Explicitly set ECS version (#18209) (#18244)

Explicitly set the ecs version field in filesets that have been upgraded to ECS 1.5. Specifically: - activemq - apache - auditd - aws - cef - elasticsearch - googlecloud - haproxy - ibmmq - icinga - iis - iptables - kafka - kibana - logstash - misp - mongodb - mssql - mysql - nats - netflow - nginx - panw - postgresql - rabbitmq - redis - santa - suricata - system - zeek (cherry picked from commit 3df5db4)
elastic · May 5, 2020 · f1e596b · f1e596b
1 parent 6524eaa
commit f1e596b
Show file tree

Hide file tree

Showing 95 changed files with 428 additions and 12 deletions.
diff --git a/filebeat/module/apache/access/config/access.yml b/filebeat/module/apache/access/config/access.yml
@@ -4,3 +4,8 @@ paths:
  - {{$path}}
 {{ end }}
 exclude_files: [".gz$"]
+processors:
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/filebeat/module/apache/error/config/error.yml b/filebeat/module/apache/error/config/error.yml
@@ -6,4 +6,8 @@ paths:
 exclude_files: [".gz$"]
 
 processors:
-- add_locale: ~
+  - add_locale: ~
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/filebeat/module/auditd/log/config/log.yml b/filebeat/module/auditd/log/config/log.yml
@@ -4,3 +4,8 @@ paths:
  - {{$path}}
 {{ end }}
 exclude_files: [".gz$"]
+processors:
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/filebeat/module/elasticsearch/audit/config/audit.yml b/filebeat/module/elasticsearch/audit/config/audit.yml
@@ -6,4 +6,8 @@ paths:
 exclude_files: [".gz$"]
 
 processors:
-- add_locale: ~
+  - add_locale: ~
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/filebeat/module/elasticsearch/deprecation/config/log.yml b/filebeat/module/elasticsearch/deprecation/config/log.yml
@@ -12,3 +12,7 @@ multiline:
 processors:
 # Locale for time zone is only needed in non-json logs
 - add_locale.when.not.regexp.message: "^{"
+- add_fields:
+    target: ''
+    fields:
+      ecs.version: 1.5.0
diff --git a/filebeat/module/elasticsearch/gc/config/gc.yml b/filebeat/module/elasticsearch/gc/config/gc.yml
@@ -9,3 +9,8 @@ multiline:
   pattern: '^(\[?[0-9]{4}-[0-9]{2}-[0-9]{2}|{)'
   negate: true
   match: after
+processors:
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/filebeat/module/elasticsearch/server/config/log.yml b/filebeat/module/elasticsearch/server/config/log.yml
@@ -12,3 +12,7 @@ multiline:
 processors:
 # Locale for time zone is only needed in non-json logs
 - add_locale.when.not.regexp.message: "^{"
+- add_fields:
+    target: ''
+    fields:
+      ecs.version: 1.5.0
diff --git a/filebeat/module/elasticsearch/slowlog/config/slowlog.yml b/filebeat/module/elasticsearch/slowlog/config/slowlog.yml
@@ -13,3 +13,7 @@ multiline:
 processors:
 # Locale for time zone is only needed in non-json logs
 - add_locale.when.not.regexp.message: "^{"
+- add_fields:
+    target: ''
+    fields:
+      ecs.version: 1.5.0
diff --git a/filebeat/module/haproxy/log/config/file.yml b/filebeat/module/haproxy/log/config/file.yml
@@ -5,4 +5,8 @@ paths:
 {{ end }}
 exclude_files: [".gz$"]
 processors:
-- add_locale: ~
+  - add_locale: ~
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/filebeat/module/haproxy/log/config/syslog.yml b/filebeat/module/haproxy/log/config/syslog.yml
@@ -2,4 +2,8 @@ type: syslog
 protocol.udp:
   host: "{{.syslog_host}}:{{.syslog_port}}"
 processors:
-- add_locale: ~
+  - add_locale: ~
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/filebeat/module/icinga/debug/config/debug.yml b/filebeat/module/icinga/debug/config/debug.yml
@@ -8,3 +8,8 @@ multiline:
   pattern: '^\['
   negate: true
   match: after
+processors:
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/filebeat/module/icinga/main/config/main.yml b/filebeat/module/icinga/main/config/main.yml
@@ -8,3 +8,8 @@ multiline:
   pattern: '^\['
   negate: true
   match: after
+processors:
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/filebeat/module/icinga/startup/config/startup.yml b/filebeat/module/icinga/startup/config/startup.yml
@@ -8,3 +8,8 @@ multiline:
   pattern: '^[a-z]*\/[a-zA-Z]*:'
   negate: true
   match: after
+processors:
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/filebeat/module/iis/access/config/iis-access.yml b/filebeat/module/iis/access/config/iis-access.yml
@@ -5,3 +5,8 @@ paths:
 {{ end }}
 exclude_files: [".gz$"]
 exclude_lines: ["^#"]
+processors:
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/filebeat/module/iis/error/config/iis-error.yml b/filebeat/module/iis/error/config/iis-error.yml
@@ -5,3 +5,8 @@ paths:
 {{ end }}
 exclude_files: [".gz$"]
 exclude_lines: ["^#"]
+processors:
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/filebeat/module/kafka/log/config/log.yml b/filebeat/module/kafka/log/config/log.yml
@@ -9,4 +9,8 @@ multiline:
   negate: true
   match: after
 processors:
-- add_locale: ~
+  - add_locale: ~
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/filebeat/module/kibana/log/config/log.yml b/filebeat/module/kibana/log/config/log.yml
@@ -7,3 +7,8 @@ exclude_files: [".gz$"]
 
