diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 5ee56534c73..aa575b9cdfd 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -392,6 +392,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Fix S3 input validation for non amazonaws.com domains. {issue}24420[24420] {pull}24861[24861] - Fix google_workspace and okta modules pagination when next page template is empty. {pull}24967[24967] - Fix IPtables Pipeline and Ubiquiti dashboard. {issue}24878[24878] {pull}24928[24928] +- Fix gcp module field names to use gcp instead of googlecloud. {pull}25038[25038] *Heartbeat* diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index e59ddb41c00..8de05cb166f 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -64951,7 +64951,7 @@ Module for handling logs from Google Cloud. [float] -=== googlecloud +=== gcp Fields from Google Cloud logs. @@ -64964,7 +64964,7 @@ If the destination of the connection was a VM located on the same VPC, this fiel -*`googlecloud.destination.instance.project_id`*:: +*`gcp.destination.instance.project_id`*:: + -- ID of the project containing the VM. @@ -64974,7 +64974,7 @@ type: keyword -- -*`googlecloud.destination.instance.region`*:: +*`gcp.destination.instance.region`*:: + -- Region of the VM. @@ -64984,7 +64984,7 @@ type: keyword -- -*`googlecloud.destination.instance.zone`*:: +*`gcp.destination.instance.zone`*:: + -- Zone of the VM. @@ -65001,7 +65001,7 @@ If the destination of the connection was a VM located on the same VPC, this fiel -*`googlecloud.destination.vpc.project_id`*:: +*`gcp.destination.vpc.project_id`*:: + -- ID of the project containing the VM. @@ -65011,7 +65011,7 @@ type: keyword -- -*`googlecloud.destination.vpc.vpc_name`*:: +*`gcp.destination.vpc.vpc_name`*:: + -- VPC on which the VM is operating. @@ -65021,7 +65021,7 @@ type: keyword -- -*`googlecloud.destination.vpc.subnetwork_name`*:: +*`gcp.destination.vpc.subnetwork_name`*:: + -- Subnetwork on which the VM is operating. @@ -65038,7 +65038,7 @@ If the source of the connection was a VM located on the same VPC, this field is -*`googlecloud.source.instance.project_id`*:: +*`gcp.source.instance.project_id`*:: + -- ID of the project containing the VM. @@ -65048,7 +65048,7 @@ type: keyword -- -*`googlecloud.source.instance.region`*:: +*`gcp.source.instance.region`*:: + -- Region of the VM. @@ -65058,7 +65058,7 @@ type: keyword -- -*`googlecloud.source.instance.zone`*:: +*`gcp.source.instance.zone`*:: + -- Zone of the VM. @@ -65075,7 +65075,7 @@ If the source of the connection was a VM located on the same VPC, this field is -*`googlecloud.source.vpc.project_id`*:: +*`gcp.source.vpc.project_id`*:: + -- ID of the project containing the VM. @@ -65085,7 +65085,7 @@ type: keyword -- -*`googlecloud.source.vpc.vpc_name`*:: +*`gcp.source.vpc.vpc_name`*:: + -- VPC on which the VM is operating. @@ -65095,7 +65095,7 @@ type: keyword -- -*`googlecloud.source.vpc.subnetwork_name`*:: +*`gcp.source.vpc.subnetwork_name`*:: + -- Subnetwork on which the VM is operating. @@ -65112,7 +65112,7 @@ Fields for Google Cloud audit logs. -*`googlecloud.audit.type`*:: +*`gcp.audit.type`*:: + -- Type property. @@ -65129,7 +65129,7 @@ Authentication information. -*`googlecloud.audit.authentication_info.principal_email`*:: +*`gcp.audit.authentication_info.principal_email`*:: + -- The email address of the authenticated user making the request. @@ -65139,7 +65139,7 @@ type: keyword -- -*`googlecloud.audit.authentication_info.authority_selector`*:: +*`gcp.audit.authentication_info.authority_selector`*:: + -- The authority selector specified by the requestor, if any. It is not guaranteed that the principal was allowed to use this authority. @@ -65149,7 +65149,7 @@ type: keyword -- -*`googlecloud.audit.authorization_info`*:: +*`gcp.audit.authorization_info`*:: + -- Authorization information for the operation. @@ -65159,7 +65159,7 @@ type: array -- -*`googlecloud.audit.method_name`*:: +*`gcp.audit.method_name`*:: + -- The name of the service method or operation. For API calls, this should be the name of the API method. For example, 'google.datastore.v1.Datastore.RunQuery'. @@ -65169,7 +65169,7 @@ type: keyword -- -*`googlecloud.audit.num_response_items`*:: +*`gcp.audit.num_response_items`*:: + -- The number of items returned from a List or Query API method, if applicable. @@ -65186,7 +65186,7 @@ The operation request. -*`googlecloud.audit.request.proto_name`*:: +*`gcp.audit.request.proto_name`*:: + -- Type property of the request. @@ -65196,7 +65196,7 @@ type: keyword -- -*`googlecloud.audit.request.filter`*:: +*`gcp.audit.request.filter`*:: + -- Filter of the request. @@ -65206,7 +65206,7 @@ type: keyword -- -*`googlecloud.audit.request.name`*:: +*`gcp.audit.request.name`*:: + -- Name of the request. @@ -65216,7 +65216,7 @@ type: keyword -- -*`googlecloud.audit.request.resource_name`*:: +*`gcp.audit.request.resource_name`*:: + -- Name of the request resource. @@ -65233,7 +65233,7 @@ Metadata about the request. -*`googlecloud.audit.request_metadata.caller_ip`*:: +*`gcp.audit.request_metadata.caller_ip`*:: + -- The IP address of the caller. @@ -65243,7 +65243,7 @@ type: ip -- -*`googlecloud.audit.request_metadata.caller_supplied_user_agent`*:: +*`gcp.audit.request_metadata.caller_supplied_user_agent`*:: + -- The user agent of the caller. This information is not authenticated and should be treated accordingly. @@ -65260,7 +65260,7 @@ The operation response. -*`googlecloud.audit.response.proto_name`*:: +*`gcp.audit.response.proto_name`*:: + -- Type property of the response. @@ -65277,7 +65277,7 @@ The details of the response. -*`googlecloud.audit.response.details.group`*:: +*`gcp.audit.response.details.group`*:: + -- The name of the group. @@ -65287,7 +65287,7 @@ type: keyword -- -*`googlecloud.audit.response.details.kind`*:: +*`gcp.audit.response.details.kind`*:: + -- The kind of the response details. @@ -65297,7 +65297,7 @@ type: keyword -- -*`googlecloud.audit.response.details.name`*:: +*`gcp.audit.response.details.name`*:: + -- The name of the response details. @@ -65307,7 +65307,7 @@ type: keyword -- -*`googlecloud.audit.response.details.uid`*:: +*`gcp.audit.response.details.uid`*:: + -- The uid of the response details. @@ -65317,7 +65317,7 @@ type: keyword -- -*`googlecloud.audit.response.status`*:: +*`gcp.audit.response.status`*:: + -- Status of the response. @@ -65327,7 +65327,7 @@ type: keyword -- -*`googlecloud.audit.resource_name`*:: +*`gcp.audit.resource_name`*:: + -- The resource or collection that is the target of the operation. The name is a scheme-less URI, not including the API service name. For example, 'shelves/SHELF_ID/books'. @@ -65344,7 +65344,7 @@ The location of the resource. -*`googlecloud.audit.resource_location.current_locations`*:: +*`gcp.audit.resource_location.current_locations`*:: + -- Current locations of the resource. @@ -65354,7 +65354,7 @@ type: keyword -- -*`googlecloud.audit.service_name`*:: +*`gcp.audit.service_name`*:: + -- The name of the API service performing the operation. For example, datastore.googleapis.com. @@ -65371,7 +65371,7 @@ The status of the overall operation. -*`googlecloud.audit.status.code`*:: +*`gcp.audit.status.code`*:: + -- The status code, which should be an enum value of google.rpc.Code. @@ -65381,7 +65381,7 @@ type: integer -- -*`googlecloud.audit.status.message`*:: +*`gcp.audit.status.message`*:: + -- A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. @@ -65405,7 +65405,7 @@ Description of the firewall rule that matched this connection. -*`googlecloud.firewall.rule_details.priority`*:: +*`gcp.firewall.rule_details.priority`*:: + -- The priority for the firewall rule. @@ -65414,7 +65414,7 @@ type: long -- -*`googlecloud.firewall.rule_details.action`*:: +*`gcp.firewall.rule_details.action`*:: + -- Action that the rule performs on match. @@ -65423,7 +65423,7 @@ type: keyword -- -*`googlecloud.firewall.rule_details.direction`*:: +*`gcp.firewall.rule_details.direction`*:: + -- Direction of traffic that matches this rule. @@ -65432,7 +65432,7 @@ type: keyword -- -*`googlecloud.firewall.rule_details.reference`*:: +*`gcp.firewall.rule_details.reference`*:: + -- Reference to the firewall rule. @@ -65441,7 +65441,7 @@ type: keyword -- -*`googlecloud.firewall.rule_details.source_range`*:: +*`gcp.firewall.rule_details.source_range`*:: + -- List of source ranges that the firewall rule applies to. @@ -65450,7 +65450,7 @@ type: keyword -- -*`googlecloud.firewall.rule_details.destination_range`*:: +*`gcp.firewall.rule_details.destination_range`*:: + -- List of destination ranges that the firewall applies to. @@ -65459,7 +65459,7 @@ type: keyword -- -*`googlecloud.firewall.rule_details.source_tag`*:: +*`gcp.firewall.rule_details.source_tag`*:: + -- List of all the source tags that the firewall rule applies to. @@ -65469,7 +65469,7 @@ type: keyword -- -*`googlecloud.firewall.rule_details.target_tag`*:: +*`gcp.firewall.rule_details.target_tag`*:: + -- List of all the target tags that the firewall rule applies to. @@ -65479,7 +65479,7 @@ type: keyword -- -*`googlecloud.firewall.rule_details.ip_port_info`*:: +*`gcp.firewall.rule_details.ip_port_info`*:: + -- List of ip protocols and applicable port ranges for rules. @@ -65489,7 +65489,7 @@ type: array -- -*`googlecloud.firewall.rule_details.source_service_account`*:: +*`gcp.firewall.rule_details.source_service_account`*:: + -- List of all the source service accounts that the firewall rule applies to. @@ -65499,7 +65499,7 @@ type: keyword -- -*`googlecloud.firewall.rule_details.target_service_account`*:: +*`gcp.firewall.rule_details.target_service_account`*:: + -- List of all the target service accounts that the firewall rule applies to. @@ -65516,7 +65516,7 @@ Fields for Google Cloud VPC flow logs. -*`googlecloud.vpcflow.reporter`*:: +*`gcp.vpcflow.reporter`*:: + -- The side which reported the flow. Can be either 'SRC' or 'DEST'. @@ -65526,7 +65526,7 @@ type: keyword -- -*`googlecloud.vpcflow.rtt.ms`*:: +*`gcp.vpcflow.rtt.ms`*:: + -- Latency as measured (for TCP flows only) during the time interval. This is the time elapsed between sending a SEQ and receiving a corresponding ACK and it contains the network RTT as well as the application related delay. diff --git a/x-pack/filebeat/module/gcp/_meta/fields.yml b/x-pack/filebeat/module/gcp/_meta/fields.yml index f574d666eb7..8b07d07e4e0 100644 --- a/x-pack/filebeat/module/gcp/_meta/fields.yml +++ b/x-pack/filebeat/module/gcp/_meta/fields.yml @@ -3,7 +3,7 @@ description: > Module for handling logs from Google Cloud. fields: - - name: googlecloud + - name: gcp type: group description: > Fields from Google Cloud logs. diff --git a/x-pack/filebeat/module/gcp/audit/config/pipeline.js b/x-pack/filebeat/module/gcp/audit/config/pipeline.js index a24bd621934..878f2b19b8d 100644 --- a/x-pack/filebeat/module/gcp/audit/config/pipeline.js +++ b/x-pack/filebeat/module/gcp/audit/config/pipeline.js @@ -79,121 +79,121 @@ function Audit(keep_original_message) { fields: [ { from: "json.