Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Improve ECS categorization field mappings for mssql module.
Browse files Browse the repository at this point in the history 
- event.kind
- event.category
- event.type

Closes elastic#16171
@leehinman
leehinman committed Mar 31, 2020
1 parent 8486777 commit 020fe5e
Showing 3 changed files with 115 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
View file
Original file line number Diff line number Diff line change
@@ -216,6 +216,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Added new module `crowdstrike` for ingesting Crowdstrike Falcon streaming API endpoint event data. {pull}16988[16988]
- Added documentation for running Filebeat in Cloud Foundry. {pull}17275[17275]
- Move azure-eventhub input to GA. {issue}15671[15671] {pull}17313[17313]
- Improve ECS categorization field mappings for mssql module. {issue}16171[16171] {pull}17376[17376]

*Heartbeat*

9 changes: 9 additions & 0 deletions x-pack/filebeat/module/mssql/log/ingest/pipeline.yml
View file
Original file line number Diff line number Diff line change
@@ -35,6 +35,15 @@ processors:
field: msg_temp
target_field: message
ignore_missing: true
- set:
field: event.kind
value: event
- append:
field: event.category
value: database
- append:
field: event.type
value: info
on_failure:
- set:
field: error.message
105 changes: 105 additions & 0 deletions x-pack/filebeat/module/mssql/log/test/test.log-expected.json
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,16 @@
[
{
"@timestamp": "2019-05-03T09:01:09.990-02:00",
"event.category": [
"database"
],
"event.dataset": "mssql.log",
"event.kind": "event",
"event.module": "mssql",
"event.timezone": "-02:00",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.flags": [
@@ -17,9 +24,16 @@
},
{
"@timestamp": "2019-05-03T09:01:09.990-02:00",
"event.category": [
"database"
],
"event.dataset": "mssql.log",
"event.kind": "event",
"event.module": "mssql",
"event.timezone": "-02:00",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.offset": 226,
@@ -30,9 +44,16 @@
},
{
"@timestamp": "2019-05-03T09:01:09.990-02:00",
"event.category": [
"database"
],
"event.dataset": "mssql.log",
"event.kind": "event",
"event.module": "mssql",
"event.timezone": "-02:00",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.offset": 282,
@@ -43,9 +64,16 @@
},
{
"@timestamp": "2019-05-03T09:01:09.990-02:00",
"event.category": [
"database"
],
"event.dataset": "mssql.log",
"event.kind": "event",
"event.module": "mssql",
"event.timezone": "-02:00",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.offset": 344,
@@ -56,9 +84,16 @@
},
{
"@timestamp": "2019-05-03T09:01:10.000-02:00",
"event.category": [
"database"
],
"event.dataset": "mssql.log",
"event.kind": "event",
"event.module": "mssql",
"event.timezone": "-02:00",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.offset": 400,
@@ -69,9 +104,16 @@
},
{
"@timestamp": "2019-05-03T09:01:10.000-02:00",
"event.category": [
"database"
],
"event.dataset": "mssql.log",
"event.kind": "event",
"event.module": "mssql",
"event.timezone": "-02:00",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.offset": 462,
@@ -82,9 +124,16 @@
},
{
"@timestamp": "2019-05-03T09:01:10.000-02:00",
"event.category": [
"database"
],
"event.dataset": "mssql.log",
"event.kind": "event",
"event.module": "mssql",
"event.timezone": "-02:00",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.flags": [
@@ -98,9 +147,16 @@
},
{
"@timestamp": "2019-05-03T09:01:10.000-02:00",
"event.category": [
"database"
],
"event.dataset": "mssql.log",
"event.kind": "event",
"event.module": "mssql",
"event.timezone": "-02:00",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.offset": 734,
@@ -111,9 +167,16 @@
},
{
"@timestamp": "2019-05-03T09:01:10.000-02:00",
"event.category": [
"database"
],
"event.dataset": "mssql.log",
"event.kind": "event",
"event.module": "mssql",
"event.timezone": "-02:00",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.offset": 1011,
@@ -124,9 +187,16 @@
},
{
"@timestamp": "2019-05-03T09:01:10.000-02:00",
"event.category": [
"database"
],
"event.dataset": "mssql.log",
"event.kind": "event",
"event.module": "mssql",
"event.timezone": "-02:00",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.offset": 1166,
@@ -137,9 +207,16 @@
},
{
"@timestamp": "2019-05-03T09:01:10.000-02:00",
"event.category": [
"database"
],
"event.dataset": "mssql.log",
"event.kind": "event",
"event.module": "mssql",
"event.timezone": "-02:00",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.offset": 1289,
@@ -150,9 +227,16 @@
},
{
"@timestamp": "2019-05-03T09:01:10.010-02:00",
"event.category": [
"database"
],
"event.dataset": "mssql.log",
"event.kind": "event",
"event.module": "mssql",
"event.timezone": "-02:00",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.offset": 1373,
@@ -163,9 +247,16 @@
},
{
"@timestamp": "2019-05-03T09:01:10.200-02:00",
"event.category": [
"database"
],
"event.dataset": "mssql.log",
"event.kind": "event",
"event.module": "mssql",
"event.timezone": "-02:00",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.offset": 1435,
@@ -176,9 +267,16 @@
},
{
"@timestamp": "2019-05-03T09:01:11.930-02:00",
"event.category": [
"database"
],
"event.dataset": "mssql.log",
"event.kind": "event",
"event.module": "mssql",
"event.timezone": "-02:00",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.offset": 1528,
@@ -189,9 +287,16 @@
},
{
"@timestamp": "2019-05-03T09:01:12.030-02:00",
"event.category": [
"database"
],
"event.dataset": "mssql.log",
"event.kind": "event",
"event.module": "mssql",
"event.timezone": "-02:00",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.offset": 1599,

0 comments on commit 020fe5e

Please sign in to comment.