 json.keys_under_root: false
 json.add_error_key: true
+processors:
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/filebeat/module/logstash/log/config/log.yml b/filebeat/module/logstash/log/config/log.yml
@@ -15,3 +15,7 @@ multiline:
 processors:
 # Locale for time zone is only needed in non-json logs
 - add_locale.when.not.regexp.message: "^{"
+- add_fields:
+    target: ''
+    fields:
+      ecs.version: 1.5.0
diff --git a/filebeat/module/logstash/slowlog/config/slowlog.yml b/filebeat/module/logstash/slowlog/config/slowlog.yml
@@ -8,3 +8,7 @@ exclude_files: [".gz$"]
 processors:
 # Locale for time zone is only needed in non-json logs
 - add_locale.when.not.regexp.message: "^{"
+- add_fields:
+    target: ''
+    fields:
+      ecs.version: 1.5.0
diff --git a/filebeat/module/mongodb/log/config/log.yml b/filebeat/module/mongodb/log/config/log.yml
@@ -4,3 +4,8 @@ paths:
  - {{$path}}
 {{ end }}
 exclude_files: [".gz$"]
+processors:
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/filebeat/module/mysql/error/config/error.yml b/filebeat/module/mysql/error/config/error.yml
@@ -12,4 +12,8 @@ multiline:
   match: after
 
 processors:
-- add_locale: ~
+  - add_locale: ~
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/filebeat/module/mysql/slowlog/config/slowlog.yml b/filebeat/module/mysql/slowlog/config/slowlog.yml
@@ -9,3 +9,8 @@ multiline:
   negate: true
   match: after
 exclude_lines: ['^[\/\w\.]+, Version: .* started with:.*', '^# Time:.*']   # Exclude the header and time
+processors:
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/filebeat/module/nats/log/config/log.yml b/filebeat/module/nats/log/config/log.yml
@@ -4,3 +4,8 @@ paths:
  - {{$path}}
 {{ end }}
 exclude_files: [".gz$"]
+processors:
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/filebeat/module/nginx/access/config/nginx-access.yml b/filebeat/module/nginx/access/config/nginx-access.yml
@@ -6,4 +6,8 @@ paths:
 exclude_files: [".gz$"]
 
 processors:
-- add_locale: ~
+  - add_locale: ~
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/filebeat/module/nginx/error/config/nginx-error.yml b/filebeat/module/nginx/error/config/nginx-error.yml
@@ -10,4 +10,8 @@ multiline:
   match: after
 
 processors:
-- add_locale: ~
+  - add_locale: ~
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/filebeat/module/nginx/ingress_controller/config/ingress_controller.yml b/filebeat/module/nginx/ingress_controller/config/ingress_controller.yml
@@ -7,3 +7,7 @@ exclude_files: [".gz$"]
 