@type", - to: "googlecloud.audit.type", + to: "gcp.audit.type", type: "string" }, { from: "json.authenticationInfo.principalEmail", - to: "googlecloud.audit.authentication_info.principal_email", + to: "gcp.audit.authentication_info.principal_email", type: "string" }, { from: "json.authenticationInfo.authoritySelector", - to: "googlecloud.audit.authentication_info.authority_selector", + to: "gcp.audit.authentication_info.authority_selector", type: "string" }, { from: "json.authorizationInfo", - to: "googlecloud.audit.authorization_info" + to: "gcp.audit.authorization_info" // Type is an array of objects. }, { from: "json.methodName", - to: "googlecloud.audit.method_name", + to: "gcp.audit.method_name", type: "string", }, { from: "json.numResponseItems", - to: "googlecloud.audit.num_response_items", + to: "gcp.audit.num_response_items", type: "long" }, { from: "json.request.@type", - to: "googlecloud.audit.request.proto_name", + to: "gcp.audit.request.proto_name", type: "string" }, // The values in the request object will depend on the proto type. // So be very careful about making any assumptions about data shape. { from: "json.request.filter", - to: "googlecloud.audit.request.filter", + to: "gcp.audit.request.filter", type: "string" }, { from: "json.request.name", - to: "googlecloud.audit.request.name", + to: "gcp.audit.request.name", type: "string" }, { from: "json.request.resourceName", - to: "googlecloud.audit.request.resource_name", + to: "gcp.audit.request.resource_name", type: "string" }, { from: "json.requestMetadata.callerIp", - to: "googlecloud.audit.request_metadata.caller_ip", + to: "gcp.audit.request_metadata.caller_ip", type: "ip" }, { from: "json.requestMetadata.callerSuppliedUserAgent", - to: "googlecloud.audit.request_metadata.caller_supplied_user_agent", + to: "gcp.audit.request_metadata.caller_supplied_user_agent", type: "string", }, { from: "json.response.@type", - to: "googlecloud.audit.response.proto_name", + to: "gcp.audit.response.proto_name", type: "string" }, // The values in the response object will depend on the proto type. // So be very careful about making any assumptions about data shape. { from: "json.response.status", - to: "googlecloud.audit.response.status", + to: "gcp.audit.response.status", type: "string" }, { from: "json.response.details.group", - to: "googlecloud.audit.response.details.group", + to: "gcp.audit.response.details.group", type: "string" }, { from: "json.response.details.kind", - to: "googlecloud.audit.response.details.kind", + to: "gcp.audit.response.details.kind", type: "string" }, { from: "json.response.details.name", - to: "googlecloud.audit.response.details.name", + to: "gcp.audit.response.details.name", type: "string" }, { from: "json.response.details.uid", - to: "googlecloud.audit.response.details.uid", + to: "gcp.audit.response.details.uid", type: "string", }, { from: "json.resourceName", - to: "googlecloud.audit.resource_name", + to: "gcp.audit.resource_name", type: "string", }, { from: "json.resourceLocation.currentLocations", - to: "googlecloud.audit.resource_location.current_locations" + to: "gcp.audit.resource_location.current_locations" // Type is a string array. }, { from: "json.serviceName", - to: "googlecloud.audit.service_name", + to: "gcp.audit.service_name", type: "string", }, { from: "json.status.code", - to: "googlecloud.audit.status.code", + to: "gcp.audit.status.code", type: "integer", }, { from: "json.status.message", - to: "googlecloud.audit.status.message", + to: "gcp.audit.status.message", type: "string" }, ], @@ -206,27 +206,27 @@ function Audit(keep_original_message) { var copyFields = new processor.Convert({ fields: [ { - from: "googlecloud.audit.request_metadata.caller_ip", + from: "gcp.audit.request_metadata.caller_ip", to: "source.ip", type: "ip" }, { - from: "googlecloud.audit.authentication_info.principal_email", + from: "gcp.audit.authentication_info.principal_email", to: "user.email", type: "string" }, { - from: "googlecloud.audit.service_name", + from: "gcp.audit.service_name", to: "service.name", type: "string" }, { - from: "googlecloud.audit.request_metadata.caller_supplied_user_agent", + from: "gcp.audit.request_metadata.caller_supplied_user_agent", to: "user_agent.original", type: "string" }, { - from: "googlecloud.audit.method_name", + from: "gcp.audit.method_name", to: "event.action", type: "string" }, @@ -242,7 +242,7 @@ function Audit(keep_original_message) { // Rename nested fields. var renameNestedFields = function(evt) { - var arr = evt.Get("googlecloud.audit.authorization_info"); + var arr = evt.Get("gcp.audit.authorization_info"); if (Array.isArray(arr)) { for (var i = 0; i < arr.length; i++) { if (arr[i].resourceAttributes) { @@ -259,14 +259,14 @@ function Audit(keep_original_message) { evt.Put("event.kind", "event"); // google.rpc.Code value for OK is 0. - if (evt.Get("googlecloud.audit.status.code") === 0) { + if (evt.Get("gcp.audit.status.code") === 0) { evt.Put("event.outcome", "success"); return; } // Try to use authorization_info.granted when there was no status code. - if (evt.Get("googlecloud.audit.status.code") == null) { - var authorization_info = evt.Get("googlecloud.audit.authorization_info"); + if (evt.Get("gcp.audit.status.code") == null) { + var authorization_info = evt.Get("gcp.audit.authorization_info"); if (Array.isArray(authorization_info) && authorization_info.length === 1) { if (authorization_info[0].granted === true) { evt.Put("event.outcome", "success"); diff --git a/x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log-expected.json b/x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log-expected.json index d7e057c466a..4f3a0264141 100644 --- a/x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log-expected.json +++ b/x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log-expected.json @@ -9,8 +9,8 @@ "event.module": "gcp", "event.outcome": "success", "fileset.name": "audit", - "googlecloud.audit.authentication_info.principal_email": "xxx@xxx.xxx", - "googlecloud.audit.authorization_info": [ + "gcp.audit.authentication_info.principal_email": "xxx@xxx.xxx", + "gcp.audit.authorization_info": [ { "granted": true, "permission": "resourcemanager.projects.get", @@ -18,13 +18,13 @@ "resource_attributes": {} } ], - "googlecloud.audit.method_name": "GetResourceBillingInfo", - "googlecloud.audit.request.proto_name": "type.googleapis.com/google.internal.cloudbilling.billingaccount.v1.GetResourceBillingInfoRequest", - "googlecloud.audit.request.resource_name": "projects/189716325846", - "googlecloud.audit.request_metadata.caller_ip": "192.168.1.1", - "googlecloud.audit.resource_name": "projects/elastic-beats", - "googlecloud.audit.service_name": "cloudbilling.googleapis.com", - "googlecloud.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", + "gcp.audit.method_name": "GetResourceBillingInfo", + "gcp.audit.request.proto_name": "type.googleapis.com/google.internal.cloudbilling.billingaccount.v1.GetResourceBillingInfoRequest", + "gcp.audit.request.resource_name": "projects/189716325846", + "gcp.audit.request_metadata.caller_ip": "192.168.1.1", + "gcp.audit.resource_name": "projects/elastic-beats", + "gcp.audit.service_name": "cloudbilling.googleapis.com", + "gcp.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", "input.type": "log", "log.logger": "projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access", "log.offset": 0, @@ -46,8 +46,8 @@ "event.module": "gcp", "event.outcome": "failure", "fileset.name": "audit", - "googlecloud.audit.authentication_info.principal_email": "xxx@xxx.xxx", - "googlecloud.audit.authorization_info": [ + "gcp.audit.authentication_info.principal_email": "xxx@xxx.xxx", + "gcp.audit.authorization_info": [ { "granted": false, "permission": "compute.machineTypes.list", @@ -58,17 +58,17 @@ } } ], - "googlecloud.audit.method_name": "beta.compute.machineTypes.aggregatedList", - "googlecloud.audit.num_response_items": 71, - "googlecloud.audit.request.proto_name": "type.googleapis.com/compute.machineTypes.aggregatedList", - "googlecloud.audit.request_metadata.caller_ip": "192.168.1.1", - "googlecloud.audit.request_metadata.caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", - "googlecloud.audit.resource_location.current_locations": [ + "gcp.audit.method_name": "beta.compute.machineTypes.aggregatedList", + "gcp.audit.num_response_items": 71, + "gcp.audit.request.proto_name": "type.googleapis.com/compute.machineTypes.aggregatedList", + "gcp.audit.request_metadata.caller_ip": "192.168.1.1", + "gcp.audit.request_metadata.caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", + "gcp.audit.resource_location.current_locations": [ "global" ], - "googlecloud.audit.resource_name": "projects/elastic-beats/global/machineTypes", - "googlecloud.audit.service_name": "compute.googleapis.com", - "googlecloud.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", + "gcp.audit.resource_name": "projects/elastic-beats/global/machineTypes", + "gcp.audit.service_name": "compute.googleapis.com", + "gcp.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", "input.type": "log", "log.logger": "projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access", "log.offset": 945, @@ -98,8 +98,8 @@ "event.module": "gcp", "event.outcome": "success", "fileset.name": "audit", - "googlecloud.audit.authentication_info.principal_email": "xxx@xxx.xxx", - "googlecloud.audit.authorization_info": [ + "gcp.audit.authentication_info.principal_email": "xxx@xxx.xxx", + "gcp.audit.authorization_info": [ { "granted": true, "permission": "compute.instances.list", @@ -110,23 +110,23 @@ } } ], - "googlecloud.audit.method_name": "beta.compute.instances.aggregatedList", - "googlecloud.audit.num_response_items": 61, - "googlecloud.audit.request.proto_name": "type.googleapis.com/compute.instances.aggregatedList", - "googlecloud.audit.request_metadata.caller_ip": "192.168.1.1", - "googlecloud.audit.request_metadata.caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", - "googlecloud.audit.resource_location.current_locations": [ + "gcp.audit.method_name": "beta.compute.instances.aggregatedList", + "gcp.audit.num_response_items": 61, + "gcp.audit.request.proto_name": "type.googleapis.com/compute.instances.aggregatedList", + "gcp.audit.request_metadata.caller_ip": "192.168.1.1", + "gcp.audit.request_metadata.caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", + "gcp.audit.resource_location.current_locations": [ "global" ], - "googlecloud.audit.resource_name": "projects/elastic-beats/global/instances", - "googlecloud.audit.response.details.group": "batch", - "googlecloud.audit.response.details.kind": "jobs", - "googlecloud.audit.response.details.name": "gsuite-exporter-1589294700", - "googlecloud.audit.response.details.uid": "2beff34a-945f-11ea-bacf-42010a80007f", - "googlecloud.audit.response.proto_name": "core.k8s.io/v1.Status", - "googlecloud.audit.response.status": "Success", - "googlecloud.audit.service_name": "compute.googleapis.com", - "googlecloud.