From 4b3a1c67f7cb76751df0ea5d5d87cb748461497a Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Date: Tue, 21 Jun 2022 18:29:45 +0200 Subject: [PATCH 01/27] Rename dump installed objects action --- cmd/dump.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/dump.go b/cmd/dump.go index 9c9285905..7e75641e2 100644 --- a/cmd/dump.go +++ b/cmd/dump.go @@ -24,7 +24,7 @@ func setupDumpCommand() *cobraext.Command { Use: "installed-objects", Short: "Dump objects installed in the stack", Long: dumpInstalledObjectsLongDescription, - RunE: dumpInstalledObjectsCmd, + RunE: dumpInstalledObjectsCmdAction, } dumpInstalledObjectsCmd.Flags().Bool(cobraext.TLSSkipVerifyFlagName, false, cobraext.TLSSkipVerifyFlagDescription) @@ -42,7 +42,7 @@ func setupDumpCommand() *cobraext.Command { return cobraext.NewCommand(cmd, cobraext.ContextGlobal) } -func dumpInstalledObjectsCmd(cmd *cobra.Command, args []string) error { +func dumpInstalledObjectsCmdAction(cmd *cobra.Command, args []string) error { packageName, err := cmd.Flags().GetString(cobraext.PackageFlagName) if err != nil { return cobraext.FlagParsingError(err, cobraext.PackageFlagName) From e8be6c80d23a3a278e1a3e8dec206c989a048484 Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Date: Wed, 22 Jun 2022 17:39:58 +0200 Subject: [PATCH 02/27] Add new subcommand to dump agent policies --- cmd/dump.go | 58 +++++++++++++++- internal/cobraext/flags.go | 3 + internal/dump/agentpolicies.go | 123 +++++++++++++++++++++++++++++++++ internal/kibana/policies.go | 44 ++++++++++++ 4 files changed, 227 insertions(+), 1 deletion(-) create mode 100644 internal/dump/agentpolicies.go diff --git a/cmd/dump.go b/cmd/dump.go index 7e75641e2..455861283 100644 --- a/cmd/dump.go +++ b/cmd/dump.go @@ -11,6 +11,7 @@ import ( "github.com/elastic/elastic-package/internal/cobraext" "github.com/elastic/elastic-package/internal/dump" "github.com/elastic/elastic-package/internal/elasticsearch" + "github.com/elastic/elastic-package/internal/kibana" ) const dumpLongDescription = `Use this command as a exploratory tool to dump assets relevant for the package.` @@ -19,6 +20,10 @@ const dumpInstalledObjectsLongDescription = `Use this command to dump objects in Use this command as a exploratory tool to dump objects as they are installed by Fleet when installing a package. Dumped objects are stored in files as they are returned by APIs of the stack, without any processing.` +const dumpAgentPoliciesLongDescription = `Use this command to dump agent policies installed by Fleet as part of a package. + +Use this command as a exploratory tool to dump objects as they are installed by Fleet when installing a package. Dumped objects are stored in files as they are returned by APIs of the stack, without any processing.` + func setupDumpCommand() *cobraext.Command { dumpInstalledObjectsCmd := &cobra.Command{ Use: "installed-objects", @@ -27,6 +32,15 @@ func setupDumpCommand() *cobraext.Command { RunE: dumpInstalledObjectsCmdAction, } dumpInstalledObjectsCmd.Flags().Bool(cobraext.TLSSkipVerifyFlagName, false, cobraext.TLSSkipVerifyFlagDescription) + // dumpInstalledObjectsCmd.MarkFlagRequired(cobraext.PackageFlagName) // TODO: required for dumping agent policies? + + dumpAgentPoliciesCmd := &cobra.Command{ + Use: "agent-policies", + Short: "Dump agent policies defined in the stack", + Long: dumpAgentPoliciesLongDescription, + RunE: dumpAgentPoliciesCmdAction, + } + dumpAgentPoliciesCmd.Flags().StringP(cobraext.AgentPolicyFlagName, "", "", cobraext.AgentPolicyDescription) cmd := &cobra.Command{ Use: "dump", @@ -34,10 +48,11 @@ func setupDumpCommand() *cobraext.Command { Long: dumpLongDescription, } cmd.PersistentFlags().StringP(cobraext.PackageFlagName, cobraext.PackageFlagShorthand, "", cobraext.PackageFlagDescription) - cmd.MarkFlagRequired(cobraext.PackageFlagName) + cmd.MarkFlagRequired(cobraext.PackageFlagName) // TODO: required for dumping agent policies? cmd.PersistentFlags().StringP(cobraext.DumpOutputFlagName, "o", "package-dump", cobraext.DumpOutputFlagDescription) cmd.AddCommand(dumpInstalledObjectsCmd) + cmd.AddCommand(dumpAgentPoliciesCmd) return cobraext.NewCommand(cmd, cobraext.ContextGlobal) } @@ -76,3 +91,44 @@ func dumpInstalledObjectsCmdAction(cmd *cobra.Command, args []string) error { cmd.Printf("Dumped %d installed objects for package %s to %s\n", n, packageName, outputPath) return nil } + +func dumpAgentPoliciesCmdAction(cmd *cobra.Command, args []string) error { + agentPolicy, err := cmd.Flags().GetString(cobraext.AgentPolicyFlagName) + if err != nil { + return cobraext.FlagParsingError(err, cobraext.AgentPolicyFlagName) + } + + outputPath, err := cmd.Flags().GetString(cobraext.DumpOutputFlagName) + if err != nil { + return cobraext.FlagParsingError(err, cobraext.DumpOutputFlagName) + } + + tlsSkipVerify, _ := cmd.Flags().GetBool(cobraext.TLSSkipVerifyFlagName) + + var clientOptions []kibana.ClientOption + if tlsSkipVerify { + clientOptions = append(clientOptions, kibana.TLSSkipVerify()) + } + kibanaClient, err := kibana.NewClient(clientOptions...) + if err != nil { + return errors.Wrap(err, "failed to initialize Kibana client") + } + + switch { + case agentPolicy != "": + dumper := dump.NewAgentPolicyDumper(kibanaClient, agentPolicy) + err = dumper.DumpAgentPolicy(cmd.Context(), outputPath) + if err != nil { + return errors.Wrap(err, "dump failed") + } + cmd.Printf("Dumped agent policy %s to %s\n", agentPolicy, outputPath) + default: + dumper := dump.NewAgentPoliciesDumper(kibanaClient) + count, err := dumper.DumpAll(cmd.Context(), outputPath) + if err != nil { + return errors.Wrap(err, "dump failed") + } + cmd.Printf("Dumped %s agent policies to %s\n", count, outputPath) + } + return nil +} diff --git a/internal/cobraext/flags.go b/internal/cobraext/flags.go index 401bf5af1..9a6aad5cf 100644 --- a/internal/cobraext/flags.go +++ b/internal/cobraext/flags.go @@ -23,6 +23,9 @@ const ( // Flag names and descriptions used by CLI commands const ( + AgentPolicyFlagName = "agent-policy" + AgentPolicyDescription = "name of the agent policy" + BuildZipFlagName = "zip" BuildZipFlagDescription = "archive the built package" diff --git a/internal/dump/agentpolicies.go b/internal/dump/agentpolicies.go new file mode 100644 index 000000000..6b15ad677 --- /dev/null +++ b/internal/dump/agentpolicies.go @@ -0,0 +1,123 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package dump + +import ( + "context" + "encoding/json" + "fmt" + "path/filepath" + + "github.com/elastic/elastic-package/internal/kibana" +) + +const AgentPoliciesDumpDir = "agent_policies" + +type AgentPolicyDumper struct { + name string + client *kibana.Client + + policy *AgentPolicy +} + +type AgentPoliciesDumper struct { + client *kibana.Client + + policies []AgentPolicy +} + +type AgentPolicy struct { + name string + raw json.RawMessage +} + +func (p AgentPolicy) Name() string { + return p.name +} + +func (p AgentPolicy) JSON() []byte { + return p.raw +} + +func NewAgentPolicyDumper(client *kibana.Client, agentPolicy string) *AgentPolicyDumper { + return &AgentPolicyDumper{ + name: agentPolicy, + client: client, + } +} + +func NewAgentPoliciesDumper(client *kibana.Client) *AgentPoliciesDumper { + return &AgentPoliciesDumper{ + client: client, + } +} + +func (d *AgentPolicyDumper) getAgentPolicy(ctx context.Context) (*AgentPolicy, error) { + if d.policy == nil { + policy, err := d.client.GetRawPolicy(d.name) + + if err != nil { + return nil, err + } + agentPolicy := AgentPolicy{name: d.name, raw: policy} + d.policy = &agentPolicy + } + return d.policy, nil +} + +func (d *AgentPolicyDumper) DumpAgentPolicy(ctx context.Context, dir string) error { + agentPolicy, err := d.getAgentPolicy(ctx) + if err != nil { + return fmt.Errorf("failed to get agent policy: %w", err) + } + + dir = filepath.Join(dir, AgentPoliciesDumpDir) + err = dumpInstalledObject(dir, agentPolicy) + if err != nil { + return fmt.Errorf("failed to dump agent policy %s: %w", agentPolicy.Name(), err) + } + return nil +} + +func (d *AgentPoliciesDumper) getAllAgentPolicies(ctx context.Context) ([]AgentPolicy, error) { + if len(d.policies) == 0 { + fmt.Printf("Getting all agent policies") + policies, err := d.client.ListRawPolicy() + + if err != nil { + return nil, err + } + + var policyName struct { + ID string `json:"id"` + } + + for _, policy := range policies { + err = json.Unmarshal(policy, &policyName) + if err != nil { + return nil, fmt.Errorf("failed to get Agent Policy ID: %w", err) + } + agentPolicy := AgentPolicy{name: policyName.ID, raw: policy} + d.policies = append(d.policies, agentPolicy) + } + } + return d.policies, nil +} + +func (d *AgentPoliciesDumper) DumpAll(ctx context.Context, dir string) (count int, err error) { + agentPolicies, err := d.getAllAgentPolicies(ctx) + if err != nil { + return 0, fmt.Errorf("failed to get agent policy: %w", err) + } + + dir = filepath.Join(dir, AgentPoliciesDumpDir) + for _, agentPolicy := range agentPolicies { + err := dumpInstalledObject(dir, agentPolicy) + if err != nil { + return 0, fmt.Errorf("failed to dump agent policy %s: %w", agentPolicy.Name(), err) + } + } + return len(agentPolicies), nil +} diff --git a/internal/kibana/policies.go b/internal/kibana/policies.go index 86bc2bf02..5ee94e294 100644 --- a/internal/kibana/policies.go +++ b/internal/kibana/policies.go @@ -72,6 +72,50 @@ func (c *Client) GetPolicy(policyID string) (*Policy, error) { return &resp.Item, nil } +// GetRawPolicy fetches the given Policy with all the fields in the Ingest Manager. +func (c *Client) GetRawPolicy(policyID string) (json.RawMessage, error) { + statusCode, respBody, err := c.get(fmt.Sprintf("%s/agent_policies/%s", FleetAPI, policyID)) + if err != nil { + return nil, errors.Wrap(err, "could not get policy") + } + + if statusCode != http.StatusOK { + return nil, fmt.Errorf("could not get policy; API status code = %d; response body = %s", statusCode, respBody) + } + + var resp struct { + Item json.RawMessage `json:"item"` + } + + if err := json.Unmarshal(respBody, &resp); err != nil { + return nil, errors.Wrap(err, "could not convert policy (response) to JSON") + } + + return resp.Item, nil +} + +// ListRawPolicy fetches all the Policies in the Ingest Manager. +func (c *Client) ListRawPolicy() ([]json.RawMessage, error) { + statusCode, respBody, err := c.get(fmt.Sprintf("%s/agent_policies?full=true", FleetAPI)) + if err != nil { + return nil, errors.Wrap(err, "could not get policy") + } + + if statusCode != http.StatusOK { + return nil, fmt.Errorf("could not get policy; API status code = %d; response body = %s", statusCode, respBody) + } + + var resp struct { + Items []json.RawMessage `json:"items"` + } + + if err := json.Unmarshal(respBody, &resp); err != nil { + return nil, errors.Wrap(err, "could not convert policy (response) to JSON") + } + + return resp.Items, nil +} + // DeletePolicy removes the given Policy from the Ingest Manager. func (c *Client) DeletePolicy(p Policy) error { reqBody := `{ "agentPolicyId": "` + p.ID + `" }` From ab1f310a9cd395fc41f6e8089dcd19f6d4ee1f8f Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Date: Wed, 22 Jun 2022 18:26:23 +0200 Subject: [PATCH 03/27] Add parameter to get agent policies using some package --- cmd/dump.go | 14 ++++++- internal/dump/agentpolicies.go | 69 +++++++++++++++++++++++++++++++++- 2 files changed, 81 insertions(+), 2 deletions(-) diff --git a/cmd/dump.go b/cmd/dump.go index 455861283..446145aa0 100644 --- a/cmd/dump.go +++ b/cmd/dump.go @@ -93,6 +93,11 @@ func dumpInstalledObjectsCmdAction(cmd *cobra.Command, args []string) error { } func dumpAgentPoliciesCmdAction(cmd *cobra.Command, args []string) error { + packageName, err := cmd.Flags().GetString(cobraext.PackageFlagName) + if err != nil { + return cobraext.FlagParsingError(err, cobraext.PackageFlagName) + } + agentPolicy, err := cmd.Flags().GetString(cobraext.AgentPolicyFlagName) if err != nil { return cobraext.FlagParsingError(err, cobraext.AgentPolicyFlagName) @@ -122,13 +127,20 @@ func dumpAgentPoliciesCmdAction(cmd *cobra.Command, args []string) error { return errors.Wrap(err, "dump failed") } cmd.Printf("Dumped agent policy %s to %s\n", agentPolicy, outputPath) + case packageName != "": + dumper := dump.NewAgentPoliciesDumper(kibanaClient) + count, err := dumper.DumpAgentPoliciesFileteredByPackage(cmd.Context(), packageName, outputPath) + if err != nil { + return errors.Wrap(err, "dump failed") + } + cmd.Printf("Dumped %d agent policies filtering by package name %s to %s\n", count, packageName, outputPath) default: dumper := dump.NewAgentPoliciesDumper(kibanaClient) count, err := dumper.DumpAll(cmd.Context(), outputPath) if err != nil { return errors.Wrap(err, "dump failed") } - cmd.Printf("Dumped %s agent policies to %s\n", count, outputPath) + cmd.Printf("Dumped %d agent policies to %s\n", count, outputPath) } return nil } diff --git a/internal/dump/agentpolicies.go b/internal/dump/agentpolicies.go index 6b15ad677..fbff3bb24 100644 --- a/internal/dump/agentpolicies.go +++ b/internal/dump/agentpolicies.go @@ -10,6 +10,7 @@ import ( "fmt" "path/filepath" + "github.com/elastic/elastic-package/internal/common" "github.com/elastic/elastic-package/internal/kibana" ) @@ -83,7 +84,6 @@ func (d *AgentPolicyDumper) DumpAgentPolicy(ctx context.Context, dir string) err func (d *AgentPoliciesDumper) getAllAgentPolicies(ctx context.Context) ([]AgentPolicy, error) { if len(d.policies) == 0 { - fmt.Printf("Getting all agent policies") policies, err := d.client.ListRawPolicy() if err != nil { @@ -106,6 +106,57 @@ func (d *AgentPoliciesDumper) getAllAgentPolicies(ctx context.Context) ([]AgentP return d.policies, nil } +type packagePolicy struct { + ID string `json:"id"` + Name string `json:"name"` + Package struct { + Name string `json:"name"` + Title string `json:"title"` + Version string `json:"version"` + } `json:"package"` +} + +func getPackagesUsingAgentPolicy(packagePolicies []packagePolicy) []string { + var packageNames []string + for _, packagePolicy := range packagePolicies { + packageNames = append(packageNames, packagePolicy.Package.Name) + } + return packageNames +} + +func (d *AgentPoliciesDumper) getAgentPoliciesFilteredByPackage(ctx context.Context, packageName string) ([]AgentPolicy, error) { + if len(d.policies) == 0 { + policies, err := d.client.ListRawPolicy() + + if err != nil { + return nil, err + } + + var policyPackages struct { + ID string `json:"id"` + PackagePolicies []packagePolicy `json:"package_policies"` + } + + for _, policy := range policies { + err = json.Unmarshal(policy, &policyPackages) + if err != nil { + return nil, fmt.Errorf("failed to get Agent Policy ID: %w", err) + } + packageNames := getPackagesUsingAgentPolicy(policyPackages.PackagePolicies) + fmt.Printf("package Name %s\n", packageName) + fmt.Printf("packageNames %s\n", packageNames) + fmt.Printf("Struct package policies %+v\n", policyPackages.PackagePolicies) + if !common.StringSliceContains(packageNames, packageName) { + continue + } + + agentPolicy := AgentPolicy{name: policyPackages.ID, raw: policy} + d.policies = append(d.policies, agentPolicy) + } + } + return d.policies, nil +} + func (d *AgentPoliciesDumper) DumpAll(ctx context.Context, dir string) (count int, err error) { agentPolicies, err := d.getAllAgentPolicies(ctx) if err != nil { @@ -121,3 +172,19 @@ func (d *AgentPoliciesDumper) DumpAll(ctx context.Context, dir string) (count in } return len(agentPolicies), nil } + +func (d *AgentPoliciesDumper) DumpAgentPoliciesFileteredByPackage(ctx context.Context, packageName, dir string) (count int, err error) { + agentPolicies, err := d.getAgentPoliciesFilteredByPackage(ctx, packageName) + if err != nil { + return 0, fmt.Errorf("failed to get agent policy: %w", err) + } + + dir = filepath.Join(dir, AgentPoliciesDumpDir) + for _, agentPolicy := range agentPolicies { + err := dumpInstalledObject(dir, agentPolicy) + if err != nil { + return 0, fmt.Errorf("failed to dump agent policy %s: %w", agentPolicy.Name(), err) + } + } + return len(agentPolicies), nil +} From 469fe8cf66ed04c63f9bf9595e5de7cee05fd4dc Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Date: Wed, 22 Jun 2022 18:34:16 +0200 Subject: [PATCH 04/27] Rephrase long descriptions --- cmd/dump.go | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/cmd/dump.go b/cmd/dump.go index 446145aa0..637585d18 100644 --- a/cmd/dump.go +++ b/cmd/dump.go @@ -20,9 +20,9 @@ const dumpInstalledObjectsLongDescription = `Use this command to dump objects in Use this command as a exploratory tool to dump objects as they are installed by Fleet when installing a package. Dumped objects are stored in files as they are returned by APIs of the stack, without any processing.` -const dumpAgentPoliciesLongDescription = `Use this command to dump agent policies installed by Fleet as part of a package. +const dumpAgentPoliciesLongDescription = `Use this command to dump agent policies created by Fleet as part of a package installation. -Use this command as a exploratory tool to dump objects as they are installed by Fleet when installing a package. Dumped objects are stored in files as they are returned by APIs of the stack, without any processing.` +Use this command as a exploratory tool to dump agent policies as they are created by Fleet when installing a package. Dumped agent policies are stored in files as they are returned by APIs of the stack, without any processing.` func setupDumpCommand() *cobraext.Command { dumpInstalledObjectsCmd := &cobra.Command{ @@ -32,7 +32,6 @@ func setupDumpCommand() *cobraext.Command { RunE: dumpInstalledObjectsCmdAction, } dumpInstalledObjectsCmd.Flags().Bool(cobraext.TLSSkipVerifyFlagName, false, cobraext.TLSSkipVerifyFlagDescription) - // dumpInstalledObjectsCmd.MarkFlagRequired(cobraext.PackageFlagName) // TODO: required for dumping agent policies? dumpAgentPoliciesCmd := &cobra.Command{ Use: "agent-policies", From 9bb50ffb11fdfcf153f0b798d874b34962f1c90a Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Date: Wed, 22 Jun 2022 19:15:48 +0200 Subject: [PATCH 05/27] Remove debug prints --- internal/dump/agentpolicies.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/internal/dump/agentpolicies.go b/internal/dump/agentpolicies.go index fbff3bb24..df7ecf186 100644 --- a/internal/dump/agentpolicies.go +++ b/internal/dump/agentpolicies.go @@ -143,9 +143,6 @@ func (d *AgentPoliciesDumper) getAgentPoliciesFilteredByPackage(ctx context.Cont return nil, fmt.Errorf("failed to get Agent Policy ID: %w", err) } packageNames := getPackagesUsingAgentPolicy(policyPackages.PackagePolicies) - fmt.Printf("package Name %s\n", packageName) - fmt.Printf("packageNames %s\n", packageNames) - fmt.Printf("Struct package policies %+v\n", policyPackages.PackagePolicies) if !common.StringSliceContains(packageNames, packageName) { continue } From c33295dbece7314c4e4cc49c89519c583f6e36ba Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Date: Thu, 23 Jun 2022 12:48:28 +0200 Subject: [PATCH 06/27] Comment reviews --- cmd/dump.go | 24 ++++++++++++++++------ internal/dump/agentpolicies.go | 37 +++++++++++++++------------------- 2 files changed, 34 insertions(+), 27 deletions(-) diff --git a/cmd/dump.go b/cmd/dump.go index 637585d18..d8da551dc 100644 --- a/cmd/dump.go +++ b/cmd/dump.go @@ -22,7 +22,11 @@ Use this command as a exploratory tool to dump objects as they are installed by const dumpAgentPoliciesLongDescription = `Use this command to dump agent policies created by Fleet as part of a package installation. -Use this command as a exploratory tool to dump agent policies as they are created by Fleet when installing a package. Dumped agent policies are stored in files as they are returned by APIs of the stack, without any processing.` +Use this command as a exploratory tool to dump agent policies as they are created by Fleet when installing a package. Dumped agent policies are stored in files as they are returned by APIs of the stack, without any processing. + +If no flag is provided, by default this command dumps all agent policies created by Fleet. + +If --package flag is provided, this command dumps all agent policies that the given package has been assigned to it.` func setupDumpCommand() *cobraext.Command { dumpInstalledObjectsCmd := &cobra.Command{ @@ -120,26 +124,34 @@ func dumpAgentPoliciesCmdAction(cmd *cobra.Command, args []string) error { switch { case agentPolicy != "": - dumper := dump.NewAgentPolicyDumper(kibanaClient, agentPolicy) + dumper := dump.NewAgentPoliciesDumper(kibanaClient, &agentPolicy) err = dumper.DumpAgentPolicy(cmd.Context(), outputPath) if err != nil { return errors.Wrap(err, "dump failed") } cmd.Printf("Dumped agent policy %s to %s\n", agentPolicy, outputPath) case packageName != "": - dumper := dump.NewAgentPoliciesDumper(kibanaClient) + dumper := dump.NewAgentPoliciesDumper(kibanaClient, nil) count, err := dumper.DumpAgentPoliciesFileteredByPackage(cmd.Context(), packageName, outputPath) if err != nil { return errors.Wrap(err, "dump failed") } - cmd.Printf("Dumped %d agent policies filtering by package name %s to %s\n", count, packageName, outputPath) + if count != 0 { + cmd.Printf("Dumped %d agent policies filtering by package name %s to %s\n", count, packageName, outputPath) + } else { + cmd.Printf("No agent policies were found filtering by package name %s\n", packageName) + } default: - dumper := dump.NewAgentPoliciesDumper(kibanaClient) + dumper := dump.NewAgentPoliciesDumper(kibanaClient, nil) count, err := dumper.DumpAll(cmd.Context(), outputPath) if err != nil { return errors.Wrap(err, "dump failed") } - cmd.Printf("Dumped %d agent policies to %s\n", count, outputPath) + if count != 0 { + cmd.Printf("Dumped %d agent policies to %s\n", count, outputPath) + } else { + cmd.Printf("No agent policies were found\n") + } } return nil } diff --git a/internal/dump/agentpolicies.go b/internal/dump/agentpolicies.go index df7ecf186..5e1cbff64 100644 --- a/internal/dump/agentpolicies.go +++ b/internal/dump/agentpolicies.go @@ -16,14 +16,8 @@ import ( const AgentPoliciesDumpDir = "agent_policies" -type AgentPolicyDumper struct { - name string - client *kibana.Client - - policy *AgentPolicy -} - type AgentPoliciesDumper struct { + name *string client *kibana.Client policies []AgentPolicy @@ -42,33 +36,32 @@ func (p AgentPolicy) JSON() []byte { return p.raw } -func NewAgentPolicyDumper(client *kibana.Client, agentPolicy string) *AgentPolicyDumper { - return &AgentPolicyDumper{ - name: agentPolicy, - client: client, +func NewAgentPoliciesDumper(client *kibana.Client, agentPolicy *string) *AgentPoliciesDumper { + if agentPolicy != nil { + return &AgentPoliciesDumper{ + name: agentPolicy, + client: client, + } } -} - -func NewAgentPoliciesDumper(client *kibana.Client) *AgentPoliciesDumper { return &AgentPoliciesDumper{ client: client, } } -func (d *AgentPolicyDumper) getAgentPolicy(ctx context.Context) (*AgentPolicy, error) { - if d.policy == nil { - policy, err := d.client.GetRawPolicy(d.name) +func (d *AgentPoliciesDumper) getAgentPolicy(ctx context.Context) (*AgentPolicy, error) { + if len(d.policies) == 0 { + policy, err := d.client.GetRawPolicy(*d.name) if err != nil { return nil, err } - agentPolicy := AgentPolicy{name: d.name, raw: policy} - d.policy = &agentPolicy + d.policies = append(d.policies, AgentPolicy{name: *d.name, raw: policy}) } - return d.policy, nil + return &d.policies[0], nil } -func (d *AgentPolicyDumper) DumpAgentPolicy(ctx context.Context, dir string) error { +func (d *AgentPoliciesDumper) DumpAgentPolicy(ctx context.Context, dir string) error { + d.policies = nil agentPolicy, err := d.getAgentPolicy(ctx) if err != nil { return fmt.Errorf("failed to get agent policy: %w", err) @@ -155,6 +148,7 @@ func (d *AgentPoliciesDumper) getAgentPoliciesFilteredByPackage(ctx context.Cont } func (d *AgentPoliciesDumper) DumpAll(ctx context.Context, dir string) (count int, err error) { + d.policies = nil agentPolicies, err := d.getAllAgentPolicies(ctx) if err != nil { return 0, fmt.Errorf("failed to get agent policy: %w", err) @@ -171,6 +165,7 @@ func (d *AgentPoliciesDumper) DumpAll(ctx context.Context, dir string) (count in } func (d *AgentPoliciesDumper) DumpAgentPoliciesFileteredByPackage(ctx context.Context, packageName, dir string) (count int, err error) { + d.policies = nil agentPolicies, err := d.getAgentPoliciesFilteredByPackage(ctx, packageName) if err != nil { return 0, fmt.Errorf("failed to get agent policy: %w", err) From d813be90eddc47a6071c60636b33fafc892495d1 Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Date: Thu, 23 Jun 2022 12:59:13 +0200 Subject: [PATCH 07/27] Set required package flag just for installed-objects subcommand --- cmd/dump.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/cmd/dump.go b/cmd/dump.go index d8da551dc..b6a69085f 100644 --- a/cmd/dump.go +++ b/cmd/dump.go @@ -36,6 +36,8 @@ func setupDumpCommand() *cobraext.Command { RunE: dumpInstalledObjectsCmdAction, } dumpInstalledObjectsCmd.Flags().Bool(cobraext.TLSSkipVerifyFlagName, false, cobraext.TLSSkipVerifyFlagDescription) + dumpInstalledObjectsCmd.Flags().StringP(cobraext.PackageFlagName, cobraext.PackageFlagShorthand, "", cobraext.PackageFlagDescription) + dumpInstalledObjectsCmd.MarkFlagRequired(cobraext.PackageFlagName) dumpAgentPoliciesCmd := &cobra.Command{ Use: "agent-policies", @@ -44,14 +46,14 @@ func setupDumpCommand() *cobraext.Command { RunE: dumpAgentPoliciesCmdAction, } dumpAgentPoliciesCmd.Flags().StringP(cobraext.AgentPolicyFlagName, "", "", cobraext.AgentPolicyDescription) + dumpAgentPoliciesCmd.Flags().StringP(cobraext.PackageFlagName, cobraext.PackageFlagShorthand, "", cobraext.PackageFlagDescription) cmd := &cobra.Command{ Use: "dump", Short: "Dump package assets", Long: dumpLongDescription, } - cmd.PersistentFlags().StringP(cobraext.PackageFlagName, cobraext.PackageFlagShorthand, "", cobraext.PackageFlagDescription) - cmd.MarkFlagRequired(cobraext.PackageFlagName) // TODO: required for dumping agent policies? + // cmd.PersistentFlags().StringP(cobraext.PackageFlagName, cobraext.PackageFlagShorthand, "", cobraext.PackageFlagDescription) cmd.PersistentFlags().StringP(cobraext.DumpOutputFlagName, "o", "package-dump", cobraext.DumpOutputFlagDescription) cmd.AddCommand(dumpInstalledObjectsCmd) From c175000057c696969418fe77625d83a8c1d477e6 Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Date: Thu, 23 Jun 2022 13:21:45 +0200 Subject: [PATCH 08/27] Add pagination support to list all agent policies --- internal/kibana/policies.go | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/internal/kibana/policies.go b/internal/kibana/policies.go index 5ee94e294..3265d0d3c 100644 --- a/internal/kibana/policies.go +++ b/internal/kibana/policies.go @@ -96,24 +96,37 @@ func (c *Client) GetRawPolicy(policyID string) (json.RawMessage, error) { // ListRawPolicy fetches all the Policies in the Ingest Manager. func (c *Client) ListRawPolicy() ([]json.RawMessage, error) { - statusCode, respBody, err := c.get(fmt.Sprintf("%s/agent_policies?full=true", FleetAPI)) - if err != nil { - return nil, errors.Wrap(err, "could not get policy") + itemsRetrieved := 0 + currentPage := 1 + var items []json.RawMessage + var resp struct { + Items []json.RawMessage `json:"items"` + Total int `json:"total"` + Page int `json:"page"` + PerPage int `json:"perPage"` } - if statusCode != http.StatusOK { - return nil, fmt.Errorf("could not get policy; API status code = %d; response body = %s", statusCode, respBody) - } + for finished := false; !finished; finished = itemsRetrieved == resp.Total { + statusCode, respBody, err := c.get(fmt.Sprintf("%s/agent_policies?full=true&page=%d&perPage=1", FleetAPI, currentPage)) + fmt.Printf("Querying currentPage %d\n", currentPage) + if err != nil { + return nil, errors.Wrap(err, "could not get policies") + } - var resp struct { - Items []json.RawMessage `json:"items"` - } + if statusCode != http.StatusOK { + return nil, fmt.Errorf("could not get policies; API status code = %d; response body = %s", statusCode, respBody) + } - if err := json.Unmarshal(respBody, &resp); err != nil { - return nil, errors.Wrap(err, "could not convert policy (response) to JSON") + if err := json.Unmarshal(respBody, &resp); err != nil { + return nil, errors.Wrap(err, "could not convert policies (response) to JSON") + } + + itemsRetrieved += len(resp.Items) + currentPage += 1 + items = append(items, resp.Items...) } - return resp.Items, nil + return items, nil } // DeletePolicy removes the given Policy from the Ingest Manager. From 62e51fc25d0eda23a69e18aefd41a8a9766229e4 Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Date: Thu, 23 Jun 2022 13:24:34 +0200 Subject: [PATCH 09/27] Remove debug statements --- cmd/dump.go | 1 - internal/kibana/policies.go | 1 - 2 files changed, 2 deletions(-) diff --git a/cmd/dump.go b/cmd/dump.go index b6a69085f..f015b3d64 100644 --- a/cmd/dump.go +++ b/cmd/dump.go @@ -53,7 +53,6 @@ func setupDumpCommand() *cobraext.Command { Short: "Dump package assets", Long: dumpLongDescription, } - // cmd.PersistentFlags().StringP(cobraext.PackageFlagName, cobraext.PackageFlagShorthand, "", cobraext.PackageFlagDescription) cmd.PersistentFlags().StringP(cobraext.DumpOutputFlagName, "o", "package-dump", cobraext.DumpOutputFlagDescription) cmd.AddCommand(dumpInstalledObjectsCmd) diff --git a/internal/kibana/policies.go b/internal/kibana/policies.go index 3265d0d3c..ebdbd06a5 100644 --- a/internal/kibana/policies.go +++ b/internal/kibana/policies.go @@ -108,7 +108,6 @@ func (c *Client) ListRawPolicy() ([]json.RawMessage, error) { for finished := false; !finished; finished = itemsRetrieved == resp.Total { statusCode, respBody, err := c.get(fmt.Sprintf("%s/agent_policies?full=true&page=%d&perPage=1", FleetAPI, currentPage)) - fmt.Printf("Querying currentPage %d\n", currentPage) if err != nil { return nil, errors.Wrap(err, "could not get policies") } From 80a61b0d2ffe711909981c293d6b9a3185b0fbe6 Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Date: Thu, 23 Jun 2022 16:13:25 +0200 Subject: [PATCH 10/27] Changes from review --- cmd/dump.go | 14 +++++++++----- internal/dump/agentpolicies.go | 21 +++++++-------------- internal/kibana/policies.go | 2 +- 3 files changed, 17 insertions(+), 20 deletions(-) diff --git a/cmd/dump.go b/cmd/dump.go index f015b3d64..b69c8502b 100644 --- a/cmd/dump.go +++ b/cmd/dump.go @@ -5,6 +5,8 @@ package cmd import ( + "fmt" + "github.com/pkg/errors" "github.com/spf13/cobra" @@ -124,16 +126,18 @@ func dumpAgentPoliciesCmdAction(cmd *cobra.Command, args []string) error { } switch { + case agentPolicy != "" && packageName != "": + return fmt.Errorf("agent-policy and package parameters cannot be set at the same time") case agentPolicy != "": - dumper := dump.NewAgentPoliciesDumper(kibanaClient, &agentPolicy) - err = dumper.DumpAgentPolicy(cmd.Context(), outputPath) + dumper := dump.NewAgentPoliciesDumper(kibanaