diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index db64e26d1d4a..179f2f17100b 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -231,6 +231,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add ECS categorization fields to activemq module. {issue}16151[16151] {pull}16201[16201] - Improve ECS field mappings in aws module. {issue}16154[16154] {pull}16307[16307] - Improve ECS categorization field mappings in googlecloud module. {issue}16030[16030] {pull}16500[16500] +- Improve ECS categorization field mappings in kibana module. {issue}16168[16168] {pull}16652[16652] - Add `cloudfoundry` input to send events from Cloud Foundry. {pull}16586[16586] - Improve ECS field mappings in haproxy module. {issue}16162[16162] {pull}16529[16529] - Allow users to override pipeline ID in fileset input config. {issue}9531[9531] {pull}16561[16561] diff --git a/filebeat/module/kibana/log/ingest/pipeline.json b/filebeat/module/kibana/log/ingest/pipeline.json deleted file mode 100755 index 8e6d788ea4d5..000000000000 --- a/filebeat/module/kibana/log/ingest/pipeline.json +++ /dev/null @@ -1,169 +0,0 @@ -{ - "description": "Pipeline for parsing Kibana logs", - "on_failure": [ - { - "set": { - "field": "error.message", - "value": "{{ _ingest.on_failure_message }}" - } - } - ], - "processors": [ - { - "rename": { - "field": "@timestamp", - "target_field": "event.created" - } - }, - - { - "rename": { - "field": "json", - "target_field": "kibana.log.meta" - } - }, - { - "date": { - "field": "kibana.log.meta.@timestamp", - "formats" : ["ISO8601"], - "target_field": "@timestamp" - } - }, - { - "remove": { - "field": "kibana.log.meta.@timestamp" - } - }, - - { - "rename": { - "field": "kibana.log.meta.message", - "target_field": "message" - } - }, - { - "rename": { - "field": "kibana.log.meta.state", - "target_field": "kibana.log.state", - "ignore_missing": true - } - }, - { - "rename": { - "field": "kibana.log.meta.pid", - "target_field": "process.pid" - } - }, - { - "rename": { - "field": "kibana.log.meta.tags", - "target_field": "kibana.log.tags" - } - }, - { - "rename": { - "field": "kibana.log.meta.res.statusCode", - "target_field": "http.response.status_code", - "ignore_missing": true - } - }, - { - "rename": { - "field": "kibana.log.meta.res.responseTime", - "target_field": "temp.duration", - "ignore_missing": true - } - }, - { - "script": { - "lang": "painless", - "source": "ctx.event.duration = Math.round(ctx.temp.duration * params.scale)", - "params": { "scale": 1000000 }, - "if": "ctx.temp?.duration != null" - } - - }, - { - "remove": { - "field": "temp.duration", - "ignore_missing": true - } - }, - { - "rename": { - "field": "kibana.log.meta.res.contentLength", - "target_field": "http.response.body.bytes", - "ignore_missing": true - } - }, - { - "rename": { - "field": "kibana.log.meta.req.method", - "target_field": "http.request.method", - "ignore_missing": true - } - }, - - { - "rename": { - "field": "kibana.log.meta.req.headers.referer", - "target_field": "http.request.referrer", - "ignore_missing": true - } - }, - { - "rename": { - "field": "kibana.log.meta.req.headers.user-agent", - "target_field": "user_agent.original", - "ignore_missing": true - } - }, - { - "rename": { - "field": "kibana.log.meta.req.remoteAddress", - "target_field": "source.address", - "ignore_missing": true - } - }, - { - "set": { - "field": "source.ip", - "value": "{{source.address}}", - "if": "ctx.source?.address != null" - } - }, - { - "rename": { - "field": "kibana.log.meta.req.url", - "target_field": "url.original", - "ignore_missing": true - } - }, - - { - "remove": { - "field": "kibana.log.meta.req.referer", - "ignore_missing": true - } - }, - { - "remove": { - "field": "kibana.log.meta.statusCode", - "ignore_missing": true - } - }, - { - "remove": { - "field": "kibana.log.meta.method", - "ignore_missing": true - } - }, - - { - "append": { - "field": "service.name", - "value": "kibana" - } - } - ] -} diff --git a/filebeat/module/kibana/log/ingest/pipeline.yml b/filebeat/module/kibana/log/ingest/pipeline.yml new file mode 100644 index 000000000000..2e56e598b8d1 --- /dev/null +++ b/filebeat/module/kibana/log/ingest/pipeline.yml @@ -0,0 +1,111 @@ +description: Pipeline for parsing Kibana logs +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' +processors: +- rename: + field: '@timestamp' + target_field: event.created +- rename: + field: json + target_field: kibana.log.meta +- date: + field: kibana.log.meta.@timestamp + formats: + - ISO8601 + target_field: '@timestamp' +- remove: + field: kibana.log.meta.@timestamp +- rename: + field: kibana.log.meta.message + target_field: message +- rename: + field: kibana.log.meta.state + target_field: kibana.log.state + ignore_missing: true +- rename: + field: kibana.log.meta.pid + target_field: process.pid +- rename: + field: kibana.log.meta.tags + target_field: kibana.log.tags +- rename: + field: kibana.log.meta.res.statusCode + target_field: http.response.status_code + ignore_missing: true +- rename: + field: kibana.log.meta.res.responseTime + target_field: temp.duration + ignore_missing: true +- script: + lang: painless + source: ctx.event.duration = Math.round(ctx.temp.duration * params.scale) + params: + scale: 1000000 + if: ctx.temp?.duration != null +- remove: + field: temp.duration + ignore_missing: true +- rename: + field: kibana.log.meta.res.contentLength + target_field: http.response.body.bytes + ignore_missing: true +- rename: + field: kibana.log.meta.req.method + target_field: http.request.method + ignore_missing: true +- rename: + field: kibana.log.meta.req.headers.referer + target_field: http.request.referrer + ignore_missing: true +- rename: + field: kibana.log.meta.req.headers.user-agent + target_field: user_agent.original + ignore_missing: true +- rename: + field: kibana.log.meta.req.remoteAddress + target_field: source.address + ignore_missing: true +- set: + field: source.ip + value: '{{source.address}}' + if: ctx.source?.address != null +- rename: + field: kibana.log.meta.req.url + target_field: url.original + ignore_missing: true +- remove: + field: kibana.log.meta.req.referer + ignore_missing: true +- remove: + field: kibana.log.meta.statusCode + ignore_missing: true +- remove: + field: kibana.log.meta.method + ignore_missing: true +- append: + field: service.name + value: kibana +- set: + field: event.kind + value: event +- script: + lang: painless + source: >- + if (ctx?.kibana?.log?.state != null) { + if (ctx.kibana.log.state == "red") { + ctx.event.type = "error"; + } else { + ctx.event.type = "info"; + } + } + +- set: + field: event.outcome + value: success + if: "ctx?.http?.response?.status_code != null && ctx.http.response.status_code < 400" +- set: + field: event.outcome + value: failure + if: "ctx?.http?.response?.status_code != null && ctx.http.response.status_code >= 400" diff --git a/filebeat/module/kibana/log/manifest.yml b/filebeat/module/kibana/log/manifest.yml index b0286823a807..8df3561d0dfb 100644 --- a/filebeat/module/kibana/log/manifest.yml +++ b/filebeat/module/kibana/log/manifest.yml @@ -5,5 +5,5 @@ var: default: - /var/log/kibana/kibana.stdout -ingest_pipeline: ingest/pipeline.json +ingest_pipeline: ingest/pipeline.yml input: config/log.yml diff --git a/filebeat/module/kibana/log/test/log.624.log-expected.json b/filebeat/module/kibana/log/test/log.624.log-expected.json index 3e172e824160..0f988b9106c0 100644 --- a/filebeat/module/kibana/log/test/log.624.log-expected.json +++ b/filebeat/module/kibana/log/test/log.624.log-expected.json @@ -2,7 +2,9 @@ { "@timestamp": "2018-05-09T10:57:32.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -25,7 +27,9 @@ { "@timestamp": "2018-05-09T10:57:32.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -48,7 +52,9 @@ { "@timestamp": "2018-05-09T10:57:32.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -71,7 +77,9 @@ { "@timestamp": "2018-05-09T10:57:32.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -94,7 +102,9 @@ { "@timestamp": "2018-05-09T10:57:32.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -117,7 +127,9 @@ { "@timestamp": "2018-05-09T10:57:32.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -140,7 +152,9 @@ { "@timestamp": "2018-05-09T10:57:32.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -163,7 +177,9 @@ { "@timestamp": "2018-05-09T10:57:32.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -186,7 +202,9 @@ { "@timestamp": "2018-05-09T10:57:32.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -209,7 +227,9 @@ { "@timestamp": "2018-05-09T10:57:32.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -232,7 +252,9 @@ { "@timestamp": "2018-05-09T10:57:32.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -255,7 +277,9 @@ { "@timestamp": "2018-05-09T10:57:32.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -278,7 +302,9 @@ { "@timestamp": "2018-05-09T10:57:32.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -301,6 +327,7 @@ { "@timestamp": "2018-05-09T10:57:32.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -320,6 +347,7 @@ { "@timestamp": "2018-05-09T10:57:32.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -339,7 +367,9 @@ { "@timestamp": "2018-05-09T10:57:32.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -362,7 +392,9 @@ { "@timestamp": "2018-05-09T10:57:32.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -385,7 +417,9 @@ { "@timestamp": "2018-05-09T10:57:32.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -408,7 +442,9 @@ { "@timestamp": "2018-05-09T10:57:32.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -431,7 +467,9 @@ { "@timestamp": "2018-05-09T10:57:32.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -454,7 +492,9 @@ { "@timestamp": "2018-05-09T10:57:32.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -477,7 +517,9 @@ { "@timestamp": "2018-05-09T10:57:32.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -500,6 +542,7 @@ { "@timestamp": "2018-05-09T10:57:34.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -519,7 +562,9 @@ { "@timestamp": "2018-05-09T10:57:34.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -542,6 +587,7 @@ { "@timestamp": "2018-05-09T10:57:34.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -561,7 +607,9 @@ { "@timestamp": "2018-05-09T10:57:34.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "Waiting for Elasticsearch", @@ -584,6 +632,7 @@ { "@timestamp": "2018-05-09T10:57:34.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -604,7 +653,9 @@ { "@timestamp": "2018-05-09T10:57:34.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "Waiting for Elasticsearch", @@ -627,7 +678,9 @@ { "@timestamp": "2018-05-09T10:57:34.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "Waiting for Elasticsearch", @@ -650,7 +703,9 @@ { "@timestamp": "2018-05-09T10:57:34.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "Waiting for Elasticsearch", @@ -673,7 +728,9 @@ { "@timestamp": "2018-05-09T10:57:34.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "Waiting for Elasticsearch", @@ -696,7 +753,9 @@ { "@timestamp": "2018-05-09T10:57:34.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "Waiting for Elasticsearch", @@ -719,7 +778,9 @@ { "@timestamp": "2018-05-09T10:57:34.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "Waiting for Elasticsearch", @@ -742,7 +803,9 @@ { "@timestamp": "2018-05-09T10:57:34.