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", + "gcp.audit.resource_name": "projects/elastic-beats/global/instances", + "gcp.audit.response.details.group": "batch", + "gcp.audit.response.details.kind": "jobs", + "gcp.audit.response.details.name": "gsuite-exporter-1589294700", + "gcp.audit.response.details.uid": "2beff34a-945f-11ea-bacf-42010a80007f", + "gcp.audit.response.proto_name": "core.k8s.io/v1.Status", + "gcp.audit.response.status": "Success", + "gcp.audit.service_name": "compute.googleapis.com", + "gcp.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", "input.type": "log", "log.logger": "projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access", "log.offset": 2252, @@ -156,8 +156,8 @@ "event.module": "gcp", "event.outcome": "failure", "fileset.name": "audit", - "googlecloud.audit.authentication_info.principal_email": "xxx@xxx.xxx", - "googlecloud.audit.authorization_info": [ + "gcp.audit.authentication_info.principal_email": "xxx@xxx.xxx", + "gcp.audit.authorization_info": [ { "permission": "compute.instances.list", "resource_attributes": { @@ -167,19 +167,19 @@ } } ], - "googlecloud.audit.method_name": "beta.compute.instances.aggregatedList", - "googlecloud.audit.num_response_items": 61, - "googlecloud.audit.request.proto_name": "type.googleapis.com/compute.instances.aggregatedList", - "googlecloud.audit.request_metadata.caller_ip": "192.168.1.1", - "googlecloud.audit.request_metadata.caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", - "googlecloud.audit.resource_location.current_locations": [ + "gcp.audit.method_name": "beta.compute.instances.aggregatedList", + "gcp.audit.num_response_items": 61, + "gcp.audit.request.proto_name": "type.googleapis.com/compute.instances.aggregatedList", + "gcp.audit.request_metadata.caller_ip": "192.168.1.1", + "gcp.audit.request_metadata.caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", + "gcp.audit.resource_location.current_locations": [ "global" ], - "googlecloud.audit.resource_name": "projects/elastic-beats/global/instances", - "googlecloud.audit.service_name": "compute.googleapis.com", - "googlecloud.audit.status.code": 7, - "googlecloud.audit.status.message": "PERMISSION_DENIED", - "googlecloud.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", + "gcp.audit.resource_name": "projects/elastic-beats/global/instances", + "gcp.audit.service_name": "compute.googleapis.com", + "gcp.audit.status.code": 7, + "gcp.audit.status.message": "PERMISSION_DENIED", + "gcp.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", "input.type": "log", "log.logger": "projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access", "log.offset": 3776, @@ -209,24 +209,24 @@ "event.module": "gcp", "event.outcome": "success", "fileset.name": "audit", - "googlecloud.audit.authentication_info.principal_email": "system:serviceaccount:cert-manager:cert-manager-webhook", - "googlecloud.audit.authorization_info": [ + "gcp.audit.authentication_info.principal_email": "system:serviceaccount:cert-manager:cert-manager-webhook", + "gcp.audit.authorization_info": [ { "granted": true, "permission": "io.k8s.authorization.v1beta1.subjectaccessreviews.create", "resource": "authorization.k8s.io/v1beta1/subjectaccessreviews" } ], - "googlecloud.audit.method_name": "io.k8s.authorization.v1beta1.subjectaccessreviews.create", - "googlecloud.audit.request.proto_name": "authorization.k8s.io/v1beta1.SubjectAccessReview", - "googlecloud.audit.request_metadata.caller_ip": "10.11.12.13", - "googlecloud.audit.request_metadata.caller_supplied_user_agent": "webhook/v0.0.0 (linux/amd64) kubernetes/$Format", - "googlecloud.audit.resource_name": "authorization.k8s.io/v1beta1/subjectaccessreviews", - "googlecloud.audit.response.proto_name": "authorization.k8s.io/v1beta1.SubjectAccessReview", - "googlecloud.audit.response.status": "map[allowed:true reason:RBAC: allowed by ClusterRoleBinding \"system:discovery\" of ClusterRole \"system:discovery\" to Group \"system:authenticated\"]", - "googlecloud.audit.service_name": "k8s.io", - "googlecloud.audit.status.code": 0, - "googlecloud.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", + "gcp.audit.method_name": "io.k8s.authorization.v1beta1.subjectaccessreviews.create", + "gcp.audit.request.proto_name": "authorization.k8s.io/v1beta1.SubjectAccessReview", + "gcp.audit.request_metadata.caller_ip": "10.11.12.13", + "gcp.audit.request_metadata.caller_supplied_user_agent": "webhook/v0.0.0 (linux/amd64) kubernetes/$Format", + "gcp.audit.resource_name": "authorization.k8s.io/v1beta1/subjectaccessreviews", + "gcp.audit.response.proto_name": "authorization.k8s.io/v1beta1.SubjectAccessReview", + "gcp.audit.response.status": "map[allowed:true reason:RBAC: allowed by ClusterRoleBinding \"system:discovery\" of ClusterRole \"system:discovery\" to Group \"system:authenticated\"]", + "gcp.audit.service_name": "k8s.io", + "gcp.audit.status.code": 0, + "gcp.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", "input.type": "log", "log.logger": "projects/foo/logs/cloudaudit.googleapis.com%2Fdata_access", "log.offset": 5100, @@ -253,8 +253,8 @@ "event.module": "gcp", "event.outcome": "success", "fileset.name": "audit", - "googlecloud.audit.authentication_info.principal_email": "user@mycompany.com", - "googlecloud.audit.authorization_info": [ + "gcp.audit.authentication_info.principal_email": "user@mycompany.com", + "gcp.audit.authorization_info": [ { "granted": true, "permission": "compute.images.create", @@ -265,19 +265,19 @@ } } ], - "googlecloud.audit.method_name": "v1.compute.images.insert", - "googlecloud.audit.request.name": "windows-server-2016-v20200805", - "googlecloud.audit.request.proto_name": "type.googleapis.com/compute.images.insert", - "googlecloud.audit.request_metadata.caller_ip": "1.2.3.4", - "googlecloud.audit.request_metadata.caller_supplied_user_agent": "google-cloud-sdk gcloud/290.0.1 command/gcloud.compute.images.create invocation-id/032752ad0fa44b4ea951951d2deef6a3 environment/None environment-version/None interactive/True from-script/False python/2.7.17 term/xterm-256color (Macintosh; Intel Mac OS X 19.6.0),gzip(gfe)", - "googlecloud.audit.resource_location.current_locations": [ + "gcp.audit.method_name": "v1.compute.images.insert", + "gcp.audit.request.name": "windows-server-2016-v20200805", + "gcp.audit.request.proto_name": "type.googleapis.com/compute.images.insert", + "gcp.audit.request_metadata.caller_ip": "1.2.3.4", + "gcp.audit.request_metadata.caller_supplied_user_agent": "google-cloud-sdk gcloud/290.0.1 command/gcloud.compute.images.create invocation-id/032752ad0fa44b4ea951951d2deef6a3 environment/None environment-version/None interactive/True from-script/False python/2.7.17 term/xterm-256color (Macintosh; Intel Mac OS X 19.6.0),gzip(gfe)", + "gcp.audit.resource_location.current_locations": [ "eu" ], - "googlecloud.audit.resource_name": "projects/foo/global/images/windows-server-2016-v20200805", - "googlecloud.audit.response.proto_name": "type.googleapis.com/operation", - "googlecloud.audit.response.status": "RUNNING", - "googlecloud.audit.service_name": "compute.googleapis.com", - "googlecloud.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", + "gcp.audit.resource_name": "projects/foo/global/images/windows-server-2016-v20200805", + "gcp.audit.response.proto_name": "type.googleapis.com/operation", + "gcp.audit.response.status": "RUNNING", + "gcp.audit.service_name": "compute.googleapis.com", + "gcp.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", "input.type": "log", "log.logger": "projects/foo/logs/cloudaudit.googleapis.com%2Factivity", "log.offset": 7530, @@ -315,14 +315,14 @@ "event.module": "gcp", "event.outcome": "unknown", "fileset.name": "audit", - "googlecloud.audit.authentication_info.principal_email": "user@mycompany.com", - "googlecloud.audit.method_name": "beta.compute.instances.stop", - "googlecloud.audit.request.proto_name": "type.googleapis.com/compute.instances.stop", - "googlecloud.audit.request_metadata.caller_ip": "2.3.4.5", - "googlecloud.audit.request_metadata.caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0,gzip(gfe),gzip(gfe)", - "googlecloud.audit.resource_name": "projects/foo/zones/us-central1-a/instances/win10-test", - "googlecloud.audit.service_name": "compute.googleapis.com", - "googlecloud.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", + "gcp.audit.authentication_info.principal_email": "user@mycompany.com", + "gcp.audit.method_name": "beta.compute.instances.stop", + "gcp.audit.request.proto_name": "type.googleapis.com/compute.instances.stop", + "gcp.audit.request_metadata.caller_ip": "2.3.4.5", + "gcp.audit.request_metadata.caller_supplied_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0,gzip(gfe),gzip(gfe)", + "gcp.audit.resource_name": "projects/foo/zones/us-central1-a/instances/win10-test", + "gcp.audit.service_name": "compute.googleapis.com", + "gcp.audit.type": "type.googleapis.com/google.cloud.audit.AuditLog", "input.type": "log", "log.logger": "projects/foo/logs/cloudaudit.googleapis.com%2Factivity", "log.offset": 9946, diff --git a/x-pack/filebeat/module/gcp/fields.go b/x-pack/filebeat/module/gcp/fields.go index 0e5675483bb..ca7a5e13091 100644 --- a/x-pack/filebeat/module/gcp/fields.go +++ b/x-pack/filebeat/module/gcp/fields.go @@ -19,5 +19,5 @@ func init() { // AssetGcp returns asset data. // This is the base64 encoded gzipped contents of module/gcp. func AssetGcp() string { - return "eJzsWktv48gRvvtX1M27gIeLXH0IYMjjjZFx4LWVCZCL0GqWyI6b3Uw/pGh+fdAvik9ZtuhJBhidbD6++lhVXfV1kZ/gBffXUND6AsAww/Eafpey4AgLLm0Oj5yYjVQV/PL74vHXC4AcNVWsNkyKa/jzBQDAg8wtR9hIBSUROWeiAC4LDRslqw5cdgGwYchzfe3v/ASCVHgNhb+Gukv8cQCzr91xJW0dj4wYdr87Dzc05Rlk8bK2zbbdHLVhgjjMjAltiKDYXDRG4ggR97vfgCmxDQsyHKJSCKT+yI5oIPD1AbikxGAOUvhLNKkQvj4urjqQpmQ68AemoZa15f6mHTOlA0m0IUdDGNcZ3Asg8FwShbmD66BRKTassMpzu4JayX8hNSuWA5VKoa6lyDUY6QnFs2BKYkDuhHZHO3DJ+BVYbQnn+/AgqLaMNvdnrVv6gWgH40CmczqF4QX3O6n6544EwwfkNgUgPQyVwhAmXI66w18fsotRNgoLJsV8TJ48XmIzafabFDif0X9KgaMmxxbAtqY/VO4/LkCg2Un1Mnvuu3wP3EupzY+dyNuartxf83FxnnexLBkto20XH1mj860oJohou47xmpnPcwN8Kq2GkrSK4pylPyC+J/N9tncgf1b9n1X/Q6p+TPt5Cv53yfiftf5nrfe/k2t9nxGxOTPnpHvaaEjV3Wd44M5uA0ZzJhFxhi9O88ZRXyz3tU+QGpXZZyOGiDUlCsOoXwQrJjZyxG7fA69YvemAggNVVdCPMFzKk4uGCcpqwldYEcbny45lieAhgeS5Qq3TQmr5AnOwGhVU5CWtJ4X/tqhN7wnafpSKmf1KI0dqpJqXcIMPCR90jZRtGOaw3rcZSnUFbANE7DO4Ny7jhTRQWKKIMIg5DAz4+hZKSfR5qMucyx3mrgJajUFoNzw6fuh54dvRZCJKkf3bkqnBbOeSX2WOdVzQUmSnJxeqimk9axtfxhAw12vubx5aRiaSpvARGW8Kayk5kj69Vyj8o0RTogKpfMw74fDuUhg7MRF5i58Pd2QzwTXduSLGKLa2BvUo72GpOC2/G9S0GpPBrHf9WFhbPSUIzGGKH4nrqwQDRWcgkYtm+twSi5F2NjuFKf9MtpCZODiIYxyS/QpNKfNhZ39vJxuPQDTjMv5QBuBOKrh5vAdKONdBQvarni6l5Tms0aO1kd2NATXr3+Rw8T+kqjlewWUYSGY5McRVXcy2f8pum3+erPjDotpfjjlH2GoVFKbGFTNY6REfcSmKNzrIVmu3/DfgMUGhsUpgHiafBL4wbZyrPLHWg4aGUdecUbLmo+GMzeV8cbBsV+ymq75BFkgjZ9aLHZV0yO0RZonFhnGDM7b4O493kul5H/1vnYpyTOE0DeDDCRzKypjGiBetKjTELb3zM/IhIgFZS2umI3AsLV2lQbVi/dYXCA0On9AR7x/7+jTYmAhPJKCtW8WYr5x8XZEChZlX4XhZ7HH7tJauyrb1WVSeXVnthMcAuFWMFYbLKJUqZ6Lgo9uWVDvnL0cB9/+yHo1RO8zo/cBjTkkWIY/bf02PjdmeXQp5I1M66IWJoYkZCDjcvm+audP/VheexMUOplGzULHsRK80it0QY8cT9z2L59nDDZJ2vJNMdbQzNGqzw5IKqOQ8zjn9Fpv5MTkYogpsymdLtk5JXrfvBk1LrPATdw3h70/3V762MkG5zdOIwgm6pIvdja/oV10i36L+7fkvn7/cre5vf1tL+aJH9WrjKj+m7W+b3114E9rxPc3RvmuVQmEaXvMlEiwCdEPy6M60t//8sG1PO8Q1KtdsU/SnE6kT9sN2JexfSM10RmU1+jTDtfnuWOvOwpRbVITzSdJHYy7z8WbLhMFiIMtPaHWRmwO+ivPigyQhAlDYCraEWx+HuO9TNc0WMu+vssP+V2tSzKgKbiDHLXLnsU8bQl3YUSmpkqUhcybgsyg402UGN2LvtVu6dQDfwWqBuPTn7FuUbtqtCBbe0bT8EKpuliTDANyH88rVxANcnFpSzlC0Nx2HPZbCHeHtye9s8/i7iP2GkbyyHFdjMutdK+L2cDItifS83lJoGBUxtMQ8DDAOb81eL4+dMbqf1070+sGMYcB8GebCYficRq4drlMKg9BBp4C3iYybVvP0ldd5JpY9DVIEB03Zz5nCsyncJhAfJkU2G0bbwdEhOMf8oHCDCsV5U8mnBJJewZ8Ugti1FRGDSvQm62FwtEnvcT2ePsSlm7p+kOROy8nIHL7/mY9b+6OiSYKvc4suM2S4Ls6Ux4mo49F6KW5IcYYrg5j8HnSjbD2PLqtXtVRm+G4IjrwfehNdVoc9OZVc+5Z1mGuCM51yw78OsRwnN0gxEZKiI5RKO5imfFRSJI0XrZ6fIN/5MWKynPMYre8VNlzuPkIGfH1cgMN+iwxAl0Q9kXmGuNcsxyjcInQe/MPlLoMFEU6DIfOv9S6fnxaXTkRd3n5+XrY2amM8jclmeKvwhRgUdA9EQ4VEW4U5/OL8uFw8eo6uDfP9r5BblTYihrk9qzCotoSnueBgY5YuRE5q7eQgmh2icArTb2gJPH/+wy9ghRTZNhw7fJnj/r9Z/LUH665nzbcwYb+dvgV5Wi7dc+zQ9YFwKtaGOPsLHxPlyMk+u/hvAAAA///1JdgD" + return "eJzsWktv48gRvvtX1M27gIeLXOcQwJDHGyPrwGsrEyAXod1dEjtudjP9kKL59UG/KD5l2aInWWB0svn46mNVddXXRX6CF9x/hg2tLwAstwI/w69KbQTCQijH4EEQu1a6gp9+XTz8fAHA0FDNa8uV/Ax/vgAAuFfMCYS10lASyQSXGxBqY2CtVdWBKy4A1hwFM5/DnZ9Akgqzff+z+9r/r5XLR0YM+t9tgBmaCJaLdFnbVtseQ2O5JB6z4NJYIik2F42ROELE/+7WYEtsw4KKh6iSEmk4siMGCHy9B6EoschAyXCJIRXC14fFVQfSltxE/sAN1Kp2Ity047b0IJk2MLSEC1PAnQQCTyXRyDxcB40queYbpwO3K6i1+hdSu+IMqNIaTa0kM2BVIJTOgi2JBbWTxh/twGXjV+CMI0Ls44Og3nLa3F+0bukHoh2MA5nO6RyGF9zvlO6fOxKMEJCbHID8MFRJS7j0uekPf70vLkbZaNxwJedj8hjwMptJs9+UxPmM/lNJHDU5tgC2Nf1D5f7DAiTandIvs+e+z/fIvVTG/rETeVvTlf9rPi7e8z6WJadlsu3jo2r0vpWbCSLGPad4zcznqQE+lVZDSTlNcc7SHxHfk/kh2zuQP6r+j6r/IVU/pf08Bf+7ZPyPWv+j1offybW+z4g4xu056Z43Gkp39xkBuLPbgNGcyUS84YvTvHHUF8t9HRKkRm33xYgh4myJ0nIaFsGKy7Uasdv3wCtWrzug4EF1FfUjDJfy5KLhkvKaiBVWhIv5smNZIgRIIIxpNCYvpJYvkIEzqKEiL3k9afy3Q2N7T9D2o9Lc7lcGBVKr9LyEG3zI+GBqpHzNkcHzvs1Q6SvgayByX8Cd9RkvlYWNI5pIi8hgYCDUt1hKks9jXRZC7ZD5CugMRqHd8Oj4oeeFb0eTiWhN9m9LpgaznUthlXnWaUErWZyeXKgrbsysbXyZQsB9r7m7vm8ZmUiaTYjIeFN4Vkog6dN7hcI/SrQlalA6xLwTjuAujakTE8la/EK4E5sJrvnOFbFW82dn0YzyHpaK0/K7Qc2rMRssetePhbXVU6LAHKb4kbi+SjBS9AYyuWSmzy2zGGlns1OY8s9kC5mJg4c4xiHbr9CWig07+3s72XgEkhmf8YcyALdKw/XDHVAihIkSsl/1TKmcYPCMAa2N7G+MqEX/Jo+L/yFVLfAKLjehwxeMWOKrLhbbPxU3zT+PTv7uUO8vx5wjXbWKCtPgiluszIiPhJKbNzrIVc9++a8hYIJG67REFiefBH7jxnpXBWKtB40No64Fp+RZjIYzNZfzxcGyXbGbrvoGWaCsmlkvdlTSIbdHmGUWay4sztjibwPeSabnffS/dSrKMYXTNIAPJ3AoK2MaI120qtASv/TOz8j7hATkWTk7HYFjaekrDeoV77e+SGhw+ISOePfQ16fRxkR4EgHj/CpGtvLydUU2KO28CifI4oDbp7X0Vbatz5Ly7MpqLzwGwK1irDFeRqnSjMuNGN225No5fzmKuP+X9WiM2mFGHwYec0qyBHnc/mt6bMz27FIoGJnSQS9cDk3MQMDj9n3TzJ3+t7rwJC5uMI2ahYrjJ3qlUeyWWDeeuO9ZPE8BbpC0451kqqOdoVGbHZbSQJUQac4Zttg8jMnBEr3Bpny2ZOuU5PX7bjC0xAo/Cd8Q/v54dxVqK5dUOJZHFF7QZV3sb3xFv5oSxRbNL09/+fLb7eru5pdnpV7MqF5tXBXGtP1t87sLb0Y7vqc52ned1ihtw2u+RIJFhG5IHt2Z9vafH7btaYe4Ru2bbY7+dCJ1wn7YrsT9C6m5KaiqRp9muDbfHWvTWZhqi5oIMUn6aMwVG2+2XFrcDGT5Ca0ucfPAV2lefJAkRAJKV8GWCBfikPZ9uqbFQrH+Kjvsf40hmxlVwTUw3KLwHvu0JtSHHbVWOlsaMucSvsiN4KYs4Frug3bLtw7gO1gtEJ/+gn9L0s34FcHjO5qWH2LVLbJkGICHcF75mniAS1NLKjjK9qbjsMfSuCOiPfmdbR5/m7DfMJLXTuBqTGa9a0XcHE7mJZGfN1iKDaMilpbI4gDj8Nbs9fLYGaOHee1Erx/MGAbMl3EuHIfPeeTa4TqlMAgddAp4m8i4bjXPUHm9Z1LZM6BkdNCUfcY1nk3hJoOEMGmyXnPaDo6JwTnmB41r1CjPm0o+ZpD8Cv6kEKSurYkcVKI3WY+Do3V+jxvwzCEu3dQNgyR/Wk1G5vD9z3zc2h8VTRJ8nVtymSXDdXGmPM5EPY/WS3FLNme4MorJ70E3ydbz6PJ6VStth++G4Mj7oTfR5XXck1MlTGhZh7kmeNM5N8LrECdwcoOUEiErOkKpcoNpykclRdZ4yer5CfKdHyMlyzmP0fpeYS3U7iNkwNeHBXjst8gA9EnUE5lniHvDGSbhlqBZ9I9QuwIWRHoNhjy81rt8elxcehF1efPladnaqI3xtLaY4a3Cb8SipHsgBiokxmlk8JP343LxEDj6Niz2PwNzOm9ELPd7VmlRb4nIc8HBxixfiILUxstBtDtE6RVm2NASePrye1jAGinybTx2+DLH/3+9+GsP1l/Pm29h4n47fwvyuFz659ih7wPxVKoNafYXPyZiKMi+uPhvAAAA//8DXtSp" } diff --git a/x-pack/filebeat/module/gcp/firewall/config/pipeline.js b/x-pack/filebeat/module/gcp/firewall/config/pipeline.js index 5b254cccecc..7bdb322b117 100644 --- a/x-pack/filebeat/module/gcp/firewall/config/pipeline.js +++ b/x-pack/filebeat/module/gcp/firewall/config/pipeline.js @@ -224,12 +224,12 @@ function FirewallProcessor(keep_original_message, debug, internalNetworks) { {from: "json.src_location.region", to: "source.geo.region_name"}, {from: "json.src_location.city", to: "source.geo.city_name"}, - {from: "json.dest_instance", to: "googlecloud.destination.instance"}, - {from: "json.dest_vpc", to: "googlecloud.destination.vpc"}, - {from: "json.src_instance", to: "googlecloud.source.instance"}, - {from: "json.src_vpc", to: "googlecloud.source.vpc"}, + {from: "json.dest_instance", to: "gcp.destination.instance"}, + {from: "json.dest_vpc", to: "gcp.destination.vpc"}, + {from: "json.src_instance", to: "gcp.source.instance"}, + {from: "json.src_vpc", to: "gcp.source.vpc"}, {from: "json.rule_details.reference", to: "rule.name"}, - {from: "json", to: "googlecloud.firewall"}, + {from: "json", to: "gcp.firewall"}, ], mode: "rename", ignore_missing: true, @@ -238,10 +238,10 @@ function FirewallProcessor(keep_original_message, debug, internalNetworks) { // Delete emtpy object's whose fields have been renamed leaving them childless. builder.Add("dropEmptyObjects", function (evt) { - evt.Delete("googlecloud.firewall.connection"); - evt.Delete("googlecloud.firewall.dest_location"); - evt.Delete("googlecloud.firewall.disposition"); - evt.Delete("googlecloud.firewall.src_location"); + evt.Delete("gcp.firewall.connection"); + evt.Delete("gcp.firewall.dest_location"); + evt.Delete("gcp.firewall.disposition"); + evt.Delete("gcp.firewall.src_location"); }); // Copy the source/destination.address to source/destination.ip if they are @@ -260,22 +260,22 @@ function FirewallProcessor(keep_original_message, debug, internalNetworks) { }, EGRESS: new processor.Convert({ fields: [ - {from: "googlecloud.source.instance.project_id", to: "cloud.project.id"}, - {from: "googlecloud.source.instance.vm_name", to: "cloud.instance.name"}, - {from: "googlecloud.source.instance.region", to: "cloud.region"}, - {from: "googlecloud.source.instance.zone", to: "cloud.availability_zone"}, - {from: "googlecloud.source.vpc.subnetwork_name", to: "network.name"} + {from: "gcp.source.instance.project_id", to: "cloud.project.id"}, + {from: "gcp.source.instance.vm_name", to: "cloud.instance.name"}, + {from: "gcp.source.instance.region", to: "cloud.region"}, + {from: "gcp.source.instance.zone", to: "cloud.availability_zone"}, + {from: "gcp.source.vpc.subnetwork_name", to: "network.name"} ], ignore_missing: true }), INGRESS: new processor.Convert({ fields: [ - {from: "googlecloud.destination.instance.project_id", to: "cloud.project.id"}, - {from: "googlecloud.destination.instance.vm_name", to: "cloud.instance.name"}, - {from: "googlecloud.destination.instance.region", to: "cloud.region"}, - {from: "googlecloud.destination.instance.zone", to: "cloud.availability_zone"}, - {from: "googlecloud.destination.vpc.subnetwork_name", to: "network.name"}, + {from: "gcp.destination.instance.project_id", to: "cloud.project.id"}, + {from: "gcp.destination.instance.vm_name", to: "cloud.instance.name"}, + {from: "gcp.destination.instance.region", to: "cloud.region"}, + {from: "gcp.destination.instance.zone", to: "cloud.availability_zone"}, + {from: "gcp.destination.vpc.subnetwork_name", to: "network.name"}, ], ignore_missing: true }) @@ -288,8 +288,8 @@ function FirewallProcessor(keep_original_message, debug, internalNetworks) { })); builder.Add("setInternalDirection", function(event) { - var srcInstance = event.Get("googlecloud.source.instance"); - var destInstance = event.Get("googlecloud.destination.instance"); + var srcInstance = event.Get("gcp.source.instance"); + var destInstance = event.Get("gcp.destination.instance"); if (srcInstance && destInstance) { event.Put("network.direction", "internal"); } diff --git a/x-pack/filebeat/module/gcp/firewall/test/rare.log-expected.json b/x-pack/filebeat/module/gcp/firewall/test/rare.log-expected.json index 1d799e8edbc..28a67d649f9 100644 --- a/x-pack/filebeat/module/gcp/firewall/test/rare.log-expected.json +++ b/x-pack/filebeat/module/gcp/firewall/test/rare.log-expected.json @@ -16,15 +16,15 @@ "denied" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "local-test", - "googlecloud.destination.instance.region": "us-central1", - "googlecloud.destination.instance.zone": "us-central1-a", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "mysubnet", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "local-test", + "gcp.destination.instance.region": "us-central1", + "gcp.destination.instance.zone": "us-central1-a", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "mysubnet", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -33,19 +33,19 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], - "googlecloud.source.instance.project_id": "remote-beats", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "remote-beats", - "googlecloud.source.vpc.subnetwork_name": "mysubnet", - "googlecloud.source.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "remote-beats", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "remote-beats", + "gcp.source.vpc.subnetwork_name": "mysubnet", + "gcp.source.vpc.vpc_name": "default", "input.type": "log", "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", "log.offset": 0, @@ -83,15 +83,15 @@ "denied" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "remote-beats", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "remote-beats", - "googlecloud.destination.vpc.subnetwork_name": "mysubnet", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.direction": "EGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "remote-beats", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "remote-beats", + "gcp.destination.vpc.subnetwork_name": "mysubnet", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.direction": "EGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -100,19 +100,19 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], - "googlecloud.source.instance.project_id": "local-test", - "googlecloud.source.instance.region": "us-central1", - "googlecloud.source.instance.zone": "us-central1-a", - "googlecloud.source.vpc.project_id": "test-beats", - "googlecloud.source.vpc.subnetwork_name": "mysubnet", - "googlecloud.source.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "local-test", + "gcp.source.instance.region": "us-central1", + "gcp.source.instance.zone": "us-central1-a", + "gcp.source.vpc.project_id": "test-beats", + "gcp.source.vpc.subnetwork_name": "mysubnet", + "gcp.source.vpc.vpc_name": "default", "input.type": "log", "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", "log.offset": 1153, diff --git a/x-pack/filebeat/module/gcp/firewall/test/test.log-expected.json b/x-pack/filebeat/module/gcp/firewall/test/test.log-expected.json index 908b2436bd9..eeba0d7268c 100644 --- a/x-pack/filebeat/module/gcp/firewall/test/test.log-expected.json +++ b/x-pack/filebeat/module/gcp/firewall/test/test.log-expected.json @@ -22,26 +22,26 @@ "denied" ], "fileset.name": "firewall", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.destination_range": [ + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.destination_range": [ "8.8.8.0/24" ], - "googlecloud.firewall.rule_details.direction": "EGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.firewall.rule_details.direction": "EGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "ALL" } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], - "googlecloud.source.instance.project_id": "test-beats", - "googlecloud.source.instance.region": "us-central1", - "googlecloud.source.instance.zone": "us-central1-a", - "googlecloud.source.vpc.project_id": "test-beats", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "test-beats", + "gcp.source.instance.region": "us-central1", + "gcp.source.instance.zone": "us-central1-a", + "gcp.source.vpc.project_id": "test-beats", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", "input.type": "log", "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", "log.offset": 0, @@ -82,15 +82,15 @@ "allowed" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "windows-isolated", - "googlecloud.destination.vpc.vpc_name": "windows-isolated", - "googlecloud.firewall.rule_details.action": "ALLOW", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "windows-isolated", + "gcp.destination.vpc.vpc_name": "windows-isolated", + "gcp.firewall.rule_details.action": "ALLOW", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -98,11 +98,11 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "allow-rdp" ], "input.type": "log", @@ -146,15 +146,15 @@ "denied" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-central1", - "googlecloud.destination.instance.zone": "us-central1-a", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-central1", + "gcp.destination.instance.zone": "us-central1-a", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -163,11 +163,11 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], "input.type": "log", @@ -213,15 +213,15 @@ "denied" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-central1", - "googlecloud.destination.instance.zone": "us-central1-a", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-central1", + "gcp.destination.instance.zone": "us-central1-a", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -230,11 +230,11 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], "input.type": "log", @@ -278,15 +278,15 @@ "denied" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-central1", - "googlecloud.destination.instance.zone": "us-central1-a", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-central1", + "gcp.destination.instance.zone": "us-central1-a", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -295,11 +295,11 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], "input.type": "log", @@ -343,15 +343,15 @@ "denied" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-central1", - "googlecloud.destination.instance.zone": "us-central1-a", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-central1", + "gcp.destination.instance.zone": "us-central1-a", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -360,11 +360,11 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], "input.type": "log", @@ -410,15 +410,15 @@ "denied" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-central1", - "googlecloud.destination.instance.zone": "us-central1-a", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-central1", + "gcp.destination.instance.zone": "us-central1-a", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -427,11 +427,11 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], "input.type": "log", @@ -477,15 +477,15 @@ "denied" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-central1", - "googlecloud.destination.instance.zone": "us-central1-a", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-central1", + "gcp.destination.instance.zone": "us-central1-a", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -494,11 +494,11 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], "input.type": "log", @@ -544,15 +544,15 @@ "denied" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-central1", - "googlecloud.destination.instance.zone": "us-central1-a", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-central1", + "gcp.destination.instance.zone": "us-central1-a", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -561,11 +561,11 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], "input.type": "log", @@ -611,15 +611,15 @@ "denied" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-central1", - "googlecloud.destination.instance.zone": "us-central1-a", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-central1", + "gcp.destination.instance.zone": "us-central1-a", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -628,11 +628,11 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], "input.type": "log", @@ -678,15 +678,15 @@ "denied" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-central1", - "googlecloud.destination.instance.zone": "us-central1-a", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-central1", + "gcp.destination.instance.zone": "us-central1-a", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -695,11 +695,11 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], "input.type": "log", @@ -745,15 +745,15 @@ "denied" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-central1", - "googlecloud.destination.instance.zone": "us-central1-a", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-central1", + "gcp.destination.instance.zone": "us-central1-a", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -762,11 +762,11 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], "input.type": "log", @@ -818,26 +818,26 @@ "denied" ], "fileset.name": "firewall", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.destination_range": [ + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.destination_range": [ "8.8.8.0/24" ], - "googlecloud.firewall.rule_details.direction": "EGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.firewall.rule_details.direction": "EGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "ALL" } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], - "googlecloud.source.instance.project_id": "test-beats", - "googlecloud.source.instance.region": "us-central1", - "googlecloud.source.instance.zone": "us-central1-a", - "googlecloud.source.vpc.project_id": "test-beats", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "test-beats", + "gcp.source.instance.region": "us-central1", + "gcp.source.instance.zone": "us-central1-a", + "gcp.source.vpc.project_id": "test-beats", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", "input.type": "log", "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", "log.offset": 12444, @@ -884,26 +884,26 @@ "denied" ], "fileset.name": "firewall", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.destination_range": [ + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.destination_range": [ "8.8.8.0/24" ], - "googlecloud.firewall.rule_details.direction": "EGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.firewall.rule_details.direction": "EGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "ALL" } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], - "googlecloud.source.instance.project_id": "test-beats", - "googlecloud.source.instance.region": "us-central1", - "googlecloud.source.instance.zone": "us-central1-a", - "googlecloud.source.vpc.project_id": "test-beats", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "test-beats", + "gcp.source.instance.region": "us-central1", + "gcp.source.instance.zone": "us-central1-a", + "gcp.source.vpc.project_id": "test-beats", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", "input.type": "log", "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", "log.offset": 13425, @@ -944,15 +944,15 @@ "allowed" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "ALLOW", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "ALLOW", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -960,19 +960,19 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "allow9200" ], - "googlecloud.source.instance.project_id": "test-beats", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "test-beats", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "test-beats", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "test-beats", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", "input.type": "log", "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", "log.offset": 14407, @@ -1015,15 +1015,15 @@ "allowed" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "ALLOW", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "ALLOW", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -1031,19 +1031,19 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "allow9200" ], - "googlecloud.source.instance.project_id": "test-beats", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "test-beats", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "test-beats", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "test-beats", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", "input.type": "log", "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", "log.offset": 15594, @@ -1086,15 +1086,15 @@ "allowed" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "windows-isolated", - "googlecloud.destination.vpc.vpc_name": "windows-isolated", - "googlecloud.firewall.rule_details.action": "ALLOW", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "windows-isolated", + "gcp.destination.vpc.vpc_name": "windows-isolated", + "gcp.firewall.rule_details.action": "ALLOW", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -1102,11 +1102,11 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "allow-rdp" ], "input.type": "log", @@ -1152,15 +1152,15 @@ "allowed" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "ALLOW", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "ALLOW", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -1168,19 +1168,19 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "allow9200" ], - "googlecloud.source.instance.project_id": "test-beats", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "test-beats", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "test-beats", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "test-beats", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", "input.type": "log", "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", "log.offset": 17858, @@ -1223,15 +1223,15 @@ "allowed" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "ALLOW", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "ALLOW", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -1239,19 +1239,19 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "allow9200" ], - "googlecloud.source.instance.project_id": "test-beats", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "test-beats", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "test-beats", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "test-beats", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", "input.type": "log", "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", "log.offset": 19045, @@ -1294,15 +1294,15 @@ "denied" ], "fileset.name": "firewall", - "googlecloud.destination.instance.project_id": "test-beats", - "googlecloud.destination.instance.region": "us-central1", - "googlecloud.destination.instance.zone": "us-central1-a", - "googlecloud.destination.vpc.project_id": "test-beats", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.firewall.rule_details.action": "DENY", - "googlecloud.firewall.rule_details.direction": "INGRESS", - "googlecloud.firewall.rule_details.ip_port_info": [ + "gcp.destination.instance.project_id": "test-beats", + "gcp.destination.instance.region": "us-central1", + "gcp.destination.instance.zone": "us-central1-a", + "gcp.destination.vpc.project_id": "test-beats", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.firewall.rule_details.action": "DENY", + "gcp.firewall.rule_details.direction": "INGRESS", + "gcp.firewall.rule_details.ip_port_info": [ { "ip_protocol": "TCP", "port_range": [ @@ -1311,19 +1311,19 @@ ] } ], - "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.source_range": [ + "gcp.firewall.rule_details.priority": 1000, + "gcp.firewall.rule_details.source_range": [ "0.0.0.0/0" ], - "googlecloud.firewall.rule_details.target_tag": [ + "gcp.firewall.rule_details.target_tag": [ "adrian-test" ], - "googlecloud.source.instance.project_id": "test-beats", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "test-beats", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "test-beats", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "test-beats", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", "input.type": "log", "log.logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall", "log.offset": 20231, diff --git a/x-pack/filebeat/module/gcp/vpcflow/config/pipeline.js b/x-pack/filebeat/module/gcp/vpcflow/config/pipeline.js index c619f888474..0320e44d713 100644 --- a/x-pack/filebeat/module/gcp/vpcflow/config/pipeline.js +++ b/x-pack/filebeat/module/gcp/vpcflow/config/pipeline.js @@ -96,13 +96,13 @@ function VPCFlow(keep_original_message, internalNetworks) { {from: "json.src_location.region", to: "source.geo.region_name"}, {from: "json.src_location.city", to: "source.geo.city_name"}, - {from: "json.dest_instance", to: "googlecloud.destination.instance"}, - {from: "json.dest_vpc", to: "googlecloud.destination.vpc"}, - {from: "json.src_instance", to: "googlecloud.source.instance"}, - {from: "json.src_vpc", to: "googlecloud.source.vpc"}, + {from: "json.dest_instance", to: "gcp.destination.instance"}, + {from: "json.dest_vpc", to: "gcp.destination.vpc"}, + {from: "json.src_instance", to: "gcp.source.instance"}, + {from: "json.src_vpc", to: "gcp.source.vpc"}, {from: "json.rtt_msec", to: "json.rtt.ms", type: "long"}, - {from: "json", to: "googlecloud.vpcflow"}, + {from: "json", to: "gcp.vpcflow"}, ], mode: "rename", ignore_missing: true, @@ -110,9 +110,9 @@ function VPCFlow(keep_original_message, internalNetworks) { // Delete emtpy object's whose fields have been renamed leaving them childless. var dropEmptyObjects = function (evt) { - evt.Delete("googlecloud.vpcflow.connection"); - evt.Delete("googlecloud.vpcflow.dest_location"); - evt.Delete("googlecloud.vpcflow.src_location"); + evt.Delete("gcp.vpcflow.connection"); + evt.Delete("gcp.vpcflow.dest_location"); + evt.Delete("gcp.vpcflow.src_location"); }; // Copy the source/destination.address to source/destination.ip if they are @@ -127,22 +127,22 @@ function VPCFlow(keep_original_message, internalNetworks) { var setCloudFromDestInstance = new processor.Convert({ fields: [ - {from: "googlecloud.destination.instance.project_id", to: "cloud.project.id"}, - {from: "googlecloud.destination.instance.vm_name", to: "cloud.instance.name"}, - {from: "googlecloud.destination.instance.region", to: "cloud.region"}, - {from: "googlecloud.destination.instance.zone", to: "cloud.availability_zone"}, - {from: "googlecloud.destination.vpc.subnetwork_name", to: "network.name"}, + {from: "gcp.destination.instance.project_id", to: "cloud.project.id"}, + {from: "gcp.destination.instance.vm_name", to: "cloud.instance.name"}, + {from: "gcp.destination.instance.region", to: "cloud.region"}, + {from: "gcp.destination.instance.zone", to: "cloud.availability_zone"}, + {from: "gcp.destination.vpc.subnetwork_name", to: "network.name"}, ], ignore_missing: true, }); var setCloudFromSrcInstance = new processor.Convert({ fields: [ - {from: "googlecloud.source.instance.project_id", to: "cloud.project.id"}, - {from: "googlecloud.source.instance.vm_name", to: "cloud.instance.name"}, - {from: "googlecloud.source.instance.region", to: "cloud.region"}, - {from: "googlecloud.source.instance.zone", to: "cloud.availability_zone"}, - {from: "googlecloud.source.vpc.subnetwork_name", to: "network.name"}, + {from: "gcp.source.instance.project_id", to: "cloud.project.id"}, + {from: "gcp.source.instance.vm_name", to: "cloud.instance.name"}, + {from: "gcp.source.instance.region", to: "cloud.region"}, + {from: "gcp.source.instance.zone", to: "cloud.availability_zone"}, + {from: "gcp.source.vpc.subnetwork_name", to: "network.name"}, ], ignore_missing: true, }); @@ -150,7 +150,7 @@ function VPCFlow(keep_original_message, internalNetworks) { // Set the cloud metadata fields based on the instance that reported the // event. var setCloudMetadata = function(evt) { - var reporter = evt.Get("googlecloud.vpcflow.reporter"); + var reporter = evt.Get("gcp.vpcflow.reporter"); if (reporter === "DEST") { setCloudFromDestInstance.Run(evt); @@ -190,8 +190,8 @@ function VPCFlow(keep_original_message, internalNetworks) { }; var setNetworkDirection = function(event) { - var srcInstance = event.Get("googlecloud.source.instance"); - var destInstance = event.Get("googlecloud.destination.instance"); + var srcInstance = event.Get("gcp.source.instance"); + var destInstance = event.Get("gcp.destination.instance"); var direction = "unknown"; if (srcInstance && destInstance) { diff --git a/x-pack/filebeat/module/gcp/vpcflow/test/vpc-flow-log-entries.json.log-expected.json b/x-pack/filebeat/module/gcp/vpcflow/test/vpc-flow-log-entries.json.log-expected.json index b9d0250b9be..da74fec40d6 100644 --- a/x-pack/filebeat/module/gcp/vpcflow/test/vpc-flow-log-entries.json.log-expected.json +++ b/x-pack/filebeat/module/gcp/vpcflow/test/vpc-flow-log-entries.json.log-expected.json @@ -19,14 +19,14 @@ "event.start": "2019-06-14T03:45:37.186193305Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 0, @@ -71,20 +71,20 @@ "event.start": "2019-06-14T03:40:08.466657665Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 1, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 934, @@ -135,20 +135,20 @@ "event.start": "2019-06-14T03:40:20.510622432Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 201, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 201, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 2084, @@ -197,13 +197,13 @@ "event.start": "2019-06-14T03:40:45.860349247Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 3237, @@ -250,14 +250,14 @@ "event.start": "2019-06-14T03:40:36.895188084Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 4210, @@ -302,14 +302,14 @@ "event.start": "2019-06-14T03:40:36.895188084Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 5143, @@ -356,20 +356,20 @@ "event.start": "2019-06-14T03:39:59.500498059Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 1, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 6078, @@ -420,20 +420,20 @@ "event.start": "2019-06-14T03:40:08.469099728Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 3, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 3, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 7229, @@ -478,20 +478,20 @@ "event.start": "2019-06-14T03:39:59.500506974Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 1, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 8378, @@ -539,20 +539,20 @@ "event.start": "2019-06-14T03:40:08.469099728Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 3, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 3, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 9529, @@ -600,13 +600,13 @@ "event.start": "2019-06-14T03:40:45.860349247Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 10679, @@ -655,20 +655,20 @@ "event.start": "2019-06-14T03:40:20.510622432Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 201, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 201, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 11654, @@ -716,20 +716,20 @@ "event.start": "2019-06-14T03:40:01.074897435Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 192, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 192, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 12806, @@ -780,20 +780,20 @@ "event.start": "2019-06-14T03:39:59.500498059Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 1, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 13959, @@ -841,20 +841,20 @@ "event.start": "2019-06-14T03:40:08.150720950Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 1, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 15109, @@ -902,20 +902,20 @@ "event.start": "2019-06-14T03:40:08.466657665Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 1, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 16259, @@ -960,14 +960,14 @@ "event.start": "2019-06-14T03:40:17.343890802Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 17408, @@ -1011,14 +1011,14 @@ "event.start": "2019-06-14T03:48:38.961050187Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 18297, @@ -1068,20 +1068,20 @@ "event.start": "2019-06-14T03:39:59.500506974Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 1, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 19233, @@ -1130,14 +1130,14 @@ "event.start": "2019-06-14T03:40:00.560917237Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 220, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 220, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 20383, @@ -1185,20 +1185,20 @@ "event.start": "2019-06-14T03:40:01.074897435Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 192, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 192, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 21370, @@ -1242,14 +1242,14 @@ "event.start": "2019-06-14T03:40:17.306085222Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 22524, @@ -1294,14 +1294,14 @@ "event.start": "2019-06-14T03:45:37.186193305Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 23412, @@ -1351,20 +1351,20 @@ "event.start": "2019-06-14T03:40:05.147252064Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 50, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 50, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 24348, @@ -1409,14 +1409,14 @@ "event.start": "2019-06-14T03:40:00.560917237Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 220, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 220, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 25501, @@ -1465,20 +1465,20 @@ "event.start": "2019-06-14T03:40:08.150720950Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 1, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 26490, @@ -1526,20 +1526,20 @@ "event.start": "2019-06-14T03:40:05.147252064Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 50, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 50, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 27641, @@ -1589,14 +1589,14 @@ "event.start": "2019-06-14T03:48:38.961050187Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 28793, @@ -1641,14 +1641,14 @@ "event.start": "2019-06-14T03:40:46.541094678Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 233, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 233, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 29727, @@ -1700,20 +1700,20 @@ "event.start": "2019-06-14T03:40:06.075811571Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 2, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 2, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 30719, @@ -1758,14 +1758,14 @@ "event.start": "2019-06-14T03:46:20.634435179Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 31870, @@ -1815,20 +1815,20 @@ "event.start": "2019-06-14T03:40:06.075942176Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 311, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 311, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 32809, @@ -1876,20 +1876,20 @@ "event.start": "2019-06-14T03:40:05.566551903Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 216, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 216, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 33964, @@ -1938,14 +1938,14 @@ "event.start": "2019-06-14T03:40:01.270990648Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 87, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 87, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 35119, @@ -1990,20 +1990,20 @@ "event.start": "2019-06-14T03:40:06.075942176Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 311, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 311, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 36107, @@ -2054,20 +2054,20 @@ "event.start": "2019-06-14T03:39:59.711043814Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "windows-isolated", - "googlecloud.destination.vpc.vpc_name": "windows-isolated", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 113, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "windows-isolated", + "gcp.destination.vpc.vpc_name": "windows-isolated", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 113, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 37261, @@ -2114,14 +2114,14 @@ "event.start": "2019-06-14T03:46:11.655143526Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 38440, @@ -2170,14 +2170,14 @@ "event.start": "2019-06-14T03:39:59.843986502Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 219, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 219, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 39374, @@ -2222,20 +2222,20 @@ "event.start": "2019-06-14T03:40:24.790136141Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 0, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 0, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 40363, @@ -2286,20 +2286,20 @@ "event.start": "2019-06-14T03:40:14.031541248Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-central1", - "googlecloud.destination.instance.zone": "us-central1-a", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-central1", + "gcp.destination.instance.zone": "us-central1-a", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 41513, @@ -2344,20 +2344,20 @@ "event.start": "2019-06-14T03:40:06.075811571Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 2, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 2, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 42677, @@ -2408,20 +2408,20 @@ "event.start": "2019-06-14T03:40:24.790136141Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 0, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 0, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 43829, @@ -2466,20 +2466,20 @@ "event.start": "2019-06-14T03:40:05.147072949Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 1, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 44980, @@ -2527,20 +2527,20 @@ "event.start": "2019-06-14T03:40:05.566551903Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 216, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 216, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 46132, @@ -2590,14 +2590,14 @@ "event.start": "2019-06-14T03:46:20.634545217Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 47286, @@ -2646,14 +2646,14 @@ "event.start": "2019-06-14T03:40:00.155378070Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 89, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 89, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 48223, @@ -2698,14 +2698,14 @@ "event.start": "2019-06-14T03:46:11.655143526Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 49211, @@ -2752,14 +2752,14 @@ "event.start": "2019-06-14T03:39:59.843986502Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 219, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 219, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 50147, @@ -2812,14 +2812,14 @@ "event.start": "2019-06-14T03:40:00.565831992Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 86, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 86, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 51137, @@ -2864,20 +2864,20 @@ "event.start": "2019-06-14T03:39:59.711043814Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "windows-isolated", - "googlecloud.source.vpc.vpc_name": "windows-isolated", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 113, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "windows-isolated", + "gcp.source.vpc.vpc_name": "windows-isolated", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 113, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 52125, @@ -2925,20 +2925,20 @@ "event.start": "2019-06-14T03:40:14.031541248Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-central1", - "googlecloud.source.instance.zone": "us-central1-a", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-central1", + "gcp.source.instance.zone": "us-central1-a", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 53305, @@ -2989,20 +2989,20 @@ "event.start": "2019-06-14T03:39:58.492572765Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 144, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 144, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 54470, @@ -3047,14 +3047,14 @@ "event.start": "2019-06-14T03:40:00.565831992Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 86, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 86, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 55625, @@ -3103,14 +3103,14 @@ "event.start": "2019-06-14T03:40:01.270990648Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 87, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 87, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 56614, @@ -3159,14 +3159,14 @@ "event.start": "2019-06-14T03:40:20.454046087Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 57603, @@ -3215,14 +3215,14 @@ "event.start": "2019-06-14T03:40:20.454046087Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 58539, @@ -3271,14 +3271,14 @@ "event.start": "2019-06-14T03:40:46.541094678Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 233, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 233, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 59473, @@ -3323,20 +3323,20 @@ "event.start": "2019-06-14T03:39:58.492572765Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 144, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 144, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 60463, @@ -3387,20 +3387,20 @@ "event.start": "2019-06-14T03:40:05.147072949Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 1, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 61617, @@ -3445,14 +3445,14 @@ "event.start": "2019-06-14T03:40:00.155378070Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 89, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 89, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 62768, @@ -3501,14 +3501,14 @@ "event.start": "2019-06-14T03:46:51.237256499Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 63757, @@ -3555,14 +3555,14 @@ "event.start": "2019-06-14T03:45:50.954948790Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 64693, @@ -3609,20 +3609,20 @@ "event.start": "2019-06-14T03:40:02.143837873Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 224, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 224, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 65631, @@ -3672,14 +3672,14 @@ "event.start": "2019-06-14T03:45:50.954948790Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 66784, @@ -3724,14 +3724,14 @@ "event.start": "2019-06-14T03:42:40.779893091Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 67720, @@ -3778,20 +3778,20 @@ "event.start": "2019-06-14T03:40:06.075756033Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 2, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 2, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 68656, @@ -3841,14 +3841,14 @@ "event.start": "2019-06-14T03:42:11.063146265Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 69807, @@ -3896,20 +3896,20 @@ "event.start": "2019-06-14T03:40:00.140119099Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 1, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 70741, @@ -3957,20 +3957,20 @@ "event.start": "2019-06-14T03:39:59.500498059Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 15, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 15, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 71891, @@ -4015,20 +4015,20 @@ "event.start": "2019-06-14T03:40:08.469473010Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 230, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 230, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 73042, @@ -4079,20 +4079,20 @@ "event.start": "2019-06-14T03:40:02.143837873Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 224, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 224, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 74194, @@ -4139,14 +4139,14 @@ "event.start": "2019-06-14T03:43:50.703302550Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 43, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 43, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 75348, @@ -4191,20 +4191,20 @@ "event.start": "2019-06-14T03:40:08.458515996Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 253, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 253, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 76282, @@ -4252,14 +4252,14 @@ "event.start": "2019-06-14T03:44:40.125336665Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 77435, @@ -4306,20 +4306,20 @@ "event.start": "2019-06-14T03:39:59.500498059Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 15, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 15, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 78373, @@ -4367,14 +4367,14 @@ "event.start": "2019-06-14T03:43:50.703302550Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 43, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 43, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 79525, @@ -4421,14 +4421,14 @@ "event.start": "2019-06-14T03:42:11.063146265Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 80461, @@ -4477,14 +4477,14 @@ "event.start": "2019-06-14T03:46:37.712749588Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 81397, @@ -4531,14 +4531,14 @@ "event.start": "2019-06-14T03:46:51.237256499Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 82331, @@ -4585,14 +4585,14 @@ "event.start": "2019-06-14T03:44:40.125336665Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 83265, @@ -4637,14 +4637,14 @@ "event.start": "2019-06-14T03:48:50.642206049Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 84201, @@ -4693,14 +4693,14 @@ "event.start": "2019-06-14T03:49:36.865198297Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 85139, @@ -4748,20 +4748,20 @@ "event.start": "2019-06-14T03:40:06.075756033Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 2, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 2, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 86073, @@ -4809,20 +4809,20 @@ "event.start": "2019-06-14T03:39:59.500418290Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 16, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 16, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 87223, @@ -4867,14 +4867,14 @@ "event.start": "2019-06-14T03:49:36.865198297Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 88374, @@ -4921,20 +4921,20 @@ "event.start": "2019-06-14T03:39:59.500418290Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 16, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 16, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 89310, @@ -4984,14 +4984,14 @@ "event.start": "2019-06-14T03:48:50.642206049Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 90462, @@ -5038,14 +5038,14 @@ "event.start": "2019-06-14T03:42:40.779893091Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 91398, @@ -5090,14 +5090,14 @@ "event.start": "2019-06-14T03:46:37.712749588Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 92332, @@ -5144,20 +5144,20 @@ "event.start": "2019-06-14T03:40:00.140119099Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 1, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 1, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 93268, @@ -5208,20 +5208,20 @@ "event.start": "2019-06-14T03:40:08.469473010Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 230, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 230, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 94419, @@ -5269,20 +5269,20 @@ "event.start": "2019-06-14T03:40:08.458515996Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 253, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 253, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 95572, @@ -5330,20 +5330,20 @@ "event.start": "2019-06-14T03:40:05.147151100Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 109, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 109, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 96724, @@ -5391,20 +5391,20 @@ "event.start": "2019-06-14T03:40:00.762958327Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-central1", - "googlecloud.destination.instance.zone": "us-central1-a", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-central1", + "gcp.destination.instance.zone": "us-central1-a", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 97878, @@ -5452,20 +5452,20 @@ "event.start": "2019-06-14T03:40:08.150481417Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 194, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 194, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 99041, @@ -5510,20 +5510,20 @@ "event.start": "2019-06-14T03:40:06.075859688Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 11, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 11, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 100195, @@ -5571,20 +5571,20 @@ "event.start": "2019-06-14T03:40:00.762958327Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-central1", - "googlecloud.source.instance.zone": "us-central1-a", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 36, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-central1", + "gcp.source.instance.zone": "us-central1-a", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 36, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 101347, @@ -5635,20 +5635,20 @@ "event.start": "2019-06-14T03:40:20.513551480Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "SRC", - "googlecloud.vpcflow.rtt.ms": 142, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "SRC", + "gcp.vpcflow.rtt.ms": 142, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 102512, @@ -5693,20 +5693,20 @@ "event.start": "2019-06-14T03:40:08.480430427Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 201, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 201, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 103665, @@ -5754,20 +5754,20 @@ "event.start": "2019-06-14T03:40:05.147151100Z", "event.type": "connection", "fileset.name": "vpcflow", - "googlecloud.destination.instance.project_id": "my-sample-project", - "googlecloud.destination.instance.region": "us-east1", - "googlecloud.destination.instance.zone": "us-east1-b", - "googlecloud.destination.vpc.project_id": "my-sample-project", - "googlecloud.destination.vpc.subnetwork_name": "default", - "googlecloud.destination.vpc.vpc_name": "default", - "googlecloud.source.instance.project_id": "my-sample-project", - "googlecloud.source.instance.region": "us-east1", - "googlecloud.source.instance.zone": "us-east1-b", - "googlecloud.source.vpc.project_id": "my-sample-project", - "googlecloud.source.vpc.subnetwork_name": "default", - "googlecloud.source.vpc.vpc_name": "default", - "googlecloud.vpcflow.reporter": "DEST", - "googlecloud.vpcflow.rtt.ms": 109, + "gcp.destination.instance.project_id": "my-sample-project", + "gcp.destination.instance.region": "us-east1", + "gcp.destination.instance.zone": "us-east1-b", + "gcp.destination.vpc.project_id": "my-sample-project", + "gcp.destination.vpc.subnetwork_name": "default", + "gcp.destination.vpc.vpc_name": "default", + "gcp.source.instance.project_id": "my-sample-project", + "gcp.source.instance.region": "us-east1", + "gcp.source.instance.zone": "us-east1-b", + "gcp.source.vpc.project_id": "my-sample-project", + "gcp.source.vpc.subnetwork_name": "default", + "gcp.source.vpc.vpc_name": "default", + "gcp.vpcflow.reporter": "DEST", + "gcp.vpcflow.rtt.ms": 109, "input.type": "log", "log.logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows", "log.offset": 104817,