diff --git a/README.md b/README.md index 077e76735..5952f75d1 100644 --- a/README.md +++ b/README.md @@ -126,7 +126,7 @@ For details on how to create a new package, review the [HOWTO guide](https://git _Context: global_ -Use this command as a exploratory tool to dump assets relevant for the package. +Use this command as an exploratory tool to dump resources from Elastic Stack (objects installed as part of package and agent policies). ### `elastic-package export` diff --git a/cmd/dump.go b/cmd/dump.go index 9c9285905..000fb9bd6 100644 --- a/cmd/dump.go +++ b/cmd/dump.go @@ -5,44 +5,65 @@ package cmd import ( + "fmt" + "github.com/pkg/errors" "github.com/spf13/cobra" "github.com/elastic/elastic-package/internal/cobraext" "github.com/elastic/elastic-package/internal/dump" "github.com/elastic/elastic-package/internal/elasticsearch" + "github.com/elastic/elastic-package/internal/kibana" ) -const dumpLongDescription = `Use this command as a exploratory tool to dump assets relevant for the package.` +const dumpLongDescription = `Use this command as an exploratory tool to dump resources from Elastic Stack (objects installed as part of package and agent policies).` const dumpInstalledObjectsLongDescription = `Use this command to dump objects installed by Fleet as part of a package. -Use this command as a exploratory tool to dump objects as they are installed by Fleet when installing a package. Dumped objects are stored in files as they are returned by APIs of the stack, without any processing.` +Use this command as an exploratory tool to dump objects as they are installed by Fleet when installing a package. Dumped objects are stored in files as they are returned by APIs of the stack, without any processing.` + +const dumpAgentPoliciesLongDescription = `Use this command to dump agent policies created by Fleet as part of a package installation. + +Use this command as an exploratory tool to dump agent policies as they are created by Fleet when installing a package. Dumped agent policies are stored in files as they are returned by APIs of the stack, without any processing. + +If no flag is provided, by default this command dumps all agent policies created by Fleet. + +If --package flag is provided, this command dumps all agent policies that the given package has been assigned to it.` func setupDumpCommand() *cobraext.Command { dumpInstalledObjectsCmd := &cobra.Command{ Use: "installed-objects", Short: "Dump objects installed in the stack", Long: dumpInstalledObjectsLongDescription, - RunE: dumpInstalledObjectsCmd, + RunE: dumpInstalledObjectsCmdAction, } dumpInstalledObjectsCmd.Flags().Bool(cobraext.TLSSkipVerifyFlagName, false, cobraext.TLSSkipVerifyFlagDescription) + dumpInstalledObjectsCmd.Flags().StringP(cobraext.PackageFlagName, cobraext.PackageFlagShorthand, "", cobraext.PackageFlagDescription) + dumpInstalledObjectsCmd.MarkFlagRequired(cobraext.PackageFlagName) + + dumpAgentPoliciesCmd := &cobra.Command{ + Use: "agent-policies", + Short: "Dump agent policies defined in the stack", + Long: dumpAgentPoliciesLongDescription, + RunE: dumpAgentPoliciesCmdAction, + } + dumpAgentPoliciesCmd.Flags().StringP(cobraext.AgentPolicyFlagName, "", "", cobraext.AgentPolicyDescription) + dumpAgentPoliciesCmd.Flags().StringP(cobraext.PackageFlagName, cobraext.PackageFlagShorthand, "", cobraext.PackageFlagDescription) cmd := &cobra.Command{ Use: "dump", Short: "Dump package assets", Long: dumpLongDescription, } - cmd.PersistentFlags().StringP(cobraext.PackageFlagName, cobraext.PackageFlagShorthand, "", cobraext.PackageFlagDescription) - cmd.MarkFlagRequired(cobraext.PackageFlagName) cmd.PersistentFlags().StringP(cobraext.DumpOutputFlagName, "o", "package-dump", cobraext.DumpOutputFlagDescription) cmd.AddCommand(dumpInstalledObjectsCmd) + cmd.AddCommand(dumpAgentPoliciesCmd) return cobraext.NewCommand(cmd, cobraext.ContextGlobal) } -func dumpInstalledObjectsCmd(cmd *cobra.Command, args []string) error { +func dumpInstalledObjectsCmdAction(cmd *cobra.Command, args []string) error { packageName, err := cmd.Flags().GetString(cobraext.PackageFlagName) if err != nil { return cobraext.FlagParsingError(err, cobraext.PackageFlagName) @@ -76,3 +97,66 @@ func dumpInstalledObjectsCmd(cmd *cobra.Command, args []string) error { cmd.Printf("Dumped %d installed objects for package %s to %s\n", n, packageName, outputPath) return nil } + +func dumpAgentPoliciesCmdAction(cmd *cobra.Command, args []string) error { + packageName, err := cmd.Flags().GetString(cobraext.PackageFlagName) + if err != nil { + return cobraext.FlagParsingError(err, cobraext.PackageFlagName) + } + + agentPolicy, err := cmd.Flags().GetString(cobraext.AgentPolicyFlagName) + if err != nil { + return cobraext.FlagParsingError(err, cobraext.AgentPolicyFlagName) + } + + outputPath, err := cmd.Flags().GetString(cobraext.DumpOutputFlagName) + if err != nil { + return cobraext.FlagParsingError(err, cobraext.DumpOutputFlagName) + } + + tlsSkipVerify, _ := cmd.Flags().GetBool(cobraext.TLSSkipVerifyFlagName) + + var clientOptions []kibana.ClientOption + if tlsSkipVerify { + clientOptions = append(clientOptions, kibana.TLSSkipVerify()) + } + kibanaClient, err := kibana.NewClient(clientOptions...) + if err != nil { + return errors.Wrap(err, "failed to initialize Kibana client") + } + + switch { + case agentPolicy != "" && packageName != "": + return fmt.Errorf("agent-policy and package parameters cannot be set at the same time") + case agentPolicy != "": + dumper := dump.NewAgentPoliciesDumper(kibanaClient) + err = dumper.DumpByName(cmd.Context(), outputPath, agentPolicy) + if err != nil { + return errors.Wrap(err, "dump failed") + } + cmd.Printf("Dumped agent policy %s to %s\n", agentPolicy, outputPath) + case packageName != "": + dumper := dump.NewAgentPoliciesDumper(kibanaClient) + count, err := dumper.DumpByPackage(cmd.Context(), outputPath, packageName) + if err != nil { + return errors.Wrap(err, "dump failed") + } + if count != 0 { + cmd.Printf("Dumped %d agent policies filtering by package name %s to %s\n", count, packageName, outputPath) + } else { + cmd.Printf("No agent policies were found filtering by package name %s\n", packageName) + } + default: + dumper := dump.NewAgentPoliciesDumper(kibanaClient) + count, err := dumper.DumpAll(cmd.Context(), outputPath) + if err != nil { + return errors.Wrap(err, "dump failed") + } + if count != 0 { + cmd.Printf("Dumped %d agent policies to %s\n", count, outputPath) + } else { + cmd.Printf("No agent policies were found\n") + } + } + return nil +} diff --git a/internal/cobraext/flags.go b/internal/cobraext/flags.go index 401bf5af1..9a6aad5cf 100644 --- a/internal/cobraext/flags.go +++ b/internal/cobraext/flags.go @@ -23,6 +23,9 @@ const ( // Flag names and descriptions used by CLI commands const ( + AgentPolicyFlagName = "agent-policy" + AgentPolicyDescription = "name of the agent policy" + BuildZipFlagName = "zip" BuildZipFlagDescription = "archive the built package" diff --git a/internal/dump/agentpolicies.go b/internal/dump/agentpolicies.go new file mode 100644 index 000000000..579360bfd --- /dev/null +++ b/internal/dump/agentpolicies.go @@ -0,0 +1,150 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package dump + +import ( + "context" + "encoding/json" + "fmt" + "path/filepath" + + "github.com/elastic/elastic-package/internal/common" + "github.com/elastic/elastic-package/internal/kibana" +) + +const AgentPoliciesDumpDir = "agent_policies" + +// AgentPoliciesDumper discovers and dumps agent policies in Fleet +type AgentPoliciesDumper struct { + client *kibana.Client +} + +type AgentPolicy struct { + name string + raw json.RawMessage +} + +func (p AgentPolicy) Name() string { + return p.name +} + +func (p AgentPolicy) JSON() []byte { + return p.raw +} + +// NewAgentPoliciesDumper creates an AgentPoliciesDumper +func NewAgentPoliciesDumper(client *kibana.Client) *AgentPoliciesDumper { + return &AgentPoliciesDumper{ + client: client, + } +} + +func (d *AgentPoliciesDumper) getAgentPolicy(ctx context.Context, name string) (*AgentPolicy, error) { + policy, err := d.client.GetRawPolicy(name) + if err != nil { + return nil, err + } + return &AgentPolicy{name: name, raw: policy}, nil +} + +func (d *AgentPoliciesDumper) DumpByName(ctx context.Context, dir, name string) error { + agentPolicy, err := d.getAgentPolicy(ctx, name) + if err != nil { + return fmt.Errorf("failed to get agent policy: %w", err) + } + + dir = filepath.Join(dir, AgentPoliciesDumpDir) + err = dumpJSONResource(dir, agentPolicy) + if err != nil { + return fmt.Errorf("failed to dump agent policy %s: %w", agentPolicy.Name(), err) + } + return nil +} + +func (d *AgentPoliciesDumper) getAllAgentPolicies(ctx context.Context) ([]AgentPolicy, error) { + return d.getAgentPoliciesFilteredByPackage(ctx, "") +} + +type packagePolicy struct { + ID string `json:"id"` + Name string `json:"name"` + Package struct { + Name string `json:"name"` + Title string `json:"title"` + Version string `json:"version"` + } `json:"package"` +} + +func getPackagesUsingAgentPolicy(packagePolicies []packagePolicy) []string { + var packageNames []string + for _, packagePolicy := range packagePolicies { + packageNames = append(packageNames, packagePolicy.Package.Name) + } + return packageNames +} + +func (d *AgentPoliciesDumper) getAgentPoliciesFilteredByPackage(ctx context.Context, packageName string) ([]AgentPolicy, error) { + rawPolicies, err := d.client.ListRawPolicies() + + if err != nil { + return nil, err + } + + var policyPackages struct { + ID string `json:"id"` + PackagePolicies []packagePolicy `json:"package_policies"` + } + + var policies []AgentPolicy + + for _, policy := range rawPolicies { + err = json.Unmarshal(policy, &policyPackages) + if err != nil { + return nil, fmt.Errorf("failed to get Agent Policy ID: %w", err) + } + if packageName != "" { + packageNames := getPackagesUsingAgentPolicy(policyPackages.PackagePolicies) + if !common.StringSliceContains(packageNames, packageName) { + continue + } + } + + agentPolicy := AgentPolicy{name: policyPackages.ID, raw: policy} + policies = append(policies, agentPolicy) + } + return policies, nil +} + +func (d *AgentPoliciesDumper) DumpAll(ctx context.Context, dir string) (count int, err error) { + agentPolicies, err := d.getAllAgentPolicies(ctx) + if err != nil { + return 0, fmt.Errorf("failed to get agent policy: %w", err) + } + + dir = filepath.Join(dir, AgentPoliciesDumpDir) + for _, agentPolicy := range agentPolicies { + err := dumpJSONResource(dir, agentPolicy) + if err != nil { + return 0, fmt.Errorf("failed to dump agent policy %s: %w", agentPolicy.Name(), err) + } + } + return len(agentPolicies), nil +} + +func (d *AgentPoliciesDumper) DumpByPackage(ctx context.Context, dir, packageName string) (count int, err error) { + agentPolicies, err := d.getAgentPoliciesFilteredByPackage(ctx, packageName) + if err != nil { + return 0, fmt.Errorf("failed to get agent policy: %w", err) + } + + dir = filepath.Join(dir, AgentPoliciesDumpDir) + for _, agentPolicy := range agentPolicies { + err := dumpJSONResource(dir, agentPolicy) + if err != nil { + return 0, fmt.Errorf("failed to dump agent policy %s: %w", agentPolicy.Name(), err) + } + } + return len(agentPolicies), nil +} diff --git a/internal/dump/agentpolicies_test.go b/internal/dump/agentpolicies_test.go new file mode 100644 index 000000000..d60f105ab --- /dev/null +++ b/internal/dump/agentpolicies_test.go @@ -0,0 +1,161 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package dump + +import ( + "context" + "errors" + "os" + "testing" + + "github.com/stretchr/testify/suite" + + "github.com/elastic/elastic-package/internal/kibana" +) + +func TestDumpAgentPolicies(t *testing.T) { + // Files for each suite are recorded automatically on first test run. + // To add a new suite: + // - Configure it here. + // - Add the needed agent policies or add new integrations in new or existing agent policies in a running stack. + // - Configure environment variables for this stack (eval "$(elastic-package stack shellinit)"). + // - Run tests. + // - Check that recorded files make sense and commit them. + suites := []*agentPoliciesDumpSuite{ + &agentPoliciesDumpSuite{ + AgentPolicy: "499b5aa7-d214-5b5d-838b-3cd76469844e", + PackageName: "nginx", + RecordDir: "./testdata/fleet-7-mock-dump-all", + DumpDirAll: "./testdata/fleet-7-dump/all", + DumpDirPackage: "./testdata/fleet-7-dump/package", + DumpDirAgentPolicy: "./testdata/fleet-7-dump/agentpolicy", + }, + &agentPoliciesDumpSuite{ + AgentPolicy: "fleet-server-policy", + PackageName: "nginx", + RecordDir: "./testdata/fleet-8-mock-dump-all", + DumpDirAll: "./testdata/fleet-8-dump/all", + DumpDirPackage: "./testdata/fleet-8-dump/package", + DumpDirAgentPolicy: "./testdata/fleet-8-dump/agentpolicy", + }, + } + + for _, s := range suites { + suite.Run(t, s) + } +} + +type agentPoliciesDumpSuite struct { + suite.Suite + + // PackageName is the name of the package to filter agent policies. + AgentPolicy string + + // AgentPolicy is the name of the agent policy to look for. + PackageName string + + // RecordDir is where responses from Kibana are recorded. + RecordDir string + + // DumpDirAll is where the expected dumped files are stored when looking for all agent policies. + DumpDirAll string + + // DumpDirPackage is where the expected dumped files are stored when filtering by package the agent policies. + DumpDirPackage string + + // DumpDirAgentPolicy is where the expected dumped files are stored when looking for a specific agent policy. + DumpDirAgentPolicy string +} + +func (s *agentPoliciesDumpSuite) SetupTest() { + _, err := os.Stat(s.DumpDirAll) + if errors.Is(err, os.ErrNotExist) { + client, err := kibana.NewClient() + s.Require().NoError(err) + + dumper := NewAgentPoliciesDumper(client) + n, err := dumper.DumpAll(context.Background(), s.DumpDirAll) + s.Require().NoError(err) + s.Require().Greater(n, 0) + } else { + s.Require().NoError(err) + } + + _, err = os.Stat(s.DumpDirPackage) + if errors.Is(err, os.ErrNotExist) { + client, err := kibana.NewClient() + s.Require().NoError(err) + + dumper := NewAgentPoliciesDumper(client) + n, err := dumper.DumpByPackage(context.Background(), s.DumpDirPackage, s.PackageName) + s.Require().NoError(err) + s.Require().Greater(n, 0) + } else { + s.Require().NoError(err) + } + + _, err = os.Stat(s.DumpDirAgentPolicy) + if errors.Is(err, os.ErrNotExist) { + client, err := kibana.NewClient() + s.Require().NoError(err) + + dumper := NewAgentPoliciesDumper(client) + err = dumper.DumpByName(context.Background(), s.DumpDirAgentPolicy, s.AgentPolicy) + s.Require().NoError(err) + } else { + s.Require().NoError(err) + } +} + +func (s *agentPoliciesDumpSuite) TestDumpAll() { + client := kibana.NewTestClient(s.T(), s.RecordDir) + + outputDir := s.T().TempDir() + dumper := NewAgentPoliciesDumper(client) + n, err := dumper.DumpAll(context.Background(), outputDir) + s.Require().NoError(err) + + filesExpected := countFiles(s.T(), s.DumpDirAll) + s.Assert().Equal(filesExpected, n) + + filesFound := countFiles(s.T(), outputDir) + s.Assert().Equal(filesExpected, filesFound) + + assertEqualDumps(s.T(), s.DumpDirAll, outputDir) +} + +func (s *agentPoliciesDumpSuite) TestDumpByPackage() { + client := kibana.NewTestClient(s.T(), s.RecordDir) + + outputDir := s.T().TempDir() + dumper := NewAgentPoliciesDumper(client) + n, err := dumper.DumpByPackage(context.Background(), outputDir, s.PackageName) + s.Require().NoError(err) + + filesExpected := countFiles(s.T(), s.DumpDirPackage) + s.Assert().Equal(filesExpected, n) + + filesFound := countFiles(s.T(), outputDir) + s.Assert().Equal(filesExpected, filesFound) + + assertEqualDumps(s.T(), s.DumpDirPackage, outputDir) +} + +func (s *agentPoliciesDumpSuite) TestDumpByName() { + client := kibana.NewTestClient(s.T(), s.RecordDir) + + outputDir := s.T().TempDir() + dumper := NewAgentPoliciesDumper(client) + err := dumper.DumpByName(context.Background(), outputDir, s.AgentPolicy) + s.Require().NoError(err) + + filesExpected := countFiles(s.T(), s.DumpDirAgentPolicy) + s.Assert().Equal(filesExpected, 1) + + filesFound := countFiles(s.T(), outputDir) + s.Assert().Equal(filesExpected, filesFound) + + assertEqualDumps(s.T(), s.DumpDirAgentPolicy, outputDir) +} diff --git a/internal/dump/installedobjects.go b/internal/dump/installedobjects.go index c3f099410..5bbcf9f78 100644 --- a/internal/dump/installedobjects.go +++ b/internal/dump/installedobjects.go @@ -5,12 +5,8 @@ package dump import ( - "bytes" "context" - "encoding/json" "fmt" - "io/ioutil" - "os" "path/filepath" "github.com/elastic/elastic-package/internal/common" @@ -72,36 +68,6 @@ func (e *InstalledObjectsDumper) DumpAll(ctx context.Context, dir string) (count return count, nil } -type DumpableInstalledObject interface { - Name() string - JSON() []byte -} - -func dumpInstalledObject(dir string, object DumpableInstalledObject) error { - if err := os.MkdirAll(dir, 0755); err != nil { - return fmt.Errorf("failed to create dump directory: %w", err) - } - formatted, err := formatJSON(object.JSON()) - if err != nil { - return fmt.Errorf("failed to format JSON object: %w", err) - } - path := filepath.Join(dir, object.Name()+".json") - err = ioutil.WriteFile(path, formatted, 0644) - if err != nil { - return fmt.Errorf("failed to dump object to file: %w", err) - } - return nil -} - -func formatJSON(in []byte) ([]byte, error) { - var buf bytes.Buffer - err := json.Indent(&buf, in, "", " ") - if err != nil { - return nil, err - } - return buf.Bytes(), nil -} - func (e *InstalledObjectsDumper) dumpIndexTemplates(ctx context.Context, dir string) (count int, err error) { indexTemplates, err := e.getIndexTemplates(ctx) if err != nil { @@ -110,7 +76,7 @@ func (e *InstalledObjectsDumper) dumpIndexTemplates(ctx context.Context, dir str dir = filepath.Join(dir, IndexTemplatesDumpDir) for i, t := range indexTemplates { - err := dumpInstalledObject(dir, t) + err := dumpJSONResource(dir, t) if err != nil { return i, fmt.Errorf("failed to dump index template %s: %w", t.Name(), err) } @@ -138,7 +104,7 @@ func (e *InstalledObjectsDumper) dumpComponentTemplates(ctx context.Context, dir dir = filepath.Join(dir, ComponentTemplatesDumpDir) for i, t := range componentTemplates { - err := dumpInstalledObject(dir, t) + err := dumpJSONResource(dir, t) if err != nil { return i, fmt.Errorf("failed to dump component template %s: %w", t.Name(), err) } @@ -187,7 +153,7 @@ func (e *InstalledObjectsDumper) dumpILMPolicies(ctx context.Context, dir string dir = filepath.Join(dir, ILMPoliciesDumpDir) for i, t := range ilmPolicies { - err := dumpInstalledObject(dir, t) + err := dumpJSONResource(dir, t) if err != nil { return i, fmt.Errorf("failed to dump ILM policy %s: %w", t.Name(), err) } @@ -231,7 +197,7 @@ func (e *InstalledObjectsDumper) dumpIngestPipelines(ctx context.Context, dir st dir = filepath.Join(dir, IngestPipelinesDumpDir) for i, t := range ingestPipelines { - err := dumpInstalledObject(dir, t) + err := dumpJSONResource(dir, t) if err != nil { return i, fmt.Errorf("failed to dump ingest pipeline %s: %w", t.Name(), err) } diff --git a/internal/dump/json.go b/internal/dump/json.go new file mode 100644 index 000000000..c655a2b19 --- /dev/null +++ b/internal/dump/json.go @@ -0,0 +1,44 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package dump + +import ( + "bytes" + "encoding/json" + "fmt" + "io/ioutil" + "os" + "path/filepath" +) + +type DumpableJSONResource interface { + Name() string + JSON() []byte +} + +func dumpJSONResource(dir string, object DumpableJSONResource) error { + if err := os.MkdirAll(dir, 0755); err != nil { + return fmt.Errorf("failed to create dump directory: %w", err) + } + formatted, err := formatJSON(object.JSON()) + if err != nil { + return fmt.Errorf("failed to format JSON object: %w", err) + } + path := filepath.Join(dir, object.Name()+".json") + err = ioutil.WriteFile(path, formatted, 0644) + if err != nil { + return fmt.Errorf("failed to dump object to file: %w", err) + } + return nil +} + +func formatJSON(in []byte) ([]byte, error) { + var buf bytes.Buffer + err := json.Indent(&buf, in, "", " ") + if err != nil { + return nil, err + } + return buf.Bytes(), nil +} diff --git a/internal/dump/testdata/fleet-7-dump/agentpolicy/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e.json b/internal/dump/testdata/fleet-7-dump/agentpolicy/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e.json new file mode 100644 index 000000000..e76912f49 --- /dev/null +++ b/internal/dump/testdata/fleet-7-dump/agentpolicy/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e.json @@ -0,0 +1,77 @@ +{ + "id": "499b5aa7-d214-5b5d-838b-3cd76469844e", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "name": "Default Fleet Server policy", + "description": "Default Fleet Server agent policy created by Kibana", + "is_default": false, + "is_default_fleet_server": true, + "is_preconfigured": true, + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T19:19:42.793Z", + "updated_by": "system", + "package_policies": [ + { + "id": "default-fleet-server-agent-policy", + "version": "WzYxOSwxXQ==", + "name": "fleet_server-1", + "namespace": "default", + "package": { + "name": "fleet_server", + "title": "Fleet Server", + "version": "1.2.0" + }, + "enabled": true, + "policy_id": "499b5aa7-d214-5b5d-838b-3cd76469844e", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "fleet-server", + "policy_template": "fleet_server", + "enabled": true, + "streams": [], + "vars": { + "host": { + "value": [ + "0.0.0.0" + ], + "type": "text" + }, + "port": { + "value": [ + 8220 + ], + "type": "integer" + }, + "max_agents": { + "type": "integer" + }, + "max_connections": { + "type": "integer" + }, + "custom": { + "value": "", + "type": "yaml" + } + }, + "compiled_input": { + "server": { + "port": 8220, + "host": "0.0.0.0" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T19:19:41.976Z", + "created_by": "system", + "updated_at": "2022-06-27T19:19:41.976Z", + "updated_by": "system" + } + ] +} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-dump/all/agent_policies/2016d7cc-135e-5583-9758-3ba01f5a06e5.json b/internal/dump/testdata/fleet-7-dump/all/agent_policies/2016d7cc-135e-5583-9758-3ba01f5a06e5.json new file mode 100644 index 000000000..006683e24 --- /dev/null +++ b/internal/dump/testdata/fleet-7-dump/all/agent_policies/2016d7cc-135e-5583-9758-3ba01f5a06e5.json @@ -0,0 +1,676 @@ +{ + "id": "2016d7cc-135e-5583-9758-3ba01f5a06e5", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "name": "Default policy", + "description": "Default agent policy created by Kibana", + "is_default": true, + "is_preconfigured": true, + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T19:19:39.755Z", + "updated_by": "system", + "package_policies": [ + { + "id": "default-system-policy", + "version": "WzYxNywxXQ==", + "name": "system-1", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.11.0" + }, + "enabled": true, + "policy_id": "2016d7cc-135e-5583-9758-3ba01f5a06e5", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-default-system-policy", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-default-system-policy", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-default-system-policy", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-default-system-policy", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-default-system-policy", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-default-system-policy" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-default-system-policy", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-default-system-policy", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-default-system-policy", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-default-system-policy", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-default-system-policy", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-default-system-policy", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-default-system-policy", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-default-system-policy", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-default-system-policy", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-default-system-policy", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-default-system-policy", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-default-system-policy" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-default-system-policy" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-default-system-policy" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T19:19:38.837Z", + "created_by": "system", + "updated_at": "2022-06-27T19:19:38.837Z", + "updated_by": "system" + } + ], + "agents": 1 +} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-dump/all/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e.json b/internal/dump/testdata/fleet-7-dump/all/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e.json new file mode 100644 index 000000000..8a268d4b8 --- /dev/null +++ b/internal/dump/testdata/fleet-7-dump/all/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e.json @@ -0,0 +1,78 @@ +{ + "id": "499b5aa7-d214-5b5d-838b-3cd76469844e", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "name": "Default Fleet Server policy", + "description": "Default Fleet Server agent policy created by Kibana", + "is_default": false, + "is_default_fleet_server": true, + "is_preconfigured": true, + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T19:19:42.793Z", + "updated_by": "system", + "package_policies": [ + { + "id": "default-fleet-server-agent-policy", + "version": "WzYxOSwxXQ==", + "name": "fleet_server-1", + "namespace": "default", + "package": { + "name": "fleet_server", + "title": "Fleet Server", + "version": "1.2.0" + }, + "enabled": true, + "policy_id": "499b5aa7-d214-5b5d-838b-3cd76469844e", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "fleet-server", + "policy_template": "fleet_server", + "enabled": true, + "streams": [], + "vars": { + "host": { + "value": [ + "0.0.0.0" + ], + "type": "text" + }, + "port": { + "value": [ + 8220 + ], + "type": "integer" + }, + "max_agents": { + "type": "integer" + }, + "max_connections": { + "type": "integer" + }, + "custom": { + "value": "", + "type": "yaml" + } + }, + "compiled_input": { + "server": { + "port": 8220, + "host": "0.0.0.0" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T19:19:41.976Z", + "created_by": "system", + "updated_at": "2022-06-27T19:19:41.976Z", + "updated_by": "system" + } + ], + "agents": 1 +} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-dump/all/agent_policies/b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json b/internal/dump/testdata/fleet-7-dump/all/agent_policies/b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json new file mode 100644 index 000000000..9dfdad45e --- /dev/null +++ b/internal/dump/testdata/fleet-7-dump/all/agent_policies/b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json @@ -0,0 +1,931 @@ +{ + "id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", + "name": "HTTP servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T19:24:39.501Z", + "updated_by": "elastic", + "package_policies": [ + { + "id": "7a0e17cf-e39e-4846-911d-c1e4322ff358", + "version": "Wzg4OSwxXQ==", + "name": "system-2", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.11.0" + }, + "enabled": true, + "policy_id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-7a0e17cf-e39e-4846-911d-c1e4322ff358" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T19:24:09.017Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:24:09.017Z", + "updated_by": "elastic" + }, + { + "id": "95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "version": "Wzk5NSwxXQ==", + "name": "nginx-http-servers-test", + "description": "", + "namespace": "default", + "policy_id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", + "enabled": true, + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + }, + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" + } + }, + "id": "nginx/metrics-nginx.stubstatus-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } + } + ], + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.3.2" + }, + "revision": 1, + "created_at": "2022-06-27T19:24:38.498Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:24:38.498Z", + "updated_by": "elastic" + } + ], + "agents": 0 +} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-dump/all/agent_policies/edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json b/internal/dump/testdata/fleet-7-dump/all/agent_policies/edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json new file mode 100644 index 000000000..3accc582b --- /dev/null +++ b/internal/dump/testdata/fleet-7-dump/all/agent_policies/edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json @@ -0,0 +1,931 @@ +{ + "id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", + "name": "Load Balancers Servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T19:26:16.891Z", + "updated_by": "elastic", + "package_policies": [ + { + "id": "0483a039-2f91-4d47-b43c-4623cadd5f27", + "version": "WzEyNTcsMV0=", + "name": "system-3", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.11.0" + }, + "enabled": true, + "policy_id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-0483a039-2f91-4d47-b43c-4623cadd5f27" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T19:25:42.095Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:25:42.095Z", + "updated_by": "elastic" + }, + { + "id": "c864461b-b8d3-48e0-b477-7954434078b5", + "version": "WzE1MTgsMV0=", + "name": "nginx-load-balancers-testt", + "description": "", + "namespace": "default", + "policy_id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", + "enabled": true, + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + }, + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" + } + }, + "id": "nginx/metrics-nginx.stubstatus-c864461b-b8d3-48e0-b477-7954434078b5", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } + } + ], + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.3.2" + }, + "revision": 1, + "created_at": "2022-06-27T19:26:16.169Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:26:16.169Z", + "updated_by": "elastic" + } + ], + "agents": 0 +} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-dump/package/agent_policies/b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json b/internal/dump/testdata/fleet-7-dump/package/agent_policies/b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json new file mode 100644 index 000000000..9dfdad45e --- /dev/null +++ b/internal/dump/testdata/fleet-7-dump/package/agent_policies/b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json @@ -0,0 +1,931 @@ +{ + "id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", + "name": "HTTP servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T19:24:39.501Z", + "updated_by": "elastic", + "package_policies": [ + { + "id": "7a0e17cf-e39e-4846-911d-c1e4322ff358", + "version": "Wzg4OSwxXQ==", + "name": "system-2", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.11.0" + }, + "enabled": true, + "policy_id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-7a0e17cf-e39e-4846-911d-c1e4322ff358" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T19:24:09.017Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:24:09.017Z", + "updated_by": "elastic" + }, + { + "id": "95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "version": "Wzk5NSwxXQ==", + "name": "nginx-http-servers-test", + "description": "", + "namespace": "default", + "policy_id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", + "enabled": true, + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + }, + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" + } + }, + "id": "nginx/metrics-nginx.stubstatus-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } + } + ], + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.3.2" + }, + "revision": 1, + "created_at": "2022-06-27T19:24:38.498Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:24:38.498Z", + "updated_by": "elastic" + } + ], + "agents": 0 +} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-dump/package/agent_policies/edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json b/internal/dump/testdata/fleet-7-dump/package/agent_policies/edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json new file mode 100644 index 000000000..3accc582b --- /dev/null +++ b/internal/dump/testdata/fleet-7-dump/package/agent_policies/edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json @@ -0,0 +1,931 @@ +{ + "id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", + "name": "Load Balancers Servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T19:26:16.891Z", + "updated_by": "elastic", + "package_policies": [ + { + "id": "0483a039-2f91-4d47-b43c-4623cadd5f27", + "version": "WzEyNTcsMV0=", + "name": "system-3", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.11.0" + }, + "enabled": true, + "policy_id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-0483a039-2f91-4d47-b43c-4623cadd5f27" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T19:25:42.095Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:25:42.095Z", + "updated_by": "elastic" + }, + { + "id": "c864461b-b8d3-48e0-b477-7954434078b5", + "version": "WzE1MTgsMV0=", + "name": "nginx-load-balancers-testt", + "description": "", + "namespace": "default", + "policy_id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", + "enabled": true, + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + }, + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" + } + }, + "id": "nginx/metrics-nginx.stubstatus-c864461b-b8d3-48e0-b477-7954434078b5", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } + } + ], + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.3.2" + }, + "revision": 1, + "created_at": "2022-06-27T19:26:16.169Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:26:16.169Z", + "updated_by": "elastic" + } + ], + "agents": 0 +} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-mock-dump-all/api-fleet-agent_policies-499b5aa7-d214-5b5d-838b-3cd76469844e.json b/internal/dump/testdata/fleet-7-mock-dump-all/api-fleet-agent_policies-499b5aa7-d214-5b5d-838b-3cd76469844e.json new file mode 100644 index 000000000..629734ee4 --- /dev/null +++ b/internal/dump/testdata/fleet-7-mock-dump-all/api-fleet-agent_policies-499b5aa7-d214-5b5d-838b-3cd76469844e.json @@ -0,0 +1 @@ +{"item":{"id":"499b5aa7-d214-5b5d-838b-3cd76469844e","namespace":"default","monitoring_enabled":["logs","metrics"],"name":"Default Fleet Server policy","description":"Default Fleet Server agent policy created by Kibana","is_default":false,"is_default_fleet_server":true,"is_preconfigured":true,"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T19:19:42.793Z","updated_by":"system","package_policies":[{"id":"default-fleet-server-agent-policy","version":"WzYxOSwxXQ==","name":"fleet_server-1","namespace":"default","package":{"name":"fleet_server","title":"Fleet Server","version":"1.2.0"},"enabled":true,"policy_id":"499b5aa7-d214-5b5d-838b-3cd76469844e","output_id":"fleet-default-output","inputs":[{"type":"fleet-server","policy_template":"fleet_server","enabled":true,"streams":[],"vars":{"host":{"value":["0.0.0.0"],"type":"text"},"port":{"value":[8220],"type":"integer"},"max_agents":{"type":"integer"},"max_connections":{"type":"integer"},"custom":{"value":"","type":"yaml"}},"compiled_input":{"server":{"port":8220,"host":"0.0.0.0"}}}],"revision":1,"created_at":"2022-06-27T19:19:41.976Z","created_by":"system","updated_at":"2022-06-27T19:19:41.976Z","updated_by":"system"}]}} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-mock-dump-all/api-fleet-agent_policies.full=true.page=1.json b/internal/dump/testdata/fleet-7-mock-dump-all/api-fleet-agent_policies.full=true.page=1.json new file mode 100644 index 000000000..61c779910 --- /dev/null +++ b/internal/dump/testdata/fleet-7-mock-dump-all/api-fleet-agent_policies.full=true.page=1.json @@ -0,0 +1 @@ +{"items":[{"id":"edf437d0-f64e-11ec-acb0-0b2e9206fdb0","name":"Load Balancers Servers","description":"","namespace":"default","monitoring_enabled":["logs","metrics"],"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T19:26:16.891Z","updated_by":"elastic","package_policies":[{"id":"0483a039-2f91-4d47-b43c-4623cadd5f27","version":"WzEyNTcsMV0=","name":"system-3","namespace":"default","package":{"name":"system","title":"System","version":"1.11.0"},"enabled":true,"policy_id":"edf437d0-f64e-11ec-acb0-0b2e9206fdb0","output_id":"fleet-default-output","inputs":[{"type":"logfile","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.auth"},"vars":{"paths":{"value":["/var/log/auth.log*","/var/log/secure*"],"type":"text"}},"id":"logfile-system.auth-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"paths":["/var/log/auth.log*","/var/log/secure*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.syslog"},"vars":{"paths":{"value":["/var/log/messages*","/var/log/syslog*"],"type":"text"}},"id":"logfile-system.syslog-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"paths":["/var/log/messages*","/var/log/syslog*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"winlog","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"name":"Application","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"name":"Security","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"name":"System","condition":"${host.platform} == 'windows'","ignore_older":"72h"}}]},{"type":"system/metrics","policy_template":"system","enabled":true,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"system.core"},"vars":{"period":{"value":"10s","type":"text"},"core.metrics":{"value":["percentages"],"type":"text"}},"id":"system/metrics-system.core-0483a039-2f91-4d47-b43c-4623cadd5f27"},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.cpu"},"vars":{"period":{"value":"10s","type":"text"},"cpu.metrics":{"value":["percentages","normalized_percentages"],"type":"text"}},"id":"system/metrics-system.cpu-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["cpu"],"cpu.metrics":["percentages","normalized_percentages"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.diskio"},"vars":{"period":{"value":"10s","type":"text"},"diskio.include_devices":{"value":[],"type":"text"}},"id":"system/metrics-system.diskio-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["diskio"],"diskio.include_devices":null,"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.filesystem"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"},"filesystem.ignore_types":{"value":[],"type":"text"}},"id":"system/metrics-system.filesystem-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["filesystem"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.filesystem.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.fsstat"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"}},"id":"system/metrics-system.fsstat-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["fsstat"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.fsstat.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.load"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.load-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["load"],"condition":"${host.platform} != 'windows'","period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.memory"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.memory-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["memory"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.network"},"vars":{"period":{"value":"10s","type":"text"},"network.interfaces":{"value":[],"type":"text"}},"id":"system/metrics-system.network-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["network"],"period":"10s","network.interfaces":null}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process"},"vars":{"period":{"value":"10s","type":"text"},"process.include_top_n.by_cpu":{"value":5,"type":"integer"},"process.include_top_n.by_memory":{"value":5,"type":"integer"},"process.cmdline.cache.enabled":{"value":true,"type":"bool"},"process.cgroups.enabled":{"value":false,"type":"bool"},"process.env.whitelist":{"value":[],"type":"text"},"process.include_cpu_ticks":{"value":false,"type":"bool"},"processes":{"value":[".*"],"type":"text"}},"id":"system/metrics-system.process-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["process"],"period":"10s","process.include_top_n.by_cpu":5,"process.include_top_n.by_memory":5,"process.cmdline.cache.enabled":true,"process.cgroups.enabled":false,"process.include_cpu_ticks":false,"processes":[".*"]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process.summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.process.summary-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["process_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.socket_summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.socket_summary-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["socket_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.uptime"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.uptime-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["uptime"],"period":"10s"}}],"vars":{"system.hostfs":{"type":"text"}}},{"type":"httpjson","policy_template":"system","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Application\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Security\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:System\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"preserve_original_event":{"value":false,"type":"bool"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}}],"revision":1,"created_at":"2022-06-27T19:25:42.095Z","created_by":"elastic","updated_at":"2022-06-27T19:25:42.095Z","updated_by":"elastic"},{"id":"c864461b-b8d3-48e0-b477-7954434078b5","version":"WzE1MTgsMV0=","name":"nginx-load-balancers-testt","description":"","namespace":"default","policy_id":"edf437d0-f64e-11ec-acb0-0b2e9206fdb0","enabled":true,"output_id":"","inputs":[{"type":"logfile","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"paths":{"value":["/var/log/nginx/access.log*"],"type":"text"},"tags":{"value":["nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5","compiled_stream":{"paths":["/var/log/nginx/access.log*"],"tags":["nginx-access"],"exclude_files":[".gz$"],"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"paths":{"value":["/var/log/nginx/error.log*"],"type":"text"},"tags":{"value":["nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5","compiled_stream":{"paths":["/var/log/nginx/error.log*"],"tags":["nginx-error"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\d{4}\\/\\d{2}\\/\\d{2} ","negate":true,"match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"httpjson","policy_template":"nginx","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:access","type":"text"},"tags":{"value":["forwarded","nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5"},{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:error","type":"text"},"tags":{"value":["forwarded","nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}},{"type":"nginx/metrics","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"nginx.stubstatus"},"vars":{"period":{"value":"10s","type":"text"},"server_status_path":{"value":"/nginx_status","type":"text"}},"id":"nginx/metrics-nginx.stubstatus-c864461b-b8d3-48e0-b477-7954434078b5","compiled_stream":{"metricsets":["stubstatus"],"hosts":["http://127.0.0.1:80"],"period":"10s","server_status_path":"/nginx_status"}}],"vars":{"hosts":{"value":["http://127.0.0.1:80"],"type":"text"}}}],"package":{"name":"nginx","title":"Nginx","version":"1.3.2"},"revision":1,"created_at":"2022-06-27T19:26:16.169Z","created_by":"elastic","updated_at":"2022-06-27T19:26:16.169Z","updated_by":"elastic"}],"agents":0},{"id":"b57023b0-f64e-11ec-acb0-0b2e9206fdb0","name":"HTTP servers","description":"","namespace":"default","monitoring_enabled":["logs","metrics"],"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T19:24:39.501Z","updated_by":"elastic","package_policies":[{"id":"7a0e17cf-e39e-4846-911d-c1e4322ff358","version":"Wzg4OSwxXQ==","name":"system-2","namespace":"default","package":{"name":"system","title":"System","version":"1.11.0"},"enabled":true,"policy_id":"b57023b0-f64e-11ec-acb0-0b2e9206fdb0","output_id":"fleet-default-output","inputs":[{"type":"logfile","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.auth"},"vars":{"paths":{"value":["/var/log/auth.log*","/var/log/secure*"],"type":"text"}},"id":"logfile-system.auth-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"paths":["/var/log/auth.log*","/var/log/secure*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.syslog"},"vars":{"paths":{"value":["/var/log/messages*","/var/log/syslog*"],"type":"text"}},"id":"logfile-system.syslog-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"paths":["/var/log/messages*","/var/log/syslog*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"winlog","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"name":"Application","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"name":"Security","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"name":"System","condition":"${host.platform} == 'windows'","ignore_older":"72h"}}]},{"type":"system/metrics","policy_template":"system","enabled":true,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"system.core"},"vars":{"period":{"value":"10s","type":"text"},"core.metrics":{"value":["percentages"],"type":"text"}},"id":"system/metrics-system.core-7a0e17cf-e39e-4846-911d-c1e4322ff358"},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.cpu"},"vars":{"period":{"value":"10s","type":"text"},"cpu.metrics":{"value":["percentages","normalized_percentages"],"type":"text"}},"id":"system/metrics-system.cpu-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["cpu"],"cpu.metrics":["percentages","normalized_percentages"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.diskio"},"vars":{"period":{"value":"10s","type":"text"},"diskio.include_devices":{"value":[],"type":"text"}},"id":"system/metrics-system.diskio-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["diskio"],"diskio.include_devices":null,"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.filesystem"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"},"filesystem.ignore_types":{"value":[],"type":"text"}},"id":"system/metrics-system.filesystem-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["filesystem"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.filesystem.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.fsstat"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"}},"id":"system/metrics-system.fsstat-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["fsstat"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.fsstat.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.load"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.load-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["load"],"condition":"${host.platform} != 'windows'","period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.memory"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.memory-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["memory"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.network"},"vars":{"period":{"value":"10s","type":"text"},"network.interfaces":{"value":[],"type":"text"}},"id":"system/metrics-system.network-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["network"],"period":"10s","network.interfaces":null}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process"},"vars":{"period":{"value":"10s","type":"text"},"process.include_top_n.by_cpu":{"value":5,"type":"integer"},"process.include_top_n.by_memory":{"value":5,"type":"integer"},"process.cmdline.cache.enabled":{"value":true,"type":"bool"},"process.cgroups.enabled":{"value":false,"type":"bool"},"process.env.whitelist":{"value":[],"type":"text"},"process.include_cpu_ticks":{"value":false,"type":"bool"},"processes":{"value":[".*"],"type":"text"}},"id":"system/metrics-system.process-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["process"],"period":"10s","process.include_top_n.by_cpu":5,"process.include_top_n.by_memory":5,"process.cmdline.cache.enabled":true,"process.cgroups.enabled":false,"process.include_cpu_ticks":false,"processes":[".*"]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process.summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.process.summary-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["process_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.socket_summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.socket_summary-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["socket_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.uptime"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.uptime-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["uptime"],"period":"10s"}}],"vars":{"system.hostfs":{"type":"text"}}},{"type":"httpjson","policy_template":"system","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Application\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Security\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:System\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"preserve_original_event":{"value":false,"type":"bool"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}}],"revision":1,"created_at":"2022-06-27T19:24:09.017Z","created_by":"elastic","updated_at":"2022-06-27T19:24:09.017Z","updated_by":"elastic"},{"id":"95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4","version":"Wzk5NSwxXQ==","name":"nginx-http-servers-test","description":"","namespace":"default","policy_id":"b57023b0-f64e-11ec-acb0-0b2e9206fdb0","enabled":true,"output_id":"","inputs":[{"type":"logfile","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"paths":{"value":["/var/log/nginx/access.log*"],"type":"text"},"tags":{"value":["nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4","compiled_stream":{"paths":["/var/log/nginx/access.log*"],"tags":["nginx-access"],"exclude_files":[".gz$"],"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"paths":{"value":["/var/log/nginx/error.log*"],"type":"text"},"tags":{"value":["nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4","compiled_stream":{"paths":["/var/log/nginx/error.log*"],"tags":["nginx-error"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\d{4}\\/\\d{2}\\/\\d{2} ","negate":true,"match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"httpjson","policy_template":"nginx","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:access","type":"text"},"tags":{"value":["forwarded","nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4"},{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:error","type":"text"},"tags":{"value":["forwarded","nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}},{"type":"nginx/metrics","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"nginx.stubstatus"},"vars":{"period":{"value":"10s","type":"text"},"server_status_path":{"value":"/nginx_status","type":"text"}},"id":"nginx/metrics-nginx.stubstatus-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4","compiled_stream":{"metricsets":["stubstatus"],"hosts":["http://127.0.0.1:80"],"period":"10s","server_status_path":"/nginx_status"}}],"vars":{"hosts":{"value":["http://127.0.0.1:80"],"type":"text"}}}],"package":{"name":"nginx","title":"Nginx","version":"1.3.2"},"revision":1,"created_at":"2022-06-27T19:24:38.498Z","created_by":"elastic","updated_at":"2022-06-27T19:24:38.498Z","updated_by":"elastic"}],"agents":0},{"id":"499b5aa7-d214-5b5d-838b-3cd76469844e","namespace":"default","monitoring_enabled":["logs","metrics"],"name":"Default