis.access.geoip.region_name": "Land Berlin", "iis.access.hostname": "example.com", "iis.access.http_version": "1.1", diff --git a/filebeat/module/iis/error/test/test.log-expected.json b/filebeat/module/iis/error/test/test.log-expected.json index 112bf8ffa4a5..2641c5b5ef46 100644 --- a/filebeat/module/iis/error/test/test.log-expected.json +++ b/filebeat/module/iis/error/test/test.log-expected.json @@ -25,6 +25,7 @@ "iis.error.geoip.country_iso_code": "DE", "iis.error.geoip.location.lat": 52.5167, "iis.error.geoip.location.lon": 13.4, + "iis.error.geoip.region_iso_code": "DE-BE", "iis.error.geoip.region_name": "Land Berlin", "iis.error.http_version": "1.1", "iis.error.method": "GET", @@ -48,6 +49,7 @@ "iis.error.geoip.country_iso_code": "DE", "iis.error.geoip.location.lat": 52.5167, "iis.error.geoip.location.lon": 13.4, + "iis.error.geoip.region_iso_code": "DE-BE", "iis.error.geoip.region_name": "Land Berlin", "iis.error.http_version": "2.0", "iis.error.method": "GET", @@ -71,6 +73,7 @@ "iis.error.geoip.country_iso_code": "DE", "iis.error.geoip.location.lat": 52.5167, "iis.error.geoip.location.lon": 13.4, + "iis.error.geoip.region_iso_code": "DE-BE", "iis.error.geoip.region_name": "Land Berlin", "iis.error.queue_name": "-", "iis.error.reason_phrase": "Timer_MinBytesPerSecond", diff --git a/filebeat/module/nginx/access/test/test.log-expected.json b/filebeat/module/nginx/access/test/test.log-expected.json index 9796c5e317da..40229b57709a 100644 --- a/filebeat/module/nginx/access/test/test.log-expected.json +++ b/filebeat/module/nginx/access/test/test.log-expected.json @@ -65,6 +65,7 @@ "nginx.access.geoip.country_iso_code": "DE", "nginx.access.geoip.location.lat": 52.5167, "nginx.access.geoip.location.lon": 13.4, + "nginx.access.geoip.region_iso_code": "DE-BE", "nginx.access.geoip.region_name": "Land Berlin", "nginx.access.http_version": "1.1", "nginx.access.method": "GET", @@ -100,6 +101,7 @@ "nginx.access.geoip.country_iso_code": "DE", "nginx.access.geoip.location.lat": 52.5167, "nginx.access.geoip.location.lon": 13.4, + "nginx.access.geoip.region_iso_code": "DE-BE", "nginx.access.geoip.region_name": "Land Berlin", "nginx.access.http_version": "1.1", "nginx.access.method": "GET", @@ -133,6 +135,7 @@ "nginx.access.geoip.country_iso_code": "US", "nginx.access.geoip.location.lat": 39.772, "nginx.access.geoip.location.lon": -89.6859, + "nginx.access.geoip.region_iso_code": "US-IL", "nginx.access.geoip.region_name": "Illinois", "nginx.access.http_version": "1.1", "nginx.access.method": "GET", diff --git a/filebeat/module/system/auth/test/test.log-expected.json b/filebeat/module/system/auth/test/test.log-expected.json index 1905c6fbc7a3..68966435d4c3 100644 --- a/filebeat/module/system/auth/test/test.log-expected.json +++ b/filebeat/module/system/auth/test/test.log-expected.json @@ -57,6 +57,7 @@ "system.auth.ssh.geoip.country_iso_code": "CN", "system.auth.ssh.geoip.location.lat": 22.5333, "system.auth.ssh.geoip.location.lon": 114.1333, + "system.auth.ssh.geoip.region_iso_code": "CN-44", "system.auth.ssh.geoip.region_name": "Guangdong", "system.auth.ssh.ip": "116.31.116.24", "system.auth.ssh.method": "password", diff --git a/filebeat/module/traefik/access/test/test.log-expected.json b/filebeat/module/traefik/access/test/test.log-expected.json