Skip to content

Commit

Permalink
Improve ECS categorization field mappings for nats module
Browse files Browse the repository at this point in the history 
- event.kind
- event.type
- related.ip

Closes #16173
  • Loading branch information
@leehinman
leehinman committed Apr 6, 2020
1 parent 17cbc76 commit 39cbece
Show file tree
Hide file tree
Showing 3 changed files with 130 additions and 1 deletion.
3 changes: 2 additions & 1 deletion CHANGELOG.next.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -239,7 +239,8 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Improve ECS categorization field mappings for mssql module. {issue}16171[16171] {pull}17376[17376]
- Added access_key_id, secret_access_key and session_token into aws module config. {pull}17456[17456]
- Add dashboard for Google Cloud Audit and AWS CloudTrail. {pull}17379[17379]
- Improve ECS categorization field mappings for mysql module. {issue}16172[16172] {pull}XXXXX[XXXXX]
- Improve ECS categorization field mappings for mysql module. {issue}16172[16172] {pull}17491[17491]
- Improve ECS categorization field mappings for nats module. {issue}16173[16173] {pull}17550[17550]

*Heartbeat*

Expand Down
14 changes: 14 additions & 0 deletions filebeat/module/nats/log/ingest/pipeline.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -161,6 +161,20 @@ processors:
- yyyy/MM/dd HH:mm:ss.SSSSSS
- remove:
field: nats.log.timestamp
- set:
field: event.kind
value: event
- append:
field: event.type
value: info
- append:
field: event.type
value: error
if: "ctx?.log?.level != null && (ctx.log.level == 'error' || ctx.log.level == 'fatal')"
- append:
field: related.ip
value: "{{client.ip}}"
if: "ctx?.client?.ip != null"
on_failure:
- set:
field: error.message
Expand Down
114 changes: 114 additions & 0 deletions filebeat/module/nats/log/test/test.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,11 @@
{
"@timestamp": "2019-02-06T07:19:40.624Z",
"event.dataset": "nats.log",
"event.kind": "event",
"event.module": "nats",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.level": "info",
Expand All @@ -14,7 +18,11 @@
{
"@timestamp": "2019-02-06T07:19:40.624Z",
"event.dataset": "nats.log",
"event.kind": "event",
"event.module": "nats",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.level": "info",
Expand All @@ -26,7 +34,11 @@
{
"@timestamp": "2019-02-06T07:19:40.624Z",
"event.dataset": "nats.log",
"event.kind": "event",
"event.module": "nats",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.level": "info",
Expand All @@ -38,7 +50,11 @@
{
"@timestamp": "2019-02-06T07:19:40.624Z",
"event.dataset": "nats.log",
"event.kind": "event",
"event.module": "nats",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.level": "info",
Expand All @@ -52,22 +68,33 @@
"client.ip": "172.18.0.1",
"client.port": "38630",
"event.dataset": "nats.log",
"event.kind": "event",
"event.module": "nats",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.level": "debug",
"log.offset": 269,
"message": "Client connection created",
"nats.log.client.id": "1",
"process.pid": "1",
"related.ip": [
"172.18.0.1"
],
"service.type": "nats"
},
{
"@timestamp": "2019-02-06T07:20:08.510Z",
"client.ip": "172.18.0.1",
"client.port": "38630",
"event.dataset": "nats.log",
"event.kind": "event",
"event.module": "nats",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.level": "trace",
Expand All @@ -77,14 +104,21 @@
"nats.log.msg.type": "connection",
"network.direction": "outbound",
"process.pid": "1",
"related.ip": [
"172.18.0.1"
],
"service.type": "nats"
},
{
"@timestamp": "2019-02-06T07:20:08.512Z",
"client.ip": "172.18.0.1",
"client.port": "38630",
"event.dataset": "nats.log",
"event.kind": "event",
"event.module": "nats",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.level": "trace",
Expand All @@ -95,14 +129,21 @@
"nats.log.msg.type": "subscribe",
"network.direction": "outbound",
"process.pid": "1",
"related.ip": [
"172.18.0.1"
],
"service.type": "nats"
},
{
"@timestamp": "2019-02-06T07:20:08.512Z",
"client.ip": "172.18.0.1",
"client.port": "38630",
"event.dataset": "nats.log",
"event.kind": "event",
"event.module": "nats",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.level": "trace",
Expand All @@ -111,14 +152,21 @@
"nats.log.msg.type": "ping",
"network.direction": "outbound",
"process.pid": "1",
"related.ip": [