Fleet Server policy","description":"Default Fleet Server agent policy created by Kibana","is_default":false,"is_default_fleet_server":true,"is_preconfigured":true,"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T19:19:42.793Z","updated_by":"system","package_policies":[{"id":"default-fleet-server-agent-policy","version":"WzYxOSwxXQ==","name":"fleet_server-1","namespace":"default","package":{"name":"fleet_server","title":"Fleet Server","version":"1.2.0"},"enabled":true,"policy_id":"499b5aa7-d214-5b5d-838b-3cd76469844e","output_id":"fleet-default-output","inputs":[{"type":"fleet-server","policy_template":"fleet_server","enabled":true,"streams":[],"vars":{"host":{"value":["0.0.0.0"],"type":"text"},"port":{"value":[8220],"type":"integer"},"max_agents":{"type":"integer"},"max_connections":{"type":"integer"},"custom":{"value":"","type":"yaml"}},"compiled_input":{"server":{"port":8220,"host":"0.0.0.0"}}}],"revision":1,"created_at":"2022-06-27T19:19:41.976Z","created_by":"system","updated_at":"2022-06-27T19:19:41.976Z","updated_by":"system"}],"agents":1},{"id":"2016d7cc-135e-5583-9758-3ba01f5a06e5","namespace":"default","monitoring_enabled":["logs","metrics"],"name":"Default policy","description":"Default agent policy created by Kibana","is_default":true,"is_preconfigured":true,"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T19:19:39.755Z","updated_by":"system","package_policies":[{"id":"default-system-policy","version":"WzYxNywxXQ==","name":"system-1","namespace":"default","package":{"name":"system","title":"System","version":"1.11.0"},"enabled":true,"policy_id":"2016d7cc-135e-5583-9758-3ba01f5a06e5","output_id":"fleet-default-output","inputs":[{"type":"logfile","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.auth"},"vars":{"paths":{"value":["/var/log/auth.log*","/var/log/secure*"],"type":"text"}},"id":"logfile-system.auth-default-system-policy","compiled_stream":{"paths":["/var/log/auth.log*","/var/log/secure*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.syslog"},"vars":{"paths":{"value":["/var/log/messages*","/var/log/syslog*"],"type":"text"}},"id":"logfile-system.syslog-default-system-policy","compiled_stream":{"paths":["/var/log/messages*","/var/log/syslog*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"winlog","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.application-default-system-policy","compiled_stream":{"name":"Application","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.security-default-system-policy","compiled_stream":{"name":"Security","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.system-default-system-policy","compiled_stream":{"name":"System","condition":"${host.platform} == 'windows'","ignore_older":"72h"}}]},{"type":"system/metrics","policy_template":"system","enabled":true,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"system.core"},"vars":{"period":{"value":"10s","type":"text"},"core.metrics":{"value":["percentages"],"type":"text"}},"id":"system/metrics-system.core-default-system-policy"},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.cpu"},"vars":{"period":{"value":"10s","type":"text"},"cpu.metrics":{"value":["percentages","normalized_percentages"],"type":"text"}},"id":"system/metrics-system.cpu-default-system-policy","compiled_stream":{"metricsets":["cpu"],"cpu.metrics":["percentages","normalized_percentages"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.diskio"},"vars":{"period":{"value":"10s","type":"text"},"diskio.include_devices":{"value":[],"type":"text"}},"id":"system/metrics-system.diskio-default-system-policy","compiled_stream":{"metricsets":["diskio"],"diskio.include_devices":null,"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.filesystem"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"},"filesystem.ignore_types":{"value":[],"type":"text"}},"id":"system/metrics-system.filesystem-default-system-policy","compiled_stream":{"metricsets":["filesystem"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.filesystem.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.fsstat"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"}},"id":"system/metrics-system.fsstat-default-system-policy","compiled_stream":{"metricsets":["fsstat"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.fsstat.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.load"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.load-default-system-policy","compiled_stream":{"metricsets":["load"],"condition":"${host.platform} != 'windows'","period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.memory"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.memory-default-system-policy","compiled_stream":{"metricsets":["memory"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.network"},"vars":{"period":{"value":"10s","type":"text"},"network.interfaces":{"value":[],"type":"text"}},"id":"system/metrics-system.network-default-system-policy","compiled_stream":{"metricsets":["network"],"period":"10s","network.interfaces":null}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process"},"vars":{"period":{"value":"10s","type":"text"},"process.include_top_n.by_cpu":{"value":5,"type":"integer"},"process.include_top_n.by_memory":{"value":5,"type":"integer"},"process.cmdline.cache.enabled":{"value":true,"type":"bool"},"process.cgroups.enabled":{"value":false,"type":"bool"},"process.env.whitelist":{"value":[],"type":"text"},"process.include_cpu_ticks":{"value":false,"type":"bool"},"processes":{"value":[".*"],"type":"text"}},"id":"system/metrics-system.process-default-system-policy","compiled_stream":{"metricsets":["process"],"period":"10s","process.include_top_n.by_cpu":5,"process.include_top_n.by_memory":5,"process.cmdline.cache.enabled":true,"process.cgroups.enabled":false,"process.include_cpu_ticks":false,"processes":[".*"]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process.summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.process.summary-default-system-policy","compiled_stream":{"metricsets":["process_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.socket_summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.socket_summary-default-system-policy","compiled_stream":{"metricsets":["socket_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.uptime"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.uptime-default-system-policy","compiled_stream":{"metricsets":["uptime"],"period":"10s"}}],"vars":{"system.hostfs":{"type":"text"}}},{"type":"httpjson","policy_template":"system","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Application\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.application-default-system-policy"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Security\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.security-default-system-policy"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:System\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.system-default-system-policy"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"preserve_original_event":{"value":false,"type":"bool"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}}],"revision":1,"created_at":"2022-06-27T19:19:38.837Z","created_by":"system","updated_at":"2022-06-27T19:19:38.837Z","updated_by":"system"}],"agents":1}],"total":4,"page":1,"perPage":20} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-dump/agentpolicy/agent_policies/fleet-server-policy.json b/internal/dump/testdata/fleet-8-dump/agentpolicy/agent_policies/fleet-server-policy.json new file mode 100644 index 000000000..3f56889e7 --- /dev/null +++ b/internal/dump/testdata/fleet-8-dump/agentpolicy/agent_policies/fleet-server-policy.json @@ -0,0 +1,75 @@ +{ + "id": "fleet-server-policy", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "name": "Fleet Server (elastic-package)", + "is_default_fleet_server": true, + "is_preconfigured": true, + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T15:31:03.382Z", + "updated_by": "system", + "package_policies": [ + { + "id": "default-fleet-server", + "version": "WzYyNCwxXQ==", + "name": "fleet_server-1", + "namespace": "default", + "package": { + "name": "fleet_server", + "title": "Fleet Server", + "version": "1.2.0" + }, + "enabled": true, + "policy_id": "fleet-server-policy", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "fleet-server", + "policy_template": "fleet_server", + "enabled": true, + "streams": [], + "vars": { + "host": { + "value": [ + "0.0.0.0" + ], + "type": "text" + }, + "port": { + "value": [ + 8220 + ], + "type": "integer" + }, + "max_agents": { + "type": "integer" + }, + "max_connections": { + "type": "integer" + }, + "custom": { + "value": "", + "type": "yaml" + } + }, + "compiled_input": { + "server": { + "port": 8220, + "host": "0.0.0.0" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T15:31:03.351Z", + "created_by": "system", + "updated_at": "2022-06-27T15:31:03.351Z", + "updated_by": "system" + } + ] +} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-dump/all/agent_policies/67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json b/internal/dump/testdata/fleet-8-dump/all/agent_policies/67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json new file mode 100644 index 000000000..d2d31e1da --- /dev/null +++ b/internal/dump/testdata/fleet-8-dump/all/agent_policies/67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json @@ -0,0 +1,931 @@ +{ + "id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", + "name": "HTTP servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T15:33:05.252Z", + "updated_by": "elastic", + "package_policies": [ + { + "id": "863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "version": "WzkyMywxXQ==", + "name": "system-2", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.16.2" + }, + "enabled": true, + "policy_id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T15:32:53.484Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:32:53.484Z", + "updated_by": "elastic" + }, + { + "id": "9be915b0-9b9b-45e2-adfc-37f18b64d468", + "version": "WzEwMjIsMV0=", + "name": "nginx-http-servers-test", + "namespace": "default", + "description": "", + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.4.0" + }, + "enabled": true, + "policy_id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + }, + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" + } + }, + "id": "nginx/metrics-nginx.stubstatus-9be915b0-9b9b-45e2-adfc-37f18b64d468", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T15:33:04.248Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:33:04.248Z", + "updated_by": "elastic" + } + ], + "agents": 0 +} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-dump/all/agent_policies/8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json b/internal/dump/testdata/fleet-8-dump/all/agent_policies/8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json new file mode 100644 index 000000000..60cbdaa91 --- /dev/null +++ b/internal/dump/testdata/fleet-8-dump/all/agent_policies/8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json @@ -0,0 +1,931 @@ +{ + "id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", + "name": "Load Balancers Servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T15:33:59.587Z", + "updated_by": "elastic", + "package_policies": [ + { + "id": "a09f2609-9e8b-4b48-998f-ce99340da027", + "version": "WzEzMjAsMV0=", + "name": "system-3", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.16.2" + }, + "enabled": true, + "policy_id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-a09f2609-9e8b-4b48-998f-ce99340da027" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-a09f2609-9e8b-4b48-998f-ce99340da027" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-a09f2609-9e8b-4b48-998f-ce99340da027" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-a09f2609-9e8b-4b48-998f-ce99340da027" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T15:33:55.519Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:33:55.519Z", + "updated_by": "elastic" + }, + { + "id": "46331ee9-90a9-4b1f-b568-98641e9bafc9", + "version": "WzEzMjIsMV0=", + "name": "nginx-load-balancers-test", + "namespace": "default", + "description": "", + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.4.0" + }, + "enabled": true, + "policy_id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + }, + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" + } + }, + "id": "nginx/metrics-nginx.stubstatus-46331ee9-90a9-4b1f-b568-98641e9bafc9", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T15:33:58.606Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:33:58.606Z", + "updated_by": "elastic" + } + ], + "agents": 0 +} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-dump/all/agent_policies/elastic-agent-managed-ep.json