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "Waiting for Elasticsearch", @@ -765,7 +828,9 @@ { "@timestamp": "2018-05-09T10:57:34.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "Waiting for Elasticsearch", @@ -788,7 +853,9 @@ { "@timestamp": "2018-05-09T10:57:34.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "Waiting for Elasticsearch", @@ -811,7 +878,9 @@ { "@timestamp": "2018-05-09T10:57:34.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "Waiting for Elasticsearch", @@ -834,6 +903,7 @@ { "@timestamp": "2018-05-09T10:57:34.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -854,6 +924,7 @@ { "@timestamp": "2018-05-09T10:57:35.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -875,7 +946,9 @@ "@timestamp": "2018-05-09T10:57:51.000Z", "event.dataset": "kibana.log", "event.duration": 68000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.response.body.bytes": 9, @@ -906,7 +979,9 @@ "@timestamp": "2018-05-09T10:57:52.000Z", "event.dataset": "kibana.log", "event.duration": 224000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/", @@ -938,7 +1013,9 @@ "@timestamp": "2018-05-09T10:57:52.000Z", "event.dataset": "kibana.log", "event.duration": 43000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -970,7 +1047,9 @@ "@timestamp": "2018-05-09T10:57:52.000Z", "event.dataset": "kibana.log", "event.duration": 30000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -1002,7 +1081,9 @@ "@timestamp": "2018-05-09T10:57:52.000Z", "event.dataset": "kibana.log", "event.duration": 32000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -1035,7 +1116,9 @@ "@timestamp": "2018-05-09T10:57:52.000Z", "event.dataset": "kibana.log", "event.duration": 75000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -1067,7 +1150,9 @@ "@timestamp": "2018-05-09T10:57:52.000Z", "event.dataset": "kibana.log", "event.duration": 54000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -1099,7 +1184,9 @@ "@timestamp": "2018-05-09T10:57:52.000Z", "event.dataset": "kibana.log", "event.duration": 13000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -1132,7 +1219,9 @@ "@timestamp": "2018-05-09T10:57:52.000Z", "event.dataset": "kibana.log", "event.duration": 131000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -1164,7 +1253,9 @@ "@timestamp": "2018-05-09T10:57:53.000Z", "event.dataset": "kibana.log", "event.duration": 25000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -1196,7 +1287,9 @@ "@timestamp": "2018-05-09T10:57:53.000Z", "event.dataset": "kibana.log", "event.duration": 18000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -1228,7 +1321,9 @@ "@timestamp": "2018-05-09T10:57:54.000Z", "event.dataset": "kibana.log", "event.duration": 5000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -1262,7 +1357,9 @@ "@timestamp": "2018-05-09T10:57:54.000Z", "event.dataset": "kibana.log", "event.duration": 181000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -1295,7 +1392,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 10000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -1328,7 +1427,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 13000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -1361,7 +1462,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 19000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -1394,7 +1497,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 27000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -1427,7 +1532,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 28000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -1460,7 +1567,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 24000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -1493,7 +1602,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 26000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -1526,7 +1637,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 22000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -1559,7 +1672,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 22000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -1592,7 +1707,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 17000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -1625,7 +1742,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 15000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -1658,7 +1777,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 129000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -1690,7 +1811,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 5000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/bundles/commons.style.css", @@ -1723,7 +1846,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 3000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -1756,7 +1881,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 5000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -1788,7 +1915,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 15000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -1821,7 +1950,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 17000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -1854,7 +1985,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 20000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -1887,7 +2020,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 23000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -1920,7 +2055,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 26000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -1953,7 +2090,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 28000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -1986,7 +2125,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 4000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -2019,7 +2160,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 7000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -2052,7 +2195,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 7000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -2085,7 +2230,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 30000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -2118,7 +2265,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 20000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -2152,7 +2301,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 21000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -2185,7 +2336,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 26000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -2219,7 +2372,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 34000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -2252,7 +2407,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 44000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -2285,7 +2442,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 14000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -2318,7 +2477,9 @@ "@timestamp": "2018-05-09T10:57:56.000Z", "event.dataset": "kibana.log", "event.duration": 5000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", diff --git a/filebeat/module/kibana/log/test/log.verbose.624.log-expected.json b/filebeat/module/kibana/log/test/log.verbose.624.log-expected.json index 645ff0602948..e8cecf6d140a 100644 --- a/filebeat/module/kibana/log/test/log.verbose.624.log-expected.json +++ b/filebeat/module/kibana/log/test/log.verbose.624.log-expected.json @@ -2,6 +2,7 @@ { "@timestamp": "2018-05-09T10:58:59.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -22,6 +23,7 @@ { "@timestamp": "2018-05-09T10:58:59.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -55,6 +57,7 @@ { "@timestamp": "2018-05-09T10:58:59.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -75,6 +78,7 @@ { "@timestamp": "2018-05-09T10:58:59.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -95,6 +99,7 @@ { "@timestamp": "2018-05-09T10:58:59.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -115,6 +120,7 @@ { "@timestamp": "2018-05-09T10:58:59.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -135,6 +141,7 @@ { "@timestamp": "2018-05-09T10:58:59.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -155,6 +162,7 @@ { "@timestamp": "2018-05-09T10:58:59.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -175,6 +183,7 @@ { "@timestamp": "2018-05-09T10:58:59.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -195,6 +204,7 @@ { "@timestamp": "2018-05-09T10:58:59.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -215,6 +225,7 @@ { "@timestamp": "2018-05-09T10:58:59.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -235,6 +246,7 @@ { "@timestamp": "2018-05-09T10:58:59.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -255,6 +267,7 @@ { "@timestamp": "2018-05-09T10:58:59.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -275,6 +288,7 @@ { "@timestamp": "2018-05-09T10:58:59.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -295,6 +309,7 @@ { "@timestamp": "2018-05-09T10:58:59.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -315,6 +330,7 @@ { "@timestamp": "2018-05-09T10:58:59.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -335,6 +351,7 @@ { "@timestamp": "2018-05-09T10:58:59.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -355,6 +372,7 @@ { "@timestamp": "2018-05-09T10:58:59.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -375,6 +393,7 @@ { "@timestamp": "2018-05-09T10:58:59.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -395,6 +414,7 @@ { "@timestamp": "2018-05-09T10:58:59.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -415,6 +435,7 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -434,6 +455,7 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -456,7 +478,9 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -479,6 +503,7 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -500,7 +525,9 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -523,7 +550,9 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -546,7 +575,9 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -569,7 +600,9 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -592,6 +625,7 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -613,7 +647,9 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -636,7 +672,9 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -659,7 +697,9 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -682,7 +722,9 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -705,6 +747,7 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -726,6 +769,7 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -747,6 +791,7 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -768,6 +813,7 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -789,6 +835,7 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -810,6 +857,7 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -831,6 +879,7 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -853,6 +902,7 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -874,6 +924,7 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -895,6 +946,7 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -916,6 +968,7 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -937,6 +990,7 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -959,7 +1013,9 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -982,7 +1038,9 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -1005,7 +1063,9 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -1028,7 +1088,9 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -1051,6 +1113,7 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -1070,6 +1133,7 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -1089,7 +1153,9 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -1112,7 +1178,9 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -1135,7 +1203,9 @@ { "@timestamp": "2018-05-09T10:59:00.