"172.18.0.1"
],
"service.type": "nats"
},
{
"@timestamp": "2019-02-06T07:20:08.512Z",
"client.ip": "172.18.0.1",
"client.port": "38630",
"event.dataset": "nats.log",
"event.kind": "event",
"event.module": "nats",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.level": "trace",
Expand All @@ -127,14 +175,21 @@
"nats.log.msg.type": "pong",
"network.direction": "inbound",
"process.pid": "1",
"related.ip": [
"172.18.0.1"
],
"service.type": "nats"
},
{
"@timestamp": "2019-02-04T15:40:02.717Z",
"client.ip": "50.39.246.116",
"client.port": "62388",
"event.dataset": "nats.log",
"event.kind": "event",
"event.module": "nats",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.level": "trace",
Expand All @@ -146,14 +201,21 @@
"nats.log.msg.type": "publish",
"network.direction": "outbound",
"process.pid": "1",
"related.ip": [
"50.39.246.116"
],
"service.type": "nats"
},
{
"@timestamp": "2019-02-04T15:40:02.717Z",
"client.ip": "50.39.246.116",
"client.port": "62388",
"event.dataset": "nats.log",
"event.kind": "event",
"event.module": "nats",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.level": "trace",
Expand All @@ -162,14 +224,21 @@
"nats.log.msg.type": "payload",
"network.direction": "outbound",
"process.pid": "1",
"related.ip": [
"50.39.246.116"
],
"service.type": "nats"
},
{
"@timestamp": "2019-02-04T15:40:02.717Z",
"client.ip": "192.168.176.11",
"client.port": "36262",
"event.dataset": "nats.log",
"event.kind": "event",
"event.module": "nats",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.level": "trace",
Expand All @@ -182,14 +251,21 @@
"nats.log.msg.type": "message",
"network.direction": "inbound",
"process.pid": "1",
"related.ip": [
"192.168.176.11"
],
"service.type": "nats"
},
{
"@timestamp": "2019-02-04T15:40:02.718Z",
"client.ip": "192.168.176.11",
"client.port": "36262",
"event.dataset": "nats.log",
"event.kind": "event",
"event.module": "nats",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.level": "trace",
Expand All @@ -200,14 +276,21 @@
"nats.log.msg.type": "publish",
"network.direction": "outbound",
"process.pid": "1",
"related.ip": [
"192.168.176.11"
],
"service.type": "nats"
},
{
"@timestamp": "2019-02-04T15:40:02.718Z",
"client.ip": "192.168.176.11",
"client.port": "36262",
"event.dataset": "nats.log",
"event.kind": "event",
"event.module": "nats",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.level": "trace",
Expand All @@ -216,14 +299,21 @@
"nats.log.msg.type": "payload",
"network.direction": "outbound",
"process.pid": "1",
"related.ip": [
"192.168.176.11"
],
"service.type": "nats"
},
{
"@timestamp": "2019-02-04T15:40:02.718Z",
"client.ip": "50.39.246.116",
"client.port": "62388",
"event.dataset": "nats.log",
"event.kind": "event",
"event.module": "nats",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.level": "trace",
Expand All @@ -235,14 +325,21 @@
"nats.log.msg.type": "message",
"network.direction": "inbound",
"process.pid": "1",
"related.ip": [
"50.39.246.116"
],
"service.type": "nats"
},
{
"@timestamp": "2019-02-04T15:40:02.717Z",
"client.ip": "50.39.246.116",
"client.port": "62388",
"event.dataset": "nats.log",
"event.kind": "event",
"event.module": "nats",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.level": "trace",
Expand All @@ -253,14 +350,21 @@
"nats.log.msg.type": "publish",
"network.direction": "outbound",
"process.pid": "1",
"related.ip": [
"50.39.246.116"
],
"service.type": "nats"
},
{
"@timestamp": "2019-02-04T15:40:02.717Z",
"client.ip": "192.168.176.11",
"client.port": "36262",
"event.dataset": "nats.log",
"event.kind": "event",
"event.module": "nats",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.level": "trace",
Expand All @@ -272,14 +376,21 @@
"nats.log.msg.type": "message",
"network.direction": "inbound",
"process.pid": "1",
"related.ip": [
"192.168.176.11"
],
"service.type": "nats"
},
{
"@timestamp": "2019-02-16T07:20:08.512Z",
"client.ip": "172.18.0.1",
"client.port": "38630",
"event.dataset": "nats.log",
"event.kind": "event",
"event.module": "nats",
"event.type": [
"info"
],
"fileset.name": "log",
"input.type": "log",
"log.level": "trace",
Expand All @@ -288,6 +399,9 @@
"nats.log.msg.type": "acknowledge",
"network.direction": "inbound",
"process.pid": "1",
"related.ip": [
"172.18.0.1"
],
"service.type": "nats"
}
]

0 comments on commit 39cbece

Please sign in to comment.