index 54151c2ea67c..512359f0e4b8 100644 --- a/filebeat/module/traefik/access/test/test.log-expected.json +++ b/filebeat/module/traefik/access/test/test.log-expected.json @@ -34,6 +34,7 @@ "traefik.access.geoip.country_iso_code": "DE", "traefik.access.geoip.location.lat": 52.5167, "traefik.access.geoip.location.lon": 13.4, + "traefik.access.geoip.region_iso_code": "DE-BE", "traefik.access.geoip.region_name": "Land Berlin", "traefik.access.http_version": "1.1", "traefik.access.method": "GET", From 5b6e24771a90924aaff00d3cb20d5a53c4779453 Mon Sep 17 00:00:00 2001 From: Pier-Hugues Pellerin Date: Mon, 5 Nov 2018 14:15:59 -0500 Subject: [PATCH 08/11] update --- .../suricata/eve/test/eve-alerts.log-expected.json | 2 +- .../module/suricata/eve/test/eve-small.log-expected.json | 9 ++++++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/x-pack/filebeat/module/suricata/eve/test/eve-alerts.log-expected.json b/x-pack/filebeat/module/suricata/eve/test/eve-alerts.log-expected.json index 7bd2b03cc0d7..3606b91886d6 100644 --- a/x-pack/filebeat/module/suricata/eve/test/eve-alerts.log-expected.json +++ b/x-pack/filebeat/module/suricata/eve/test/eve-alerts.log-expected.json @@ -1227,4 +1227,4 @@ "user_agent.os.full_name": "Debian", "user_agent.os.name": "Debian" } -] +] \ No newline at end of file diff --git a/x-pack/filebeat/module/suricata/eve/test/eve-small.log-expected.json b/x-pack/filebeat/module/suricata/eve/test/eve-small.log-expected.json index e8ce871d341c..38478592e975 100644 --- a/x-pack/filebeat/module/suricata/eve/test/eve-small.log-expected.json +++ b/x-pack/filebeat/module/suricata/eve/test/eve-small.log-expected.json @@ -331,10 +331,13 @@ }, { "@timestamp": "2018-07-05T19:51:50.666Z", + "destination.geo.city_name": "Cupertino", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 37.3042, + "destination.geo.location.lon": -122.0946, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "17.142.164.13", "destination.port": 443, "event.type": "tls", @@ -399,4 +402,4 @@ "suricata" ] } -] +] \ No newline at end of file From 5a1c826039a372ab0a6514d9dc99efbda3287b2d Mon Sep 17 00:00:00 2001 From: Pier-Hugues Pellerin Date: Mon, 5 Nov 2018 15:02:10 -0500 Subject: [PATCH 09/11] missing? --- filebeat/module/icinga/startup/test/test.log-expected.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/filebeat/module/icinga/startup/test/test.log-expected.json b/filebeat/module/icinga/startup/test/test.log-expected.json index f0915ec8f53f..6566bee7de9e 100644 --- a/filebeat/module/icinga/startup/test/test.log-expected.json +++ b/filebeat/module/icinga/startup/test/test.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2018-11-05T16:36:43.079Z", + "@timestamp": "2018-11-05T19:58:39.971Z", "fileset.module": "icinga", "fileset.name": "startup", "icinga.startup.facility": "cli", @@ -10,7 +10,7 @@ "offset": 0 }, { - "@timestamp": "2018-11-05T16:36:43.079Z", + "@timestamp": "2018-11-05T19:58:39.971Z", "fileset.module": "icinga", "fileset.name": "startup", "icinga.startup.facility": "cli", From 92ad6bf908326115f228444a7e61a5400af9cac5 Mon Sep 17 00:00:00 2001 From: beats-jenkins Date: Mon, 5 Nov 2018 21:47:52 +0100 Subject: [PATCH 10/11] generated diff --- .../haproxy/log/test/default.log-expected.json | 7 ++----- .../haproxy/log/test/haproxy.log-expected.json | 7 ++----- .../icinga/startup/test/test.log-expected.json | 4 ++-- .../module/iis/access/test/test.log-expected.json | 8 ++++---- .../module/iis/error/test/test.log-expected.json | 12 ++++++------ .../module/nginx/access/test/test.log-expected.json | 8 ++++---- .../module/system/auth/test/test.log-expected.json | 7 +++---- .../traefik/access/test/test.log-expected.json | 4 ++-- 8 files changed, 25 insertions(+), 32 deletions(-) diff --git a/filebeat/module/haproxy/log/test/default.log-expected.json b/filebeat/module/haproxy/log/test/default.log-expected.json index 88b0e26ab5ae..0e9be9a33b90 100644 --- a/filebeat/module/haproxy/log/test/default.log-expected.json +++ b/filebeat/module/haproxy/log/test/default.log-expected.json @@ -8,13 +8,10 @@ "haproxy.destination.ip": "1.2.3.4", "haproxy.destination.port": "5000", "haproxy.frontend_name": "main", - "haproxy.geoip.city_name": "Mukilteo", "haproxy.geoip.continent_name": "North America", "haproxy.geoip.country_iso_code": "US", - "haproxy.geoip.location.lat": 47.913, - "haproxy.geoip.location.lon": -122.3042, - "haproxy.geoip.region_iso_code": "US-WA", - "haproxy.geoip.region_name": "Washington", + "haproxy.geoip.location.lat": 37.751, + "haproxy.geoip.location.lon": -97.822, "haproxy.mode": "HTTP", "haproxy.pid": "24551", "haproxy.process_name": "haproxy", diff --git a/filebeat/module/haproxy/log/test/haproxy.log-expected.json b/filebeat/module/haproxy/log/test/haproxy.log-expected.json index 98f02332fab6..d4b7b5df516f 100644 --- a/filebeat/module/haproxy/log/test/haproxy.log-expected.json +++ b/filebeat/module/haproxy/log/test/haproxy.log-expected.json @@ -15,13 +15,10 @@ "haproxy.connections.retries": 0, "haproxy.connections.server": 0, "haproxy.frontend_name": "incoming~", - "haproxy.geoip.city_name": "Mukilteo", "haproxy.geoip.continent_name": "North America", "haproxy.geoip.country_iso_code": "US", - "haproxy.geoip.location.lat": 47.913, - "haproxy.geoip.location.lon": -122.3042, - "haproxy.geoip.region_iso_code": "US-WA", - "haproxy.geoip.region_name": "Washington", + "haproxy.geoip.location.lat": 37.751, + "haproxy.geoip.location.lon": -97.822, "haproxy.http.request.captured_cookie": "-", "haproxy.http.request.captured_headers": [ "docs.example.internal" diff --git a/filebeat/module/icinga/startup/test/test.log-expected.json b/filebeat/module/icinga/startup/test/test.log-expected.json index 6566bee7de9e..37d44ab8af05 100644 --- a/filebeat/module/icinga/startup/test/test.log-expected.json +++ b/filebeat/module/icinga/startup/test/test.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2018-11-05T19:58:39.971Z", + "@timestamp": "2018-11-05T20:45:13.262Z", "fileset.module": "icinga", "fileset.name": "startup", "icinga.startup.facility": "cli", @@ -10,7 +10,7 @@ "offset": 0 }, { - "@timestamp": "2018-11-05T19:58:39.971Z", + "@timestamp": "2018-11-05T20:45:13.262Z", "fileset.module": "icinga", "fileset.name": "startup", "icinga.startup.facility": "cli", diff --git a/filebeat/module/iis/access/test/test.log-expected.json b/filebeat/module/iis/access/test/test.log-expected.json index 60f227700012..faa34b74378e 100644 --- a/filebeat/module/iis/access/test/test.log-expected.json +++ b/filebeat/module/iis/access/test/test.log-expected.json @@ -6,8 +6,8 @@ "iis.access.geoip.city_name": "Berlin", "iis.access.geoip.continent_name": "Europe", "iis.access.geoip.country_iso_code": "DE", - "iis.access.geoip.location.lat": 52.5167, - "iis.access.geoip.location.lon": 13.4, + "iis.access.geoip.location.lat": 52.4908, + "iis.access.geoip.location.lon": 13.3275, "iis.access.geoip.region_iso_code": "DE-BE", "iis.access.geoip.region_name": "Land Berlin", "iis.access.method": "GET", @@ -72,8 +72,8 @@ "iis.access.geoip.city_name": "Berlin", "iis.access.geoip.continent_name": "Europe", "iis.access.geoip.country_iso_code": "DE", - "iis.access.geoip.location.lat": 52.5167, - "iis.access.geoip.location.lon": 13.4, + "iis.access.geoip.location.lat": 52.4908, + "iis.access.geoip.location.lon": 13.3275, "iis.access.geoip.region_iso_code": "DE-BE", "iis.access.geoip.region_name": "Land Berlin", "iis.access.hostname": "example.com", diff --git a/filebeat/module/iis/error/test/test.log-expected.json b/filebeat/module/iis/error/test/test.log-expected.json index 2641c5b5ef46..e630b2d74578 100644 --- a/filebeat/module/iis/error/test/test.log-expected.json +++ b/filebeat/module/iis/error/test/test.log-expected.json @@ -23,8 +23,8 @@ "iis.error.geoip.city_name": "Berlin", "iis.error.geoip.continent_name": "Europe", "iis.error.geoip.country_iso_code": "DE", - "iis.error.geoip.location.lat": 52.5167, - "iis.error.geoip.location.lon": 13.4, + "iis.error.geoip.location.lat": 52.4908, + "iis.error.geoip.location.lon": 13.3275, "iis.error.geoip.region_iso_code": "DE-BE", "iis.error.geoip.region_name": "Land Berlin", "iis.error.http_version": "1.1", @@ -47,8 +47,8 @@ "iis.error.geoip.city_name": "Berlin", "iis.error.geoip.continent_name": "Europe", "iis.error.geoip.country_iso_code": "DE", - "iis.error.geoip.location.lat": 52.5167, - "iis.error.geoip.location.lon": 13.4, + "iis.error.geoip.location.lat": 52.4908, + "iis.error.geoip.location.lon": 13.3275, "iis.error.geoip.region_iso_code": "DE-BE", "iis.error.geoip.region_name": "Land Berlin", "iis.error.http_version": "2.0", @@ -71,8 +71,8 @@ "iis.error.geoip.city_name": "Berlin", "iis.error.geoip.continent_name": "Europe", "iis.error.geoip.country_iso_code": "DE", - "iis.error.geoip.location.lat": 52.5167, - "iis.error.geoip.location.lon": 13.4, + "iis.error.geoip.location.lat": 52.4908, + "iis.error.geoip.location.lon": 13.3275, "iis.error.geoip.region_iso_code": "DE-BE", "iis.error.geoip.region_name": "Land Berlin", "iis.error.queue_name": "-", diff --git a/filebeat/module/nginx/access/test/test.log-expected.json b/filebeat/module/nginx/access/test/test.log-expected.json index 40229b57709a..78e749505fbe 100644 --- a/filebeat/module/nginx/access/test/test.log-expected.json +++ b/filebeat/module/nginx/access/test/test.log-expected.json @@ -63,8 +63,8 @@ "nginx.access.geoip.city_name": "Berlin", "nginx.access.geoip.continent_name": "Europe", "nginx.access.geoip.country_iso_code": "DE", - "nginx.access.geoip.location.lat": 52.5167, - "nginx.access.geoip.location.lon": 13.4, + "nginx.access.geoip.location.lat": 52.4908, + "nginx.access.geoip.location.lon": 13.3275, "nginx.access.geoip.region_iso_code": "DE-BE", "nginx.access.geoip.region_name": "Land Berlin", "nginx.access.http_version": "1.1", @@ -99,8 +99,8 @@ "nginx.access.geoip.city_name": "Berlin", "nginx.access.geoip.continent_name": "Europe", "nginx.access.geoip.country_iso_code": "DE", - "nginx.access.geoip.location.lat": 52.5167, - "nginx.access.geoip.location.lon": 13.4, + "nginx.access.geoip.location.lat": 52.4908, + "nginx.access.geoip.location.lon": 13.3275, "nginx.access.geoip.region_iso_code": "DE-BE", "nginx.access.geoip.region_name": "Land Berlin", "nginx.access.http_version": "1.1", diff --git a/filebeat/module/system/auth/test/test.log-expected.json b/filebeat/module/system/auth/test/test.log-expected.json index 68966435d4c3..5c9e5da44469 100644 --- a/filebeat/module/system/auth/test/test.log-expected.json +++ b/filebeat/module/system/auth/test/test.log-expected.json @@ -52,12 +52,11 @@ "system.auth.hostname": "slave22", "system.auth.pid": "5774", "system.auth.ssh.event": "Failed", - "system.auth.ssh.geoip.city_name": "Shenzhen", "system.auth.ssh.geoip.continent_name": "Asia", "system.auth.ssh.geoip.country_iso_code": "CN", - "system.auth.ssh.geoip.location.lat": 22.5333, - "system.auth.ssh.geoip.location.lon": 114.1333, - "system.auth.ssh.geoip.region_iso_code": "CN-44", + "system.auth.ssh.geoip.location.lat": 23.1167, + "system.auth.ssh.geoip.location.lon": 113.25, + "system.auth.ssh.geoip.region_iso_code": "CN-GD", "system.auth.ssh.geoip.region_name": "Guangdong", "system.auth.ssh.ip": "116.31.116.24", "system.auth.ssh.method": "password", diff --git a/filebeat/module/traefik/access/test/test.log-expected.json b/filebeat/module/traefik/access/test/test.log-expected.json index 512359f0e4b8..30b629143980 100644 --- a/filebeat/module/traefik/access/test/test.log-expected.json +++ b/filebeat/module/traefik/access/test/test.log-expected.json @@ -32,8 +32,8 @@ "traefik.access.geoip.city_name": "Berlin", "traefik.access.geoip.continent_name": "Europe", "traefik.access.geoip.country_iso_code": "DE", - "traefik.access.geoip.location.lat": 52.5167, - "traefik.access.geoip.location.lon": 13.4, + "traefik.access.geoip.location.lat": 52.4908, + "traefik.access.geoip.location.lon": 13.3275, "traefik.access.geoip.region_iso_code": "DE-BE", "traefik.access.geoip.region_name": "Land Berlin", "traefik.access.http_version": "1.1", From 3f975e2b7f5d049102a46ea6415e64e1df4949b9 Mon Sep 17 00:00:00 2001 From: Pier-Hugues Pellerin Date: Mon, 5 Nov 2018 16:44:43 -0500 Subject: [PATCH 11/11] fix suricata --- .../module/suricata/eve/test/eve-small.log-expected.json | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/x-pack/filebeat/module/suricata/eve/test/eve-small.log-expected.json b/x-pack/filebeat/module/suricata/eve/test/eve-small.log-expected.json index 38478592e975..26b7678de6bf 100644 --- a/x-pack/filebeat/module/suricata/eve/test/eve-small.log-expected.json +++ b/x-pack/filebeat/module/suricata/eve/test/eve-small.log-expected.json @@ -331,13 +331,10 @@ }, { "@timestamp": "2018-07-05T19:51:50.666Z", - "destination.geo.city_name": "Cupertino", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", - "destination.geo.location.lat": 37.3042, - "destination.geo.location.lon": -122.0946, - "destination.geo.region_iso_code": "US-CA", - "destination.geo.region_name": "California", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, "destination.ip": "17.142.164.13", "destination.port": 443, "event.type": "tls",