 processors:
   - add_locale: ~
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/filebeat/module/postgresql/log/config/log.yml b/filebeat/module/postgresql/log/config/log.yml
@@ -8,3 +8,8 @@ multiline:
   pattern: '^\d{4}-\d{2}-\d{2} '
   negate: true
   match: after
+processors:
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/filebeat/module/redis/log/config/log.yml b/filebeat/module/redis/log/config/log.yml
@@ -5,3 +5,8 @@ paths:
 {{ end }}
 exclude_files: [".gz$"]
 exclude_lines: ["^\\s+[\\-`('.|_]"]  # drop asciiart lines\n
+processors:
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/filebeat/module/santa/log/config/file.yml b/filebeat/module/santa/log/config/file.yml
@@ -4,3 +4,8 @@ paths:
  - {{$path}}
 {{ end }}
 exclude_files: [".gz$"]
+processors:
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/filebeat/module/system/auth/config/auth.yml b/filebeat/module/system/auth/config/auth.yml
@@ -8,4 +8,8 @@ multiline:
   pattern: "^\\s"
   match: after
 processors:
-- add_locale: ~
+  - add_locale: ~
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/filebeat/module/system/syslog/config/syslog.yml b/filebeat/module/system/syslog/config/syslog.yml
@@ -8,4 +8,8 @@ multiline:
   pattern: "^\\s"
   match: after
 processors:
-- add_locale: ~
+  - add_locale: ~
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/x-pack/filebeat/module/activemq/audit/config/audit.yml b/x-pack/filebeat/module/activemq/audit/config/audit.yml
@@ -4,3 +4,9 @@ paths:
  - {{$path}}
 {{ end }}
 exclude_files: [".gz$"]
+
+processors:
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/x-pack/filebeat/module/activemq/log/config/log.yml b/x-pack/filebeat/module/activemq/log/config/log.yml
@@ -10,3 +10,7 @@ multiline:
   match: after
 processors:
   - add_locale: ~
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/x-pack/filebeat/module/aws/cloudtrail/config/file.yml b/x-pack/filebeat/module/aws/cloudtrail/config/file.yml
@@ -4,3 +4,8 @@ paths:
   - {{$path}}
     {{ end }}
 exclude_files: [".gz$"]
+processors:
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/x-pack/filebeat/module/aws/cloudtrail/config/s3.yml b/x-pack/filebeat/module/aws/cloudtrail/config/s3.yml
@@ -37,3 +37,9 @@ session_token: {{ .session_token }}
 {{ if .role_arn }}
 role_arn: {{ .role_arn }}
 {{ end }}
+
+processors:
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/x-pack/filebeat/module/aws/cloudwatch/config/file.yml b/x-pack/filebeat/module/aws/cloudwatch/config/file.yml
@@ -4,3 +4,8 @@ paths:
   - {{$path}}
     {{ end }}
 exclude_files: [".gz$"]
+processors:
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/x-pack/filebeat/module/aws/cloudwatch/config/s3.yml b/x-pack/filebeat/module/aws/cloudwatch/config/s3.yml
@@ -36,3 +36,9 @@ session_token: {{ .session_token }}
 {{ if .role_arn }}
 role_arn: {{ .role_arn }}
 {{ end }}
+
+processors:
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/x-pack/filebeat/module/aws/ec2/config/file.yml b/x-pack/filebeat/module/aws/ec2/config/file.yml
@@ -4,3 +4,8 @@ paths:
   - {{$path}}
     {{ end }}
 exclude_files: [".gz$"]
+processors:
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/x-pack/filebeat/module/aws/ec2/config/s3.yml b/x-pack/filebeat/module/aws/ec2/config/s3.yml
@@ -36,3 +36,9 @@ session_token: {{ .session_token }}
 {{ if .role_arn }}
 role_arn: {{ .role_arn }}
 {{ end }}
+
+processors:
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/x-pack/filebeat/module/aws/elb/config/file.yml b/x-pack/filebeat/module/aws/elb/config/file.yml
@@ -4,3 +4,8 @@ paths:
 - {{$path}}
   {{ end }}
 exclude_files: [".gz$"]
+processors:
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/x-pack/filebeat/module/aws/elb/config/s3.yml b/x-pack/filebeat/module/aws/elb/config/s3.yml
@@ -36,3 +36,9 @@ session_token: {{ .session_token }}
 {{ if .role_arn }}
 role_arn: {{ .role_arn }}
 {{ end }}
+
+processors:
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/x-pack/filebeat/module/aws/s3access/config/file.yml b/x-pack/filebeat/module/aws/s3access/config/file.yml
@@ -4,3 +4,9 @@ paths:
 - {{$path}}
   {{ end }}
 exclude_files: [".gz$"]
+
+processors:
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0
diff --git a/x-pack/filebeat/module/aws/s3access/config/s3.yml b/x-pack/filebeat/module/aws/s3access/config/s3.yml
@@ -36,3 +36,9 @@ session_token: {{ .session_token }}
 {{ if .role_arn }}
 role_arn: {{ .role_arn }}
 {{ end }}
+
+processors:
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0