From 3df5db4f6360a88930d5569451f10e57caa35d59 Mon Sep 17 00:00:00 2001 From: Lee Hinman <57081003+leehinman@users.noreply.github.com> Date: Tue, 5 May 2020 08:40:51 -0500 Subject: [PATCH] Explicitly set ECS version (#18209) Explicitly set the ecs version field in filesets that have been upgraded to ECS 1.5. Specifically: - activemq - apache - auditd - aws - cef - elasticsearch - googlecloud - haproxy - ibmmq - icinga - iis - iptables - kafka - kibana - logstash - misp - mongodb - mssql - mysql - nats - netflow - nginx - panw - postgresql - rabbitmq - redis - santa - suricata - system - zeek --- filebeat/module/apache/access/config/access.yml | 5 +++++ filebeat/module/apache/error/config/error.yml | 6 +++++- filebeat/module/auditd/log/config/log.yml | 5 +++++ filebeat/module/elasticsearch/audit/config/audit.yml | 6 +++++- filebeat/module/elasticsearch/deprecation/config/log.yml | 4 ++++ filebeat/module/elasticsearch/gc/config/gc.yml | 5 +++++ filebeat/module/elasticsearch/server/config/log.yml | 4 ++++ filebeat/module/elasticsearch/slowlog/config/slowlog.yml | 4 ++++ filebeat/module/haproxy/log/config/file.yml | 6 +++++- filebeat/module/haproxy/log/config/syslog.yml | 6 +++++- filebeat/module/icinga/debug/config/debug.yml | 5 +++++ filebeat/module/icinga/main/config/main.yml | 5 +++++ filebeat/module/icinga/startup/config/startup.yml | 5 +++++ filebeat/module/iis/access/config/iis-access.yml | 5 +++++ filebeat/module/iis/error/config/iis-error.yml | 5 +++++ filebeat/module/kafka/log/config/log.yml | 6 +++++- filebeat/module/kibana/log/config/log.yml | 5 +++++ filebeat/module/logstash/log/config/log.yml | 4 ++++ filebeat/module/logstash/slowlog/config/slowlog.yml | 4 ++++ filebeat/module/mongodb/log/config/log.yml | 5 +++++ filebeat/module/mysql/error/config/error.yml | 6 +++++- filebeat/module/mysql/slowlog/config/slowlog.yml | 5 +++++ filebeat/module/nats/log/config/log.yml | 5 +++++ filebeat/module/nginx/access/config/nginx-access.yml | 6 +++++- filebeat/module/nginx/error/config/nginx-error.yml | 6 +++++- .../nginx/ingress_controller/config/ingress_controller.yml | 4 ++++ filebeat/module/postgresql/log/config/log.yml | 5 +++++ filebeat/module/redis/log/config/log.yml | 5 +++++ filebeat/module/santa/log/config/file.yml | 5 +++++ filebeat/module/system/auth/config/auth.yml | 6 +++++- filebeat/module/system/syslog/config/syslog.yml | 6 +++++- x-pack/filebeat/module/activemq/audit/config/audit.yml | 6 ++++++ x-pack/filebeat/module/activemq/log/config/log.yml | 4 ++++ x-pack/filebeat/module/aws/cloudtrail/config/file.yml | 5 +++++ x-pack/filebeat/module/aws/cloudtrail/config/s3.yml | 6 ++++++ x-pack/filebeat/module/aws/cloudwatch/config/file.yml | 5 +++++ x-pack/filebeat/module/aws/cloudwatch/config/s3.yml | 6 ++++++ x-pack/filebeat/module/aws/ec2/config/file.yml | 5 +++++ x-pack/filebeat/module/aws/ec2/config/s3.yml | 6 ++++++ x-pack/filebeat/module/aws/elb/config/file.yml | 5 +++++ x-pack/filebeat/module/aws/elb/config/s3.yml | 6 ++++++ x-pack/filebeat/module/aws/s3access/config/file.yml | 6 ++++++ x-pack/filebeat/module/aws/s3access/config/s3.yml | 6 ++++++ x-pack/filebeat/module/aws/vpcflow/config/input.yml | 5 +++++ x-pack/filebeat/module/cef/log/config/input.yml | 4 ++++ x-pack/filebeat/module/googlecloud/audit/config/input.yml | 4 ++++ .../filebeat/module/googlecloud/firewall/config/input.yml | 4 ++++ x-pack/filebeat/module/googlecloud/vpcflow/config/input.yml | 4 ++++ x-pack/filebeat/module/ibmmq/errorlog/config/errorlog.yml | 5 +++++ x-pack/filebeat/module/iptables/log/config/input.yml | 4 ++++ x-pack/filebeat/module/misp/threat/config/input.yml | 4 ++++ x-pack/filebeat/module/mssql/log/config/config.yml | 6 +++++- x-pack/filebeat/module/netflow/log/config/netflow.yml | 6 ++++++ x-pack/filebeat/module/o365/audit/config/input.yml | 5 ++++- x-pack/filebeat/module/okta/system/config/input.yml | 4 ++++ x-pack/filebeat/module/panw/panos/config/input.yml | 4 ++++ x-pack/filebeat/module/rabbitmq/log/config/log.yml | 4 ++++ x-pack/filebeat/module/suricata/eve/config/eve.yml | 4 ++++ .../module/zeek/capture_loss/config/capture_loss.yml | 4 ++++ .../filebeat/module/zeek/connection/config/connection.yml | 4 ++++ x-pack/filebeat/module/zeek/dce_rpc/config/dce_rpc.yml | 4 ++++ x-pack/filebeat/module/zeek/dhcp/config/dhcp.yml | 4 ++++ x-pack/filebeat/module/zeek/dnp3/config/dnp3.yml | 4 ++++ x-pack/filebeat/module/zeek/dns/config/dns.yml | 4 ++++ x-pack/filebeat/module/zeek/dpd/config/dpd.yml | 4 ++++ x-pack/filebeat/module/zeek/files/config/files.yml | 4 ++++ x-pack/filebeat/module/zeek/ftp/config/ftp.yml | 4 ++++ x-pack/filebeat/module/zeek/http/config/http.yml | 4 ++++ x-pack/filebeat/module/zeek/intel/config/intel.yml | 4 ++++ x-pack/filebeat/module/zeek/irc/config/irc.yml | 4 ++++ x-pack/filebeat/module/zeek/kerberos/config/kerberos.yml | 4 ++++ x-pack/filebeat/module/zeek/modbus/config/modbus.yml | 4 ++++ x-pack/filebeat/module/zeek/mysql/config/mysql.yml | 4 ++++ x-pack/filebeat/module/zeek/notice/config/notice.yml | 4 ++++ x-pack/filebeat/module/zeek/ntlm/config/ntlm.yml | 4 ++++ x-pack/filebeat/module/zeek/ocsp/config/ocsp.yml | 4 ++++ x-pack/filebeat/module/zeek/pe/config/pe.yml | 4 ++++ x-pack/filebeat/module/zeek/radius/config/radius.yml | 4 ++++ x-pack/filebeat/module/zeek/rdp/config/rdp.yml | 4 ++++ x-pack/filebeat/module/zeek/rfb/config/rfb.yml | 4 ++++ x-pack/filebeat/module/zeek/sip/config/sip.yml | 4 ++++ x-pack/filebeat/module/zeek/smb_cmd/config/smb_cmd.yml | 4 ++++ x-pack/filebeat/module/zeek/smb_files/config/smb_files.yml | 4 ++++ .../filebeat/module/zeek/smb_mapping/config/smb_mapping.yml | 4 ++++ x-pack/filebeat/module/zeek/smtp/config/smtp.yml | 4 ++++ x-pack/filebeat/module/zeek/snmp/config/snmp.yml | 4 ++++ x-pack/filebeat/module/zeek/socks/config/socks.yml | 4 ++++ x-pack/filebeat/module/zeek/ssh/config/ssh.yml | 4 ++++ x-pack/filebeat/module/zeek/ssl/config/ssl.yml | 4 ++++ x-pack/filebeat/module/zeek/stats/config/stats.yml | 4 ++++ x-pack/filebeat/module/zeek/syslog/config/syslog.yml | 4 ++++ .../filebeat/module/zeek/traceroute/config/traceroute.yml | 4 ++++ x-pack/filebeat/module/zeek/tunnel/config/tunnel.yml | 4 ++++ x-pack/filebeat/module/zeek/weird/config/weird.yml | 4 ++++ x-pack/filebeat/module/zeek/x509/config/x509.yml | 4 ++++ 95 files changed, 428 insertions(+), 12 deletions(-) diff --git a/filebeat/module/apache/access/config/access.yml b/filebeat/module/apache/access/config/access.yml index 0afd17317d4..183de629867 100644 --- a/filebeat/module/apache/access/config/access.yml +++ b/filebeat/module/apache/access/config/access.yml @@ -4,3 +4,8 @@ paths: - {{$path}} {{ end }} exclude_files: [".gz$"] +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/filebeat/module/apache/error/config/error.yml b/filebeat/module/apache/error/config/error.yml index d96242ac040..7aa0cdb7cf8 100644 --- a/filebeat/module/apache/error/config/error.yml +++ b/filebeat/module/apache/error/config/error.yml @@ -6,4 +6,8 @@ paths: exclude_files: [".gz$"] processors: -- add_locale: ~ + - add_locale: ~ + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/filebeat/module/auditd/log/config/log.yml b/filebeat/module/auditd/log/config/log.yml index 0afd17317d4..183de629867 100644 --- a/filebeat/module/auditd/log/config/log.yml +++ b/filebeat/module/auditd/log/config/log.yml @@ -4,3 +4,8 @@ paths: - {{$path}} {{ end }} exclude_files: [".gz$"] +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/filebeat/module/elasticsearch/audit/config/audit.yml b/filebeat/module/elasticsearch/audit/config/audit.yml index d96242ac040..7aa0cdb7cf8 100644 --- a/filebeat/module/elasticsearch/audit/config/audit.yml +++ b/filebeat/module/elasticsearch/audit/config/audit.yml @@ -6,4 +6,8 @@ paths: exclude_files: [".gz$"] processors: -- add_locale: ~ + - add_locale: ~ + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/filebeat/module/elasticsearch/deprecation/config/log.yml b/filebeat/module/elasticsearch/deprecation/config/log.yml index 292a917e767..f6c37b9e426 100644 --- a/filebeat/module/elasticsearch/deprecation/config/log.yml +++ b/filebeat/module/elasticsearch/deprecation/config/log.yml @@ -12,3 +12,7 @@ multiline: processors: # Locale for time zone is only needed in non-json logs - add_locale.when.not.regexp.message: "^{" +- add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/filebeat/module/elasticsearch/gc/config/gc.yml b/filebeat/module/elasticsearch/gc/config/gc.yml index ae6d4271cc3..5f62e00c54c 100644 --- a/filebeat/module/elasticsearch/gc/config/gc.yml +++ b/filebeat/module/elasticsearch/gc/config/gc.yml @@ -9,3 +9,8 @@ multiline: pattern: '^(\[?[0-9]{4}-[0-9]{2}-[0-9]{2}|{)' negate: true match: after +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/filebeat/module/elasticsearch/server/config/log.yml b/filebeat/module/elasticsearch/server/config/log.yml index 98be6d7adb6..b0b9e3f55d0 100644 --- a/filebeat/module/elasticsearch/server/config/log.yml +++ b/filebeat/module/elasticsearch/server/config/log.yml @@ -12,3 +12,7 @@ multiline: processors: # Locale for time zone is only needed in non-json logs - add_locale.when.not.regexp.message: "^{" +- add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/filebeat/module/elasticsearch/slowlog/config/slowlog.yml b/filebeat/module/elasticsearch/slowlog/config/slowlog.yml index 03c14625b28..2d98286de6d 100644 --- a/filebeat/module/elasticsearch/slowlog/config/slowlog.yml +++ b/filebeat/module/elasticsearch/slowlog/config/slowlog.yml @@ -13,3 +13,7 @@ multiline: processors: # Locale for time zone is only needed in non-json logs - add_locale.when.not.regexp.message: "^{" +- add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/filebeat/module/haproxy/log/config/file.yml b/filebeat/module/haproxy/log/config/file.yml index c904ffe5182..c3e104f56d4 100644 --- a/filebeat/module/haproxy/log/config/file.yml +++ b/filebeat/module/haproxy/log/config/file.yml @@ -5,4 +5,8 @@ paths: {{ end }} exclude_files: [".gz$"] processors: -- add_locale: ~ + - add_locale: ~ + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/filebeat/module/haproxy/log/config/syslog.yml b/filebeat/module/haproxy/log/config/syslog.yml index 36e2b1351ee..6fa56f8fe3c 100644 --- a/filebeat/module/haproxy/log/config/syslog.yml +++ b/filebeat/module/haproxy/log/config/syslog.yml @@ -2,4 +2,8 @@ type: syslog protocol.udp: host: "{{.syslog_host}}:{{.syslog_port}}" processors: -- add_locale: ~ + - add_locale: ~ + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/filebeat/module/icinga/debug/config/debug.yml b/filebeat/module/icinga/debug/config/debug.yml index 98c684ef52f..33c47850878 100644 --- a/filebeat/module/icinga/debug/config/debug.yml +++ b/filebeat/module/icinga/debug/config/debug.yml @@ -8,3 +8,8 @@ multiline: pattern: '^\[' negate: true match: after +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/filebeat/module/icinga/main/config/main.yml b/filebeat/module/icinga/main/config/main.yml index 98c684ef52f..33c47850878 100644 --- a/filebeat/module/icinga/main/config/main.yml +++ b/filebeat/module/icinga/main/config/main.yml @@ -8,3 +8,8 @@ multiline: pattern: '^\[' negate: true match: after +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/filebeat/module/icinga/startup/config/startup.yml b/filebeat/module/icinga/startup/config/startup.yml index a86ec3f1f31..a69343bd796 100644 --- a/filebeat/module/icinga/startup/config/startup.yml +++ b/filebeat/module/icinga/startup/config/startup.yml @@ -8,3 +8,8 @@ multiline: pattern: '^[a-z]*\/[a-zA-Z]*:' negate: true match: after +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/filebeat/module/iis/access/config/iis-access.yml b/filebeat/module/iis/access/config/iis-access.yml index 92f8c3b9839..b4797039397 100644 --- a/filebeat/module/iis/access/config/iis-access.yml +++ b/filebeat/module/iis/access/config/iis-access.yml @@ -5,3 +5,8 @@ paths: {{ end }} exclude_files: [".gz$"] exclude_lines: ["^#"] +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/filebeat/module/iis/error/config/iis-error.yml b/filebeat/module/iis/error/config/iis-error.yml index 92f8c3b9839..b4797039397 100644 --- a/filebeat/module/iis/error/config/iis-error.yml +++ b/filebeat/module/iis/error/config/iis-error.yml @@ -5,3 +5,8 @@ paths: {{ end }} exclude_files: [".gz$"] exclude_lines: ["^#"] +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/filebeat/module/kafka/log/config/log.yml b/filebeat/module/kafka/log/config/log.yml index fc64b9097c7..a745c79562c 100644 --- a/filebeat/module/kafka/log/config/log.yml +++ b/filebeat/module/kafka/log/config/log.yml @@ -9,4 +9,8 @@ multiline: negate: true match: after processors: -- add_locale: ~ + - add_locale: ~ + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/filebeat/module/kibana/log/config/log.yml b/filebeat/module/kibana/log/config/log.yml index 2f89dcfea41..1ad204c62fe 100644 --- a/filebeat/module/kibana/log/config/log.yml +++ b/filebeat/module/kibana/log/config/log.yml @@ -7,3 +7,8 @@ exclude_files: [".gz$"] json.keys_under_root: false json.add_error_key: true +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/filebeat/module/logstash/log/config/log.yml b/filebeat/module/logstash/log/config/log.yml index c32b22b82d5..27140697f77 100644 --- a/filebeat/module/logstash/log/config/log.yml +++ b/filebeat/module/logstash/log/config/log.yml @@ -15,3 +15,7 @@ multiline: processors: # Locale for time zone is only needed in non-json logs - add_locale.when.not.regexp.message: "^{" +- add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/filebeat/module/logstash/slowlog/config/slowlog.yml b/filebeat/module/logstash/slowlog/config/slowlog.yml index 270ba255609..080a2c4310d 100644 --- a/filebeat/module/logstash/slowlog/config/slowlog.yml +++ b/filebeat/module/logstash/slowlog/config/slowlog.yml @@ -8,3 +8,7 @@ exclude_files: [".gz$"] processors: # Locale for time zone is only needed in non-json logs - add_locale.when.not.regexp.message: "^{" +- add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/filebeat/module/mongodb/log/config/log.yml b/filebeat/module/mongodb/log/config/log.yml index 0afd17317d4..183de629867 100644 --- a/filebeat/module/mongodb/log/config/log.yml +++ b/filebeat/module/mongodb/log/config/log.yml @@ -4,3 +4,8 @@ paths: - {{$path}} {{ end }} exclude_files: [".gz$"] +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/filebeat/module/mysql/error/config/error.yml b/filebeat/module/mysql/error/config/error.yml index 6fbeec1bb2e..818cbab297d 100644 --- a/filebeat/module/mysql/error/config/error.yml +++ b/filebeat/module/mysql/error/config/error.yml @@ -12,4 +12,8 @@ multiline: match: after processors: -- add_locale: ~ + - add_locale: ~ + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/filebeat/module/mysql/slowlog/config/slowlog.yml b/filebeat/module/mysql/slowlog/config/slowlog.yml index d8ffab0552c..7b1a3bc28fd 100644 --- a/filebeat/module/mysql/slowlog/config/slowlog.yml +++ b/filebeat/module/mysql/slowlog/config/slowlog.yml @@ -9,3 +9,8 @@ multiline: negate: true match: after exclude_lines: ['^[\/\w\.]+, Version: .* started with:.*', '^# Time:.*'] # Exclude the header and time +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/filebeat/module/nats/log/config/log.yml b/filebeat/module/nats/log/config/log.yml index 0afd17317d4..183de629867 100644 --- a/filebeat/module/nats/log/config/log.yml +++ b/filebeat/module/nats/log/config/log.yml @@ -4,3 +4,8 @@ paths: - {{$path}} {{ end }} exclude_files: [".gz$"] +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/filebeat/module/nginx/access/config/nginx-access.yml b/filebeat/module/nginx/access/config/nginx-access.yml index d96242ac040..7aa0cdb7cf8 100644 --- a/filebeat/module/nginx/access/config/nginx-access.yml +++ b/filebeat/module/nginx/access/config/nginx-access.yml @@ -6,4 +6,8 @@ paths: exclude_files: [".gz$"] processors: -- add_locale: ~ + - add_locale: ~ + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/filebeat/module/nginx/error/config/nginx-error.yml