b/internal/dump/testdata/fleet-8-dump/all/agent_policies/elastic-agent-managed-ep.json new file mode 100644 index 000000000..ca549c5ee --- /dev/null +++ b/internal/dump/testdata/fleet-8-dump/all/agent_policies/elastic-agent-managed-ep.json @@ -0,0 +1,675 @@ +{ + "id": "elastic-agent-managed-ep", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "name": "Elastic-Agent (elastic-package)", + "is_default": true, + "is_preconfigured": true, + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T15:31:01.360Z", + "updated_by": "system", + "package_policies": [ + { + "id": "default-system", + "version": "WzYyMiwxXQ==", + "name": "system-1", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.16.2" + }, + "enabled": true, + "policy_id": "elastic-agent-managed-ep", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-default-system", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-default-system", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-default-system", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-default-system", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-default-system", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-default-system" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-default-system", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-default-system", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-default-system", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-default-system", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-default-system", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-default-system", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-default-system", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-default-system", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-default-system", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-default-system", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-default-system", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-default-system" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-default-system" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-default-system" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T15:31:00.403Z", + "created_by": "system", + "updated_at": "2022-06-27T15:31:00.403Z", + "updated_by": "system" + } + ], + "agents": 1 +} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-dump/all/agent_policies/fleet-server-policy.json b/internal/dump/testdata/fleet-8-dump/all/agent_policies/fleet-server-policy.json new file mode 100644 index 000000000..c9dcf5bcd --- /dev/null +++ b/internal/dump/testdata/fleet-8-dump/all/agent_policies/fleet-server-policy.json @@ -0,0 +1,76 @@ +{ + "id": "fleet-server-policy", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "name": "Fleet Server (elastic-package)", + "is_default_fleet_server": true, + "is_preconfigured": true, + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T15:31:03.382Z", + "updated_by": "system", + "package_policies": [ + { + "id": "default-fleet-server", + "version": "WzYyNCwxXQ==", + "name": "fleet_server-1", + "namespace": "default", + "package": { + "name": "fleet_server", + "title": "Fleet Server", + "version": "1.2.0" + }, + "enabled": true, + "policy_id": "fleet-server-policy", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "fleet-server", + "policy_template": "fleet_server", + "enabled": true, + "streams": [], + "vars": { + "host": { + "value": [ + "0.0.0.0" + ], + "type": "text" + }, + "port": { + "value": [ + 8220 + ], + "type": "integer" + }, + "max_agents": { + "type": "integer" + }, + "max_connections": { + "type": "integer" + }, + "custom": { + "value": "", + "type": "yaml" + } + }, + "compiled_input": { + "server": { + "port": 8220, + "host": "0.0.0.0" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T15:31:03.351Z", + "created_by": "system", + "updated_at": "2022-06-27T15:31:03.351Z", + "updated_by": "system" + } + ], + "agents": 1 +} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-dump/package/agent_policies/67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json b/internal/dump/testdata/fleet-8-dump/package/agent_policies/67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json new file mode 100644 index 000000000..d2d31e1da --- /dev/null +++ b/internal/dump/testdata/fleet-8-dump/package/agent_policies/67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json @@ -0,0 +1,931 @@ +{ + "id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", + "name": "HTTP servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T15:33:05.252Z", + "updated_by": "elastic", + "package_policies": [ + { + "id": "863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "version": "WzkyMywxXQ==", + "name": "system-2", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.16.2" + }, + "enabled": true, + "policy_id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T15:32:53.484Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:32:53.484Z", + "updated_by": "elastic" + }, + { + "id": "9be915b0-9b9b-45e2-adfc-37f18b64d468", + "version": "WzEwMjIsMV0=", + "name": "nginx-http-servers-test", + "namespace": "default", + "description": "", + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.4.0" + }, + "enabled": true, + "policy_id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + }, + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" + } + }, + "id": "nginx/metrics-nginx.stubstatus-9be915b0-9b9b-45e2-adfc-37f18b64d468", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T15:33:04.248Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:33:04.248Z", + "updated_by": "elastic" + } + ], + "agents": 0 +} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-dump/package/agent_policies/8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json b/internal/dump/testdata/fleet-8-dump/package/agent_policies/8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json new file mode 100644 index 000000000..60cbdaa91 --- /dev/null +++ b/internal/dump/testdata/fleet-8-dump/package/agent_policies/8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json @@ -0,0 +1,931 @@ +{ + "id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", + "name": "Load Balancers Servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T15:33:59.587Z", + "updated_by": "elastic", + "package_policies": [ + { + "id": "a09f2609-9e8b-4b48-998f-ce99340da027", + "version": "WzEzMjAsMV0=", + "name": "system-3", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.16.2" + }, + "enabled": true, + "policy_id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-a09f2609-9e8b-4b48-998f-ce99340da027" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-a09f2609-9e8b-4b48-998f-ce99340da027" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-a09f2609-9e8b-4b48-998f-ce99340da027" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-a09f2609-9e8b-4b48-998f-ce99340da027" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T15:33:55.519Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:33:55.519Z", + "updated_by": "elastic" + }, + { + "id": "46331ee9-90a9-4b1f-b568-98641e9bafc9", + "version": "WzEzMjIsMV0=", + "name": "nginx-load-balancers-test", + "namespace": "default", + "description": "", + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.4.0" + }, + "enabled": true, + "policy_id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + }, + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" + } + }, + "id": "nginx/metrics-nginx.stubstatus-46331ee9-90a9-4b1f-b568-98641e9bafc9", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T15:33:58.606Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:33:58.606Z", + "updated_by": "elastic" + } + ], + "agents": 0 +} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-mock-dump-all/api-fleet-agent_policies-fleet-server-policy.json b/internal/dump/testdata/fleet-8-mock-dump-all/api-fleet-agent_policies-fleet-server-policy.json new file mode 100644 index 000000000..65e418446 --- /dev/null +++ b/internal/dump/testdata/fleet-8-mock-dump-all/api-fleet-agent_policies-fleet-server-policy.json @@ -0,0 +1 @@ +{"item":{"id":"fleet-server-policy","namespace":"default","monitoring_enabled":["logs","metrics"],"name":"Fleet Server (elastic-package)","is_default_fleet_server":true,"is_preconfigured":true,"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T15:31:03.382Z","updated_by":"system","package_policies":[{"id":"default-fleet-server","version":"WzYyNCwxXQ==","name":"fleet_server-1","namespace":"default","package":{"name":"fleet_server","title":"Fleet Server","version":"1.2.0"},"enabled":true,"policy_id":"fleet-server-policy","output_id":"fleet-default-output","inputs":[{"type":"fleet-server","policy_template":"fleet_server","enabled":true,"streams":[],"vars":{"host":{"value":["0.0.0.0"],"type":"text"},"port":{"value":[8220],"type":"integer"},"max_agents":{"type":"integer"},"max_connections":{"type":"integer"},"custom":{"value":"","type":"yaml"}},"compiled_input":{"server":{"port":8220,"host":"0.0.0.0"}}}],"revision":1,"created_at":"2022-06-27T15:31:03.351Z","created_by":"system","updated_at":"2022-06-27T15:31:03.351Z","updated_by":"system"}]}} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-mock-dump-all/api-fleet-agent_policies.full=true.page=1.json b/internal/dump/testdata/fleet-8-mock-dump-all/api-fleet-agent_policies.full=true.page=1.json new file mode 100644 index 000000000..7247809d6 --- /dev/null +++ b/internal/dump/testdata/fleet-8-mock-dump-all/api-fleet-agent_policies.full=true.page=1.json @@ -0,0 +1 @@ +{"items":[{"id":"8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f","name":"Load Balancers Servers","description":"","namespace":"default","monitoring_enabled":["logs","metrics"],"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T15:33:59.587Z","updated_by":"elastic","package_policies":[{"id":"a09f2609-9e8b-4b48-998f-ce99340da027","version":"WzEzMjAsMV0=","name":"system-3","namespace":"default","package":{"name":"system","title":"System","version":"1.16.2"},"enabled":true,"policy_id":"8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f","output_id":"fleet-default-output","inputs":[{"type":"logfile","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.auth"},"vars":{"paths":{"value":["/var/log/auth.log*","/var/log/secure*"],"type":"text"}},"id":"logfile-system.auth-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"paths":["/var/log/auth.log*","/var/log/secure*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.syslog"},"vars":{"paths":{"value":["/var/log/messages*","/var/log/syslog*"],"type":"text"}},"id":"logfile-system.syslog-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"paths":["/var/log/messages*","/var/log/syslog*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"winlog","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.application-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"name":"Application","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.security-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"name":"Security","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.system-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"name":"System","condition":"${host.platform} == 'windows'","ignore_older":"72h"}}]},{"type":"system/metrics","policy_template":"system","enabled":true,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"system.core"},"vars":{"period":{"value":"10s","type":"text"},"core.metrics":{"value":["percentages"],"type":"text"}},"id":"system/metrics-system.core-a09f2609-9e8b-4b48-998f-ce99340da027"},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.cpu"},"vars":{"period":{"value":"10s","type":"text"},"cpu.metrics":{"value":["percentages","normalized_percentages"],"type":"text"}},"id":"system/metrics-system.cpu-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["cpu"],"cpu.metrics":["percentages","normalized_percentages"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.diskio"},"vars":{"period":{"value":"10s","type":"text"},"diskio.include_devices":{"value":[],"type":"text"}},"id":"system/metrics-system.diskio-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["diskio"],"diskio.include_devices":null,"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.filesystem"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"},"filesystem.ignore_types":{"value":[],"type":"text"}},"id":"system/metrics-system.filesystem-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["filesystem"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.filesystem.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.fsstat"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"}},"id":"system/metrics-system.fsstat-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["fsstat"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.fsstat.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.load"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.load-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["load"],"condition":"${host.platform} != 'windows'","period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.memory"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.memory-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["memory"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.network"},"vars":{"period":{"value":"10s","type":"text"},"network.interfaces":{"value":[],"type":"text"}},"id":"system/metrics-system.network-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["network"],"period":"10s","network.interfaces":null}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process"},"vars":{"period":{"value":"10s","type":"text"},"process.include_top_n.by_cpu":{"value":5,"type":"integer"},"process.include_top_n.by_memory":{"value":5,"type":"integer"},"process.cmdline.cache.enabled":{"value":true,"type":"bool"},"process.cgroups.enabled":{"value":false,"type":"bool"},"process.env.whitelist":{"value":[],"type":"text"},"process.include_cpu_ticks":{"value":false,"type":"bool"},"processes":{"value":[".*"],"type":"text"}},"id":"system/metrics-system.process-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["process"],"period":"10s","process.include_top_n.by_cpu":5,"process.include_top_n.by_memory":5,"process.cmdline.cache.enabled":true,"process.cgroups.enabled":false,"process.include_cpu_ticks":false,"processes":[".*"]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process.summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.process.summary-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["process_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.socket_summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.socket_summary-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["socket_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.uptime"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.uptime-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["uptime"],"period":"10s"}}],"vars":{"system.hostfs":{"type":"text"}}},{"type":"httpjson","policy_template":"system","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Application\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.application-a09f2609-9e8b-4b48-998f-ce99340da027"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Security\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.security-a09f2609-9e8b-4b48-998f-ce99340da027"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:System\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.system-a09f2609-9e8b-4b48-998f-ce99340da027"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"preserve_original_event":{"value":false,"type":"bool"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}}],"revision":1,"created_at":"2022-06-27T15:33:55.519Z","created_by":"elastic","updated_at":"2022-06-27T15:33:55.519Z","updated_by":"elastic"},{"id":"46331ee9-90a9-4b1f-b568-98641e9bafc9","version":"WzEzMjIsMV0=","name":"nginx-load-balancers-test","namespace":"default","description":"","package":{"name":"nginx","title":"Nginx","version":"1.4.0"},"enabled":true,"policy_id":"8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f","output_id":"","inputs":[{"type":"logfile","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"paths":{"value":["/var/log/nginx/access.log*"],"type":"text"},"tags":{"value":["nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9","compiled_stream":{"paths":["/var/log/nginx/access.log*"],"tags":["nginx-access"],"exclude_files":[".gz$"],"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"paths":{"value":["/var/log/nginx/error.log*"],"type":"text"},"tags":{"value":["nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9","compiled_stream":{"paths":["/var/log/nginx/error.log*"],"tags":["nginx-error"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\d{4}\\/\\d{2}\\/\\d{2} ","negate":true,"match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"httpjson","policy_template":"nginx","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:access","type":"text"},"tags":{"value":["forwarded","nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9"},{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:error","type":"text"},"tags":{"value":["forwarded","nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}},{"type":"nginx/metrics","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"nginx.stubstatus"},"vars":{"period":{"value":"10s","type":"text"},"server_status_path":{"value":"/nginx_status","type":"text"}},"id":"nginx/metrics-nginx.stubstatus-46331ee9-90a9-4b1f-b568-98641e9bafc9","compiled_stream":{"metricsets":["stubstatus"],"hosts":["http://127.0.0.1:80"],"period":"10s","server_status_path":"/nginx_status"}}],"vars":{"hosts":{"value":["http://127.0.0.1:80"],"type":"text"}}}],"revision":1,"created_at":"2022-06-27T15:33:58.606Z","created_by":"elastic","updated_at":"2022-06-27T15:33:58.606Z","updated_by":"elastic"}],"agents":0},{"id":"67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f","name":"HTTP servers","description":"","namespace":"default","monitoring_enabled":["logs","metrics"],"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T15:33:05.252Z","updated_by":"elastic","package_policies":[{"id":"863e86ed-8d12-466c-a6b9-b5c3769f4f80","version":"WzkyMywxXQ==","name":"system-2","namespace":"default","package":{"name":"system","title":"System","version":"1.16.2"},"enabled":true,"policy_id":"67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f","output_id":"fleet-default-output","inputs":[{"type":"logfile","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.auth"},"vars":{"paths":{"value":["/var/log/auth.log*","/var/log/secure*"],"type":"text"}},"id":"logfile-system.auth-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"paths":["/var/log/auth.log*","/var/log/secure*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.syslog"},"vars":{"paths":{"value":["/var/log/messages*","/var/log/syslog*"],"type":"text"}},"id":"logfile-system.syslog-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"paths":["/var/log/messages*","/var/log/syslog*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"winlog","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"name":"Application","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"name":"Security","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"name":"System","condition":"${host.platform} == 'windows'","ignore_older":"72h"}}]},{"type":"system/metrics","policy_template":"system","enabled":true,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"system.core"},"vars":{"period":{"value":"10s","type":"text"},"core.metrics":{"value":["percentages"],"type":"text"}},"id":"system/metrics-system.core-863e86ed-8d12-466c-a6b9-b5c3769f4f80"},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.cpu"},"vars":{"period":{"value":"10s","type":"text"},"cpu.metrics":{"value":["percentages","normalized_percentages"],"type":"text"}},"id":"system/metrics-system.cpu-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["cpu"],"cpu.metrics":["percentages","normalized_percentages"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.diskio"},"vars":{"period":{"value":"10s","type":"text"},"diskio.include_devices":{"value":[],"type":"text"}},"id":"system/metrics-system.diskio-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["diskio"],"diskio.include_devices":null,"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.filesystem"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"},"filesystem.ignore_types":{"value":[],"type":"text"}},"id":"system/metrics-system.filesystem-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["filesystem"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.filesystem.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.fsstat"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"}},"id":"system/metrics-system.fsstat-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["fsstat"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.fsstat.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.load"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.load-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["load"],"condition":"${host.platform} != 'windows'","period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.memory"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.memory-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["memory"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.network"},"vars":{"period":{"value":"10s","type":"text"},"network.interfaces":{"value":[],"type":"text"}},"id":"system/metrics-system.network-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["network"],"period":"10s","network.interfaces":null}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process"},"vars":{"period":{"value":"10s","type":"text"},"process.include_top_n.by_cpu":{"value":5,"type":"integer"},"process.include_top_n.by_memory":{"value":5,"type":"integer"},"process.cmdline.cache.enabled":{"value":true,"type":"bool"},"process.cgroups.enabled":{"value":false,"type":"bool"},"process.env.whitelist":{"value":[],"type":"text"},"process.include_cpu_ticks":{"value":false,"type":"bool"},"processes":{"value":[".*"],"type":"text"}},"id":"system/metrics-system.process-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["process"],"period":"10s","process.include_top_n.by_cpu":5,"process.include_top_n.by_memory":5,"process.cmdline.cache.enabled":true,"process.cgroups.enabled":false,"process.include_cpu_ticks":false,"processes":[".*"]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process.summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.process.summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["process_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.socket_summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.socket_summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["socket_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.uptime"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.uptime-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["uptime"],"period":"10s"}}],"vars":{"system.hostfs":{"type":"text"}}},{"type":"httpjson","policy_template":"system","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Application\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Security\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:System\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"preserve_original_event":{"value":false,"type":"bool"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}}],"revision":1,"created_at":"2022-06-27T15:32:53.484Z","created_by":"elastic","updated_at":"2022-06-27T15:32:53.484Z","updated_by":"elastic"},{"id":"9be915b0-9b9b-45e2-adfc-37f18b64d468","version":"WzEwMjIsMV0=","name":"nginx-http-servers-test","namespace":"default","description":"","package":{"name":"nginx","title":"Nginx","version":"1.4.0"},"enabled":true,"policy_id":"67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f","output_id":"","inputs":[{"type":"logfile","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"paths":{"value":["/var/log/nginx/access.log*"],"type":"text"},"tags":{"value":["nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468","compiled_stream":{"paths":["/var/log/nginx/access.log*"],"tags":["nginx-access"],"exclude_files":[".gz$"],"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"paths":{"value":["/var/log/nginx/error.log*"],"type":"text"},"tags":{"value":["nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468","compiled_stream":{"paths":["/var/log/nginx/error.log*"],"tags":["nginx-error"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\d{4}\\/\\d{2}\\/\\d{2} ","negate":true,"match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"httpjson","policy_template":"nginx","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:access","type":"text"},"tags":{"value":["forwarded","nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468"},{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:error","type":"text"},"tags":{"value":["forwarded","nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}},{"type":"nginx/metrics","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"nginx.stubstatus"},"vars":{"period":{"value":"10s","type":"text"},"server_status_path":{"value":"/nginx_status","type":"text"}},"id":"nginx/metrics-nginx.stubstatus-9be915b0-9b9b-45e2-adfc-37f18b64d468","compiled_stream":{"metricsets":["stubstatus"],"hosts":["http://127.0.0.1:80"],"period":"10s","server_status_path":"/nginx_status"}}],"vars":{"hosts":{"value":["http://127.0.0.1:80"],"type":"text"}}}],"revision":1,"created_at":"2022-06-27T15:33:04.248Z","created_by":"elastic","updated_at":"2022-06-27T15:33:04.248Z","updated_by":"elastic"}],"agents":0},{"id":"fleet-server-policy","namespace":"default","monitoring_enabled":["logs","metrics"],"name":"Fleet Server (elastic-package)","is_default_fleet_server":true,"is_preconfigured":true,"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T15:31:03.382Z","updated_by":"system","package_policies":[{"id":"default-fleet-server","version":"WzYyNCwxXQ==","name":"fleet_server-1","namespace":"default","package":{"name":"fleet_server","title":"Fleet Server","version":"1.2.0"},"enabled":true,"policy_id":"fleet-server-policy","output_id":"fleet-default-output","inputs":[{"type":"fleet-server","policy_template":"fleet_server","enabled":true,"streams":[],"vars":{"host":{"value":["0.0.0.0"],"type":"text"},"port":{"value":[8220],"type":"integer"},"max_agents":{"type":"integer"},"max_connections":{"type":"integer"},"custom":{"value":"","type":"yaml"}},"compiled_input":{"server":{"port":8220,"host":"0.0.0.0"}}}],"revision":1,"created_at":"2022-06-27T15:31:03.351Z","created_by":"system","updated_at":"2022-06-27T15:31:03.351Z","updated_by":"system"}],"agents":1},{"id":"elastic-agent-managed-ep","namespace":"default","monitoring_enabled":["logs","metrics"],"name":"Elastic-Agent (elastic-package)","is_default":true,"is_preconfigured":true,"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T15:31:01.360Z","updated_by":"system","package_policies":[{"id":"default-system","version":"WzYyMiwxXQ==","name":"system-1","namespace":"default","package":{"name":"system","title":"System","version":"1.16.2"},"enabled":true,"policy_id":"elastic-agent-managed-ep","output_id":"fleet-default-output","inputs":[{"type":"logfile","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.auth"},"vars":{"paths":{"value":["/var/log/auth.log*","/var/log/secure*"],"type":"text"}},"id":"logfile-system.auth-default-system","compiled_stream":{"paths":["/var/log/auth.log*","/var/log/secure*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.syslog"},"vars":{"paths":{"value":["/var/log/messages*","/var/log/syslog*"],"type":"text"}},"id":"logfile-system.syslog-default-system","compiled_stream":{"paths":["/var/log/messages*","/var/log/syslog*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"winlog","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.application-default-system","compiled_stream":{"name":"Application","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.security-default-system","compiled_stream":{"name":"Security","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.system-default-system","compiled_stream":{"name":"System","condition":"${host.platform} == 'windows'","ignore_older":"72h"}}]},{"type":"system/metrics","policy_template":"system","enabled":true,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"system.core"},"vars":{"period":{"value":"10s","type":"text"},"core.metrics":{"value":["percentages"],"type":"text"}},"id":"system/metrics-system.core-default-system"},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.cpu"},"vars":{"period":{"value":"10s","type":"text"},"cpu.metrics":{"value":["percentages","normalized_percentages"],"type":"text"}},"id":"system/metrics-system.cpu-default-system","compiled_stream":{"metricsets":["cpu"],"cpu.metrics":["percentages","normalized_percentages"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.diskio"},"vars":{"period":{"value":"10s","type":"text"},"diskio.include_devices":{"value":[],"type":"text"}},"id":"system/metrics-system.diskio-default-system","compiled_stream":{"metricsets":["diskio"],"diskio.include_devices":null,"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.filesystem"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"},"filesystem.ignore_types":{"value":[],"type":"text"}},"id":"system/metrics-system.filesystem-default-system","compiled_stream":{"metricsets":["filesystem"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.filesystem.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.fsstat"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"}},"id":"system/metrics-system.fsstat-default-system","compiled_stream":{"metricsets":["fsstat"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.fsstat.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.load"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.load-default-system","compiled_stream":{"metricsets":["load"],"condition":"${host.platform} != 'windows'","period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.memory"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.memory-default-system","compiled_stream":{"metricsets":["memory"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.network"},"vars":{"period":{"value":"10s","type":"text"},"network.interfaces":{"value":[],"type":"text"}},"id":"system/metrics-system.network-default-system","compiled_stream":{"metricsets":["network"],"period":"10s","network.interfaces":null}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process"},"vars":{"period":{"value":"10s","type":"text"},"process.include_top_n.by_cpu":{"value":5,"type":"integer"},"process.include_top_n.by_memory":{"value":5,"type":"integer"},"process.cmdline.cache.enabled":{"value":true,"type":"bool"},"process.cgroups.enabled":{"value":false,"type":"bool"},"process.env.whitelist":{"value":[],"type":"text"},"process.include_cpu_ticks":{"value":false,"type":"bool"},"processes":{"value":[".*"],"type":"text"}},"id":"system/metrics-system.process-default-system","compiled_stream":{"metricsets":["process"],"period":"10s","process.include_top_n.by_cpu":5,"process.include_top_n.by_memory":5,"process.cmdline.cache.enabled":true,"process.cgroups.enabled":false,"process.include_cpu_ticks":false,"processes":[".*"]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process.summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.process.summary-default-system","compiled_stream":{"metricsets":["process_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.socket_summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.socket_summary-default-system","compiled_stream":{"metricsets":["socket_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.uptime"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.uptime-default-system","compiled_stream":{"metricsets":["uptime"],"period":"10s"}}],"vars":{"system.hostfs":{"type":"text"}}},{"type":"httpjson","policy_template":"system","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Application\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.application-default-system"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Security\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.security-default-system"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:System\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.system-default-system"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"preserve_original_event":{"value":false,"type":"bool"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}}],"revision":1,"created_at":"2022-06-27T15:31:00.403Z","created_by":"system","updated_at":"2022-06-27T15:31:00.403Z","updated_by":"system"}],"agents":1}],"total":4,"page":1,"perPage":20} \ No newline at end of file diff --git a/internal/kibana/httptest.go b/internal/kibana/httptest.go new file mode 100644 index 000000000..4830292e8 --- /dev/null +++ b/internal/kibana/httptest.go @@ -0,0 +1,72 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package kibana + +import ( + "net/http" + "net/http/httptest" + "os" + "path/filepath" + "strings" + "testing" + + "github.com/stretchr/testify/require" +) + +// NewTestClient returns a client for a testing http server that uses prerecorded +// responses. If responses are not found, it forwards the query to the server started by +// elastic-package stack, and records the response. +// Responses are recorded in the directory indicated by serverDataDir. +func NewTestClient(t *testing.T, serverDataDir string) *Client { + server := testKibanaServer(t, serverDataDir) + t.Cleanup(func() { server.Close() }) + + client, err := NewClient( + Address(server.URL), + ) + require.NoError(t, err) + + return client +} + +func testKibanaServer(t *testing.T, mockServerDir string) *httptest.Server { + return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + t.Log(r.Method, r.URL.String()) + f := filepath.Join(mockServerDir, pathForURL(r.URL.String())) + if _, err := os.Stat(f); err != nil { + recordRequest(t, r, f) + } + http.ServeFile(w, r, f) + })) +} + +var pathReplacer = strings.NewReplacer("/", "-", "*", "_", "?", ".", "&", ".") + +// FIXME duplicated in internal/elasticsearch/test/http_test.go +func pathForURL(url string) string { + clean := strings.Trim(url, "/") + if len(clean) == 0 { + return "root.json" + } + return pathReplacer.Replace(clean) + ".json" +} + +func recordRequest(t *testing.T, r *http.Request, path string) { + client, err := NewClient() + require.NoError(t, err) + + t.Logf("Recording %s in %s", r.URL.RequestURI(), path) + status, respBody, err := client.get(r.URL.RequestURI()) + require.Equal(t, 200, status) + require.NoError(t, err) + + os.MkdirAll(filepath.Dir(path), 0755) + f, err := os.Create(path) + require.NoError(t, err) + defer f.Close() + + _, err = f.Write(respBody) + require.NoError(t, err) +} diff --git a/internal/kibana/policies.go b/internal/kibana/policies.go index 86bc2bf02..11df8543a 100644 --- a/internal/kibana/policies.go +++ b/internal/kibana/policies.go @@ -14,7 +14,7 @@ import ( "github.com/elastic/elastic-package/internal/packages" ) -// Policy represents an Ingest Manager policy. +// Policy represents an Agent Policy in Fleet. type Policy struct { ID string `json:"id,omitempty"` Name string `json:"name"` @@ -23,7 +23,7 @@ type Policy struct { Revision int `json:"revision,omitempty"` } -// CreatePolicy persists the given Policy in the Ingest Manager. +// CreatePolicy persists the given Policy in Fleet. func (c *Client) CreatePolicy(p Policy) (*Policy, error) { reqBody, err := json.Marshal(p) if err != nil { @@ -50,7 +50,7 @@ func (c *Client) CreatePolicy(p Policy) (*Policy, error) { return &resp.Item, nil } -// GetPolicy fetches the given Policy in the Ingest Manager. +// GetPolicy fetches the given Policy in Fleet. func (c *Client) GetPolicy(policyID string) (*Policy, error) { statusCode, respBody, err := c.get(fmt.Sprintf("%s/agent_policies/%s", FleetAPI, policyID)) if err != nil { @@ -72,7 +72,63 @@ func (c *Client) GetPolicy(policyID string) (*Policy, error) { return &resp.Item, nil } -// DeletePolicy removes the given Policy from the Ingest Manager. +// GetRawPolicy fetches the given Policy with all the fields in Fleet. +func (c *Client) GetRawPolicy(policyID string) (json.RawMessage, error) { + statusCode, respBody, err := c.get(fmt.Sprintf("%s/agent_policies/%s", FleetAPI, policyID)) + if err != nil { + return nil, errors.Wrap(err, "could not get policy") + } + + if statusCode != http.StatusOK { + return nil, fmt.Errorf("could not get policy; API status code = %d; response body = %s", statusCode, respBody) + } + + var resp struct { + Item json.RawMessage `json:"item"` + } + + if err := json.Unmarshal(respBody, &resp); err != nil { + return nil, errors.Wrap(err, "could not convert policy (response) to JSON") + } + + return resp.Item, nil +} + +// ListRawPolicies fetches all the Policies in Fleet. +func (c *Client) ListRawPolicies() ([]json.RawMessage, error) { + itemsRetrieved := 0 + currentPage := 1 + var items []json.RawMessage + var resp struct { + Items []json.RawMessage `json:"items"` + Total int `json:"total"` + Page int `json:"page"` + PerPage int `json:"perPage"` + } + + for finished := false; !finished; finished = itemsRetrieved == resp.Total { + statusCode, respBody, err := c.get(fmt.Sprintf("%s/agent_policies?full=true&page=%d", FleetAPI, currentPage)) + if err != nil { + return nil, errors.Wrap(err, "could not get policies") + } + + if statusCode != http.StatusOK { + return nil, fmt.Errorf("could not get policies; API status code = %d; response body = %s", statusCode, respBody) + } + + if err := json.Unmarshal(respBody, &resp); err != nil { + return nil, errors.Wrap(err, "could not convert policies (response) to JSON") + } + + itemsRetrieved += len(resp.Items) + currentPage += 1 + items = append(items, resp.Items...) + } + + return items, nil +} + +// DeletePolicy removes the given Policy from Fleet. func (c *Client) DeletePolicy(p Policy) error { reqBody := `{ "agentPolicyId": "` + p.ID + `" }` @@ -123,7 +179,7 @@ type Input struct { } // PackageDataStream represents a request to add a single package's single data stream to a -// Policy in Ingest Manager. +// Policy in Fleet. type PackageDataStream struct { Name string `json:"name"` Description string `json:"description"` @@ -139,7 +195,7 @@ type PackageDataStream struct { } `json:"package"` } -// AddPackageDataStreamToPolicy adds a PackageDataStream to a Policy in Ingest Manager. +// AddPackageDataStreamToPolicy adds a PackageDataStream to a Policy in Fleet. func (c *Client) AddPackageDataStreamToPolicy(r PackageDataStream) error { reqBody, err := json.Marshal(r) if err != nil {