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -1158,7 +1228,9 @@ { "@timestamp": "2018-05-09T10:59:01.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -1181,6 +1253,7 @@ { "@timestamp": "2018-05-09T10:59:01.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -1206,7 +1279,9 @@ { "@timestamp": "2018-05-09T10:59:01.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -1229,7 +1304,9 @@ { "@timestamp": "2018-05-09T10:59:01.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -1252,6 +1329,7 @@ { "@timestamp": "2018-05-09T10:59:01.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -1274,7 +1352,9 @@ { "@timestamp": "2018-05-09T10:59:01.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -1297,6 +1377,7 @@ { "@timestamp": "2018-05-09T10:59:01.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -1319,6 +1400,7 @@ { "@timestamp": "2018-05-09T10:59:01.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -1339,6 +1421,7 @@ { "@timestamp": "2018-05-09T10:59:01.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -1359,6 +1442,7 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -1378,6 +1462,7 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -1397,7 +1482,9 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "uninitialized", @@ -1420,6 +1507,7 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -1439,6 +1527,7 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -1458,6 +1547,7 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -1478,6 +1568,7 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -1499,6 +1590,7 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -1519,6 +1611,7 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -1540,6 +1633,7 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -1560,6 +1654,7 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -1579,6 +1674,7 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -1598,7 +1694,9 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "Waiting for Elasticsearch", @@ -1621,6 +1719,7 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -1641,6 +1740,7 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -1661,6 +1761,7 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -1680,7 +1781,9 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "Waiting for Elasticsearch", @@ -1703,7 +1806,9 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "Waiting for Elasticsearch", @@ -1726,7 +1831,9 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "Waiting for Elasticsearch", @@ -1749,7 +1856,9 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "Waiting for Elasticsearch", @@ -1772,7 +1881,9 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "Waiting for Elasticsearch", @@ -1795,7 +1906,9 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "Waiting for Elasticsearch", @@ -1818,7 +1931,9 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "Waiting for Elasticsearch", @@ -1841,7 +1956,9 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "Waiting for Elasticsearch", @@ -1864,7 +1981,9 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "Waiting for Elasticsearch", @@ -1887,7 +2006,9 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", + "event.type": "info", "fileset.name": "log", "input.type": "log", "kibana.log.meta.prevMsg": "Waiting for Elasticsearch", @@ -1910,6 +2031,7 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -1930,6 +2052,7 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -1950,6 +2073,7 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -1970,6 +2094,7 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -1990,6 +2115,7 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -2010,6 +2136,7 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -2030,6 +2157,7 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -2050,6 +2178,7 @@ { "@timestamp": "2018-05-09T10:59:02.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -2070,6 +2199,7 @@ { "@timestamp": "2018-05-09T10:59:04.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -2104,6 +2234,7 @@ { "@timestamp": "2018-05-09T10:59:04.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -2124,6 +2255,7 @@ { "@timestamp": "2018-05-09T10:59:04.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", diff --git a/filebeat/module/kibana/log/test/test.log-expected.json b/filebeat/module/kibana/log/test/test.log-expected.json index c298c71d876a..1fe93f5c75b4 100644 --- a/filebeat/module/kibana/log/test/test.log-expected.json +++ b/filebeat/module/kibana/log/test/test.log-expected.json @@ -3,7 +3,9 @@ "@timestamp": "2018-05-09T10:57:55.000Z", "event.dataset": "kibana.log", "event.duration": 26000000, + "event.kind": "event", "event.module": "kibana", + "event.outcome": "success", "fileset.name": "log", "http.request.method": "get", "http.request.referrer": "http://localhost:5601/app/kibana", @@ -36,6 +38,7 @@ { "@timestamp": "2018-05-09T10:59:12.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log", @@ -56,6 +59,7 @@ { "@timestamp": "2018-05-09T10:59:12.000Z", "event.dataset": "kibana.log", + "event.kind": "event", "event.module": "kibana", "fileset.name": "log", "input.type": "log",