b/filebeat/module/nginx/error/config/nginx-error.yml index 76f0addec67..797c45f6c38 100644 --- a/filebeat/module/nginx/error/config/nginx-error.yml +++ b/filebeat/module/nginx/error/config/nginx-error.yml @@ -10,4 +10,8 @@ multiline: match: after processors: -- add_locale: ~ + - add_locale: ~ + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/filebeat/module/nginx/ingress_controller/config/ingress_controller.yml b/filebeat/module/nginx/ingress_controller/config/ingress_controller.yml index 63db16170d4..7aa0cdb7cf8 100644 --- a/filebeat/module/nginx/ingress_controller/config/ingress_controller.yml +++ b/filebeat/module/nginx/ingress_controller/config/ingress_controller.yml @@ -7,3 +7,7 @@ exclude_files: [".gz$"] processors: - add_locale: ~ + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/filebeat/module/postgresql/log/config/log.yml b/filebeat/module/postgresql/log/config/log.yml index 3007531f7f4..f69d3e4d387 100644 --- a/filebeat/module/postgresql/log/config/log.yml +++ b/filebeat/module/postgresql/log/config/log.yml @@ -8,3 +8,8 @@ multiline: pattern: '^\d{4}-\d{2}-\d{2} ' negate: true match: after +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/filebeat/module/redis/log/config/log.yml b/filebeat/module/redis/log/config/log.yml index df10471c8d7..9d6cae46b38 100644 --- a/filebeat/module/redis/log/config/log.yml +++ b/filebeat/module/redis/log/config/log.yml @@ -5,3 +5,8 @@ paths: {{ end }} exclude_files: [".gz$"] exclude_lines: ["^\\s+[\\-`('.|_]"] # drop asciiart lines\n +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/filebeat/module/santa/log/config/file.yml b/filebeat/module/santa/log/config/file.yml index 0afd17317d4..183de629867 100644 --- a/filebeat/module/santa/log/config/file.yml +++ b/filebeat/module/santa/log/config/file.yml @@ -4,3 +4,8 @@ paths: - {{$path}} {{ end }} exclude_files: [".gz$"] +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/filebeat/module/system/auth/config/auth.yml b/filebeat/module/system/auth/config/auth.yml index c691d47a356..3cdbd459e68 100644 --- a/filebeat/module/system/auth/config/auth.yml +++ b/filebeat/module/system/auth/config/auth.yml @@ -8,4 +8,8 @@ multiline: pattern: "^\\s" match: after processors: -- add_locale: ~ + - add_locale: ~ + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/filebeat/module/system/syslog/config/syslog.yml b/filebeat/module/system/syslog/config/syslog.yml index c691d47a356..3cdbd459e68 100644 --- a/filebeat/module/system/syslog/config/syslog.yml +++ b/filebeat/module/system/syslog/config/syslog.yml @@ -8,4 +8,8 @@ multiline: pattern: "^\\s" match: after processors: -- add_locale: ~ + - add_locale: ~ + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/activemq/audit/config/audit.yml b/x-pack/filebeat/module/activemq/audit/config/audit.yml index 0afd17317d4..3e0ec415541 100644 --- a/x-pack/filebeat/module/activemq/audit/config/audit.yml +++ b/x-pack/filebeat/module/activemq/audit/config/audit.yml @@ -4,3 +4,9 @@ paths: - {{$path}} {{ end }} exclude_files: [".gz$"] + +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/activemq/log/config/log.yml b/x-pack/filebeat/module/activemq/log/config/log.yml index 3171a513a0e..17f6bd869f2 100644 --- a/x-pack/filebeat/module/activemq/log/config/log.yml +++ b/x-pack/filebeat/module/activemq/log/config/log.yml @@ -10,3 +10,7 @@ multiline: match: after processors: - add_locale: ~ + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/aws/cloudtrail/config/file.yml b/x-pack/filebeat/module/aws/cloudtrail/config/file.yml index 8bfbcc9f802..009b03388f7 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/config/file.yml +++ b/x-pack/filebeat/module/aws/cloudtrail/config/file.yml @@ -4,3 +4,8 @@ paths: - {{$path}} {{ end }} exclude_files: [".gz$"] +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/aws/cloudtrail/config/s3.yml b/x-pack/filebeat/module/aws/cloudtrail/config/s3.yml index f587cb26d85..4ab358804c9 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/config/s3.yml +++ b/x-pack/filebeat/module/aws/cloudtrail/config/s3.yml @@ -37,3 +37,9 @@ session_token: {{ .session_token }} {{ if .role_arn }} role_arn: {{ .role_arn }} {{ end }} + +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/aws/cloudwatch/config/file.yml b/x-pack/filebeat/module/aws/cloudwatch/config/file.yml index 8bfbcc9f802..009b03388f7 100644 --- a/x-pack/filebeat/module/aws/cloudwatch/config/file.yml +++ b/x-pack/filebeat/module/aws/cloudwatch/config/file.yml @@ -4,3 +4,8 @@ paths: - {{$path}} {{ end }} exclude_files: [".gz$"] +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/aws/cloudwatch/config/s3.yml b/x-pack/filebeat/module/aws/cloudwatch/config/s3.yml index 44d98fd8c1a..75d02f1cbbb 100644 --- a/x-pack/filebeat/module/aws/cloudwatch/config/s3.yml +++ b/x-pack/filebeat/module/aws/cloudwatch/config/s3.yml @@ -36,3 +36,9 @@ session_token: {{ .session_token }} {{ if .role_arn }} role_arn: {{ .role_arn }} {{ end }} + +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/aws/ec2/config/file.yml b/x-pack/filebeat/module/aws/ec2/config/file.yml index 8bfbcc9f802..009b03388f7 100644 --- a/x-pack/filebeat/module/aws/ec2/config/file.yml +++ b/x-pack/filebeat/module/aws/ec2/config/file.yml @@ -4,3 +4,8 @@ paths: - {{$path}} {{ end }} exclude_files: [".gz$"] +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/aws/ec2/config/s3.yml b/x-pack/filebeat/module/aws/ec2/config/s3.yml index 44d98fd8c1a..75d02f1cbbb 100644 --- a/x-pack/filebeat/module/aws/ec2/config/s3.yml +++ b/x-pack/filebeat/module/aws/ec2/config/s3.yml @@ -36,3 +36,9 @@ session_token: {{ .session_token }} {{ if .role_arn }} role_arn: {{ .role_arn }} {{ end }} + +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/aws/elb/config/file.yml b/x-pack/filebeat/module/aws/elb/config/file.yml index 8e366e70c17..9628dd63bad 100644 --- a/x-pack/filebeat/module/aws/elb/config/file.yml +++ b/x-pack/filebeat/module/aws/elb/config/file.yml @@ -4,3 +4,8 @@ paths: - {{$path}} {{ end }} exclude_files: [".gz$"] +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/aws/elb/config/s3.yml b/x-pack/filebeat/module/aws/elb/config/s3.yml index 44d98fd8c1a..75d02f1cbbb 100644 --- a/x-pack/filebeat/module/aws/elb/config/s3.yml +++ b/x-pack/filebeat/module/aws/elb/config/s3.yml @@ -36,3 +36,9 @@ session_token: {{ .session_token }} {{ if .role_arn }} role_arn: {{ .role_arn }} {{ end }} + +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/aws/s3access/config/file.yml b/x-pack/filebeat/module/aws/s3access/config/file.yml index 8e366e70c17..52fc73f363d 100644 --- a/x-pack/filebeat/module/aws/s3access/config/file.yml +++ b/x-pack/filebeat/module/aws/s3access/config/file.yml @@ -4,3 +4,9 @@ paths: - {{$path}} {{ end }} exclude_files: [".gz$"] + +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/aws/s3access/config/s3.yml b/x-pack/filebeat/module/aws/s3access/config/s3.yml index 44d98fd8c1a..75d02f1cbbb 100644 --- a/x-pack/filebeat/module/aws/s3access/config/s3.yml +++ b/x-pack/filebeat/module/aws/s3access/config/s3.yml @@ -36,3 +36,9 @@ session_token: {{ .session_token }} {{ if .role_arn }} role_arn: {{ .role_arn }} {{ end }} + +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/aws/vpcflow/config/input.yml b/x-pack/filebeat/module/aws/vpcflow/config/input.yml index f79430783f5..82d4d2dec23 100644 --- a/x-pack/filebeat/module/aws/vpcflow/config/input.yml +++ b/x-pack/filebeat/module/aws/vpcflow/config/input.yml @@ -167,3 +167,8 @@ processors: - add_fields: target: network fields: {transport: udp} + + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/cef/log/config/input.yml b/x-pack/filebeat/module/cef/log/config/input.yml index 91439736fab..cf5bde45c89 100644 --- a/x-pack/filebeat/module/cef/log/config/input.yml +++ b/x-pack/filebeat/module/cef/log/config/input.yml @@ -24,3 +24,7 @@ processors: - decode_cef: field: event.original - community_id: + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/googlecloud/audit/config/input.yml b/x-pack/filebeat/module/googlecloud/audit/config/input.yml index 3cc0edf9f1c..04c746177f8 100644 --- a/x-pack/filebeat/module/googlecloud/audit/config/input.yml +++ b/x-pack/filebeat/module/googlecloud/audit/config/input.yml @@ -29,3 +29,7 @@ processors: file: ${path.home}/module/googlecloud/audit/config/pipeline.js params: keep_original_message: {{ .keep_original_message }} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/googlecloud/firewall/config/input.yml b/x-pack/filebeat/module/googlecloud/firewall/config/input.yml index 377223630e8..779e7a0bff1 100644 --- a/x-pack/filebeat/module/googlecloud/firewall/config/input.yml +++ b/x-pack/filebeat/module/googlecloud/firewall/config/input.yml @@ -30,3 +30,7 @@ processors: debug: {{ .debug }} keep_original_message: {{ .keep_original_message }} file: ${path.home}/module/googlecloud/firewall/config/pipeline.js + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/config/input.yml b/x-pack/filebeat/module/googlecloud/vpcflow/config/input.yml index 3de9c7dd28f..010ec42bc35 100644 --- a/x-pack/filebeat/module/googlecloud/vpcflow/config/input.yml +++ b/x-pack/filebeat/module/googlecloud/vpcflow/config/input.yml @@ -29,3 +29,7 @@ processors: file: ${path.home}/module/googlecloud/vpcflow/config/pipeline.js params: keep_original_message: {{ .keep_original_message }} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/ibmmq/errorlog/config/errorlog.yml b/x-pack/filebeat/module/ibmmq/errorlog/config/errorlog.yml index 1e230b93c9e..2130bb419d2 100644 --- a/x-pack/filebeat/module/ibmmq/errorlog/config/errorlog.yml +++ b/x-pack/filebeat/module/ibmmq/errorlog/config/errorlog.yml @@ -8,3 +8,8 @@ multiline: pattern: "^[\\-]{5}.*[\\-]{10,}$" negate: true match: after +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/iptables/log/config/input.yml b/x-pack/filebeat/module/iptables/log/config/input.yml index c1008a7fcc8..02488b0e1ce 100644 --- a/x-pack/filebeat/module/iptables/log/config/input.yml +++ b/x-pack/filebeat/module/iptables/log/config/input.yml @@ -51,3 +51,7 @@ processors: icmp_type: iptables.icmp.type icmp_code: iptables.icmp.code {{ end}} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/misp/threat/config/input.yml b/x-pack/filebeat/module/misp/threat/config/input.yml index ca06ddcd002..3ff985b07f3 100644 --- a/x-pack/filebeat/module/misp/threat/config/input.yml +++ b/x-pack/filebeat/module/misp/threat/config/input.yml @@ -34,3 +34,7 @@ processors: - UNIX - drop_fields: fields: [json] + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/mssql/log/config/config.yml b/x-pack/filebeat/module/mssql/log/config/config.yml index 5e2e11c6a34..31990fb32c3 100644 --- a/x-pack/filebeat/module/mssql/log/config/config.yml +++ b/x-pack/filebeat/module/mssql/log/config/config.yml @@ -10,4 +10,8 @@ multiline.negate: true multiline.match: after processors: -- add_locale: ~ + - add_locale: ~ + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/netflow/log/config/netflow.yml b/x-pack/filebeat/module/netflow/log/config/netflow.yml index 460bd498a34..194a9020c73 100644 --- a/x-pack/filebeat/module/netflow/log/config/netflow.yml +++ b/x-pack/filebeat/module/netflow/log/config/netflow.yml @@ -23,3 +23,9 @@ custom_definitions: {{ if .detect_sequence_reset}} detect_sequence_reset: {{.detect_sequence_reset}} {{end}} + +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/o365/audit/config/input.yml b/x-pack/filebeat/module/o365/audit/config/input.yml index 93fe560ddc5..71e9c9c59f3 100644 --- a/x-pack/filebeat/module/o365/audit/config/input.yml +++ b/x-pack/filebeat/module/o365/audit/config/input.yml @@ -59,4 +59,7 @@ processors: - id: "{{ .id }}" name: "{{ .name }}" {{ end }} - + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/okta/system/config/input.yml b/x-pack/filebeat/module/okta/system/config/input.yml index 3d64581b838..79181de3c56 100644 --- a/x-pack/filebeat/module/okta/system/config/input.yml +++ b/x-pack/filebeat/module/okta/system/config/input.yml @@ -33,3 +33,7 @@ processors: file: ${path.home}/module/okta/system/config/pipeline.js params: keep_original_message: {{ .keep_original_message }} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/panw/panos/config/input.yml b/x-pack/filebeat/module/panw/panos/config/input.yml index 929237b99af..01c83a6f789 100644 --- a/x-pack/filebeat/module/panw/panos/config/input.yml +++ b/x-pack/filebeat/module/panw/panos/config/input.yml @@ -166,3 +166,7 @@ processors: - {from: destination.nat.ip, to: panw.panos.destination.nat.ip, type: ip} - {from: source.nat.port, to: panw.panos.source.nat.port, type: long} - {from: destination.nat.port, to: panw.panos.destination.nat.port, type: long} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/rabbitmq/log/config/log.yml b/x-pack/filebeat/module/rabbitmq/log/config/log.yml index c584a841aa3..bc46f2458c8 100644 --- a/x-pack/filebeat/module/rabbitmq/log/config/log.yml +++ b/x-pack/filebeat/module/rabbitmq/log/config/log.yml @@ -15,3 +15,7 @@ multiline: processors: - add_locale: ~ + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/suricata/eve/config/eve.yml b/x-pack/filebeat/module/suricata/eve/config/eve.yml index 780a68083bf..67ebcf13d4b 100644 --- a/x-pack/filebeat/module/suricata/eve/config/eve.yml +++ b/x-pack/filebeat/module/suricata/eve/config/eve.yml @@ -403,3 +403,7 @@ processors: - suricata.eve.dns.version - suricata.eve.dns.flags - suricata.eve.dns.grouped + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/capture_loss/config/capture_loss.yml b/x-pack/filebeat/module/zeek/capture_loss/config/capture_loss.yml index 7e1f631776f..474e4d94ffa 100644 --- a/x-pack/filebeat/module/zeek/capture_loss/config/capture_loss.yml +++ b/x-pack/filebeat/module/zeek/capture_loss/config/capture_loss.yml @@ -18,3 +18,7 @@ processors: ignore_missing: true fail_on_error: false + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/connection/config/connection.yml b/x-pack/filebeat/module/zeek/connection/config/connection.yml index f91d24f8020..2fd07156cd8 100644 --- a/x-pack/filebeat/module/zeek/connection/config/connection.yml +++ b/x-pack/filebeat/module/zeek/connection/config/connection.yml @@ -99,3 +99,7 @@ processors: else: community_id: {{ end }} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/dce_rpc/config/dce_rpc.yml b/x-pack/filebeat/module/zeek/dce_rpc/config/dce_rpc.yml index 0ba1b0fc673..4ee5d46f72a 100644 --- a/x-pack/filebeat/module/zeek/dce_rpc/config/dce_rpc.yml +++ b/x-pack/filebeat/module/zeek/dce_rpc/config/dce_rpc.yml @@ -56,3 +56,7 @@ processors: {{ if .community_id }} - community_id: {{ end }} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/dhcp/config/dhcp.yml b/x-pack/filebeat/module/zeek/dhcp/config/dhcp.yml index 97c45a17920..cba0c8ccf17 100644 --- a/x-pack/filebeat/module/zeek/dhcp/config/dhcp.yml +++ b/x-pack/filebeat/module/zeek/dhcp/config/dhcp.yml @@ -118,3 +118,7 @@ processors: {{ if .community_id }} - community_id: {{ end }} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/dnp3/config/dnp3.yml b/x-pack/filebeat/module/zeek/dnp3/config/dnp3.yml index d059b4c79f9..6bed5fbef2d 100644 --- a/x-pack/filebeat/module/zeek/dnp3/config/dnp3.yml +++ b/x-pack/filebeat/module/zeek/dnp3/config/dnp3.yml @@ -66,3 +66,7 @@ processors: {{ if .community_id }} - community_id: {{ end }} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/dns/config/dns.yml b/x-pack/filebeat/module/zeek/dns/config/dns.yml index 7b4c332f5df..9a137ca2d9f 100644 --- a/x-pack/filebeat/module/zeek/dns/config/dns.yml +++ b/x-pack/filebeat/module/zeek/dns/config/dns.yml @@ -208,3 +208,7 @@ processors: - zeek.dns.auth - zeek.dns.addl - zeek.dns.ts + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/dpd/config/dpd.yml b/x-pack/filebeat/module/zeek/dpd/config/dpd.yml index 0a31b70f6bd..d4b8abc101a 100644 --- a/x-pack/filebeat/module/zeek/dpd/config/dpd.yml +++ b/x-pack/filebeat/module/zeek/dpd/config/dpd.yml @@ -55,3 +55,7 @@ processors: {{ if .community_id }} - community_id: {{ end }} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/files/config/files.yml b/x-pack/filebeat/module/zeek/files/config/files.yml index 74259307f41..413ccb7959b 100644 --- a/x-pack/filebeat/module/zeek/files/config/files.yml +++ b/x-pack/filebeat/module/zeek/files/config/files.yml @@ -37,3 +37,7 @@ processors: - file type: - info + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/ftp/config/ftp.yml b/x-pack/filebeat/module/zeek/ftp/config/ftp.yml index 3e91ace4831..cd380c29057 100644 --- a/x-pack/filebeat/module/zeek/ftp/config/ftp.yml +++ b/x-pack/filebeat/module/zeek/ftp/config/ftp.yml @@ -84,3 +84,7 @@ processors: {{ if .community_id }} - community_id: {{ end }} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/http/config/http.yml b/x-pack/filebeat/module/zeek/http/config/http.yml index 584160639cb..38f7241b314 100644 --- a/x-pack/filebeat/module/zeek/http/config/http.yml +++ b/x-pack/filebeat/module/zeek/http/config/http.yml @@ -91,3 +91,7 @@ processors: {{ if .community_id }} - community_id: {{ end }} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/intel/config/intel.yml b/x-pack/filebeat/module/zeek/intel/config/intel.yml index 2896ed72db9..cb52e756362 100644 --- a/x-pack/filebeat/module/zeek/intel/config/intel.yml +++ b/x-pack/filebeat/module/zeek/intel/config/intel.yml @@ -70,3 +70,7 @@ processors: {{ if .community_id }} - community_id: {{ end }} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/irc/config/irc.yml b/x-pack/filebeat/module/zeek/irc/config/irc.yml index 4d5783b8087..0b6991603a9 100644 --- a/x-pack/filebeat/module/zeek/irc/config/irc.yml +++ b/x-pack/filebeat/module/zeek/irc/config/irc.yml @@ -70,3 +70,7 @@ processors: {{ if .community_id }} - community_id: {{ end }} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/kerberos/config/kerberos.yml b/x-pack/filebeat/module/zeek/kerberos/config/kerberos.yml index 28c49507406..5a03d269d8e 100644 --- a/x-pack/filebeat/module/zeek/kerberos/config/kerberos.yml +++ b/x-pack/filebeat/module/zeek/kerberos/config/kerberos.yml @@ -102,3 +102,7 @@ processors: {{ if .community_id }} - community_id: {{ end }} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/modbus/config/modbus.yml b/x-pack/filebeat/module/zeek/modbus/config/modbus.yml index 6dc8c3004d4..923177268c6 100644 --- a/x-pack/filebeat/module/zeek/modbus/config/modbus.yml +++ b/x-pack/filebeat/module/zeek/modbus/config/modbus.yml @@ -71,3 +71,7 @@ processors: {{ if .community_id }} - community_id: {{ end }} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/mysql/config/mysql.yml b/x-pack/filebeat/module/zeek/mysql/config/mysql.yml index b28262b5bd5..da2b4b02d92 100644 --- a/x-pack/filebeat/module/zeek/mysql/config/mysql.yml +++ b/x-pack/filebeat/module/zeek/mysql/config/mysql.yml @@ -70,3 +70,7 @@ processors: {{ if .community_id }} - community_id: {{ end }} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/notice/config/notice.yml b/x-pack/filebeat/module/zeek/notice/config/notice.yml index 32ab849b6b5..3bf628c0029 100644 --- a/x-pack/filebeat/module/zeek/notice/config/notice.yml +++ b/x-pack/filebeat/module/zeek/notice/config/notice.yml @@ -100,3 +100,7 @@ processors: {{ if .community_id }} - community_id: {{ end }} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/ntlm/config/ntlm.yml b/x-pack/filebeat/module/zeek/ntlm/config/ntlm.yml index 55a6795b6fa..07b4960364a 100644 --- a/x-pack/filebeat/module/zeek/ntlm/config/ntlm.yml +++ b/x-pack/filebeat/module/zeek/ntlm/config/ntlm.yml @@ -84,3 +84,7 @@ processors: {{ if .community_id }} - community_id: {{ end }} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/ocsp/config/ocsp.yml b/x-pack/filebeat/module/zeek/ocsp/config/ocsp.yml index f6298a36d1e..f2355d34ad8 100644 --- a/x-pack/filebeat/module/zeek/ocsp/config/ocsp.yml +++ b/x-pack/filebeat/module/zeek/ocsp/config/ocsp.yml @@ -60,3 +60,7 @@ processors: target: event fields: kind: event + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/pe/config/pe.yml b/x-pack/filebeat/module/zeek/pe/config/pe.yml index cf5f54396ad..e6464ba8601 100644 --- a/x-pack/filebeat/module/zeek/pe/config/pe.yml +++ b/x-pack/filebeat/module/zeek/pe/config/pe.yml @@ -29,3 +29,7 @@ processors: - file type: - info + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/radius/config/radius.yml b/x-pack/filebeat/module/zeek/radius/config/radius.yml index 38338b1c84f..b80a2177a04 100644 --- a/x-pack/filebeat/module/zeek/radius/config/radius.yml +++ b/x-pack/filebeat/module/zeek/radius/config/radius.yml @@ -56,3 +56,7 @@ processors: {{ if .community_id }} - community_id: {{ end }} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/rdp/config/rdp.yml b/x-pack/filebeat/module/zeek/rdp/config/rdp.yml index b9b19e79dd7..fad5d1f4234 100644 --- a/x-pack/filebeat/module/zeek/rdp/config/rdp.yml +++ b/x-pack/filebeat/module/zeek/rdp/config/rdp.yml @@ -86,3 +86,7 @@ processors: {{ if .community_id }} - community_id: {{ end }} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/rfb/config/rfb.yml b/x-pack/filebeat/module/zeek/rfb/config/rfb.yml index f9a2618b02b..aa0f303e28e 100644 --- a/x-pack/filebeat/module/zeek/rfb/config/rfb.yml +++ b/x-pack/filebeat/module/zeek/rfb/config/rfb.yml @@ -71,3 +71,7 @@ processors: {{ if .community_id }} - community_id: {{ end }} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/sip/config/sip.yml b/x-pack/filebeat/module/zeek/sip/config/sip.yml index c94dbe5e40e..c289ff7103b 100644 --- a/x-pack/filebeat/module/zeek/sip/config/sip.yml +++ b/x-pack/filebeat/module/zeek/sip/config/sip.yml @@ -93,3 +93,7 @@ processors: {{ if .community_id }} - community_id: {{ end }} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/smb_cmd/config/smb_cmd.yml b/x-pack/filebeat/module/zeek/smb_cmd/config/smb_cmd.yml index ada63493d6f..b613880302f 100644 --- a/x-pack/filebeat/module/zeek/smb_cmd/config/smb_cmd.yml +++ b/x-pack/filebeat/module/zeek/smb_cmd/config/smb_cmd.yml @@ -99,3 +99,7 @@ processors: {{ if .community_id }} - community_id: {{ end }} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/smb_files/config/smb_files.yml b/x-pack/filebeat/module/zeek/smb_files/config/smb_files.yml index 8ab5ee36395..7c188a39f4d 100644 --- a/x-pack/filebeat/module/zeek/smb_files/config/smb_files.yml +++ b/x-pack/filebeat/module/zeek/smb_files/config/smb_files.yml @@ -59,3 +59,7 @@ processors: {{ if .community_id }} - community_id: {{ end }} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/smb_mapping/config/smb_mapping.yml b/x-pack/filebeat/module/zeek/smb_mapping/config/smb_mapping.yml index 0d0934c62c8..ca6ffa00ada 100644 --- a/x-pack/filebeat/module/zeek/smb_mapping/config/smb_mapping.yml +++ b/x-pack/filebeat/module/zeek/smb_mapping/config/smb_mapping.yml @@ -55,3 +55,7 @@ processors: {{ if .community_id }} - community_id: {{ end }} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/smtp/config/smtp.yml b/x-pack/filebeat/module/zeek/smtp/config/smtp.yml index fc8c3b0074f..6ec75151295 100644 --- a/x-pack/filebeat/module/zeek/smtp/config/smtp.yml +++ b/x-pack/filebeat/module/zeek/smtp/config/smtp.yml @@ -65,3 +65,7 @@ processors: {{ if .community_id }} - community_id: {{ end }} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/snmp/config/snmp.yml b/x-pack/filebeat/module/zeek/snmp/config/snmp.yml index 3431a990e0f..f3a670a9d2d 100644 --- a/x-pack/filebeat/module/zeek/snmp/config/snmp.yml +++ b/x-pack/filebeat/module/zeek/snmp/config/snmp.yml @@ -67,3 +67,7 @@ processors: {{ if .community_id }} - community_id: {{ end }} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/socks/config/socks.yml b/x-pack/filebeat/module/zeek/socks/config/socks.yml index ddbcd51d0b0..4d3060ae657 100644 --- a/x-pack/filebeat/module/zeek/socks/config/socks.yml +++ b/x-pack/filebeat/module/zeek/socks/config/socks.yml @@ -65,3 +65,7 @@ processors: {{ if .community_id }} - community_id: {{ end }} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/ssh/config/ssh.yml b/x-pack/filebeat/module/zeek/ssh/config/ssh.yml index e33f4e0e29e..5657816c73a 100644 --- a/x-pack/filebeat/module/zeek/ssh/config/ssh.yml +++ b/x-pack/filebeat/module/zeek/ssh/config/ssh.yml @@ -74,3 +74,7 @@ processors: {{ if .community_id }} - community_id: {{ end }} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/ssl/config/ssl.yml b/x-pack/filebeat/module/zeek/ssl/config/ssl.yml index 88bfcc4b53e..74336b8428c 100644 --- a/x-pack/filebeat/module/zeek/ssl/config/ssl.yml +++ b/x-pack/filebeat/module/zeek/ssl/config/ssl.yml @@ -77,3 +77,7 @@ processors: {{ if .community_id }} - community_id: {{ end }} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/stats/config/stats.yml b/x-pack/filebeat/module/zeek/stats/config/stats.yml index c77c9c1f750..ff8ca3cf95e 100644 --- a/x-pack/filebeat/module/zeek/stats/config/stats.yml +++ b/x-pack/filebeat/module/zeek/stats/config/stats.yml @@ -93,3 +93,7 @@ processors: ignore_missing: true fail_on_error: false + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/syslog/config/syslog.yml b/x-pack/filebeat/module/zeek/syslog/config/syslog.yml index a8420237af0..662968b502e 100644 --- a/x-pack/filebeat/module/zeek/syslog/config/syslog.yml +++ b/x-pack/filebeat/module/zeek/syslog/config/syslog.yml @@ -55,3 +55,7 @@ processors: {{ if .community_id }} - community_id: {{ end }} + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/traceroute/config/traceroute.yml b/x-pack/filebeat/module/zeek/traceroute/config/traceroute.yml index 8b4b40e0234..fc1c4b7230f 100644 --- a/x-pack/filebeat/module/zeek/traceroute/config/traceroute.yml +++ b/x-pack/filebeat/module/zeek/traceroute/config/traceroute.yml @@ -41,3 +41,7 @@ processors: - network type: - info + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/tunnel/config/tunnel.yml b/x-pack/filebeat/module/zeek/tunnel/config/tunnel.yml index ed9af2117ad..8781fa6dcd6 100644 --- a/x-pack/filebeat/module/zeek/tunnel/config/tunnel.yml +++ b/x-pack/filebeat/module/zeek/tunnel/config/tunnel.yml @@ -52,3 +52,7 @@ processors: - network type: - connection + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/weird/config/weird.yml b/x-pack/filebeat/module/zeek/weird/config/weird.yml index 1256f96902b..9631d283de4 100644 --- a/x-pack/filebeat/module/zeek/weird/config/weird.yml +++ b/x-pack/filebeat/module/zeek/weird/config/weird.yml @@ -52,3 +52,7 @@ processors: - network type: - info + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zeek/x509/config/x509.yml b/x-pack/filebeat/module/zeek/x509/config/x509.yml index 49a670e46e5..cb70bd594e7 100644 --- a/x-pack/filebeat/module/zeek/x509/config/x509.yml +++ b/x-pack/filebeat/module/zeek/x509/config/x509.yml @@ -63,3 +63,7 @@ processors: kind: event type: - info + - add_fields: + target: '' + fields: + ecs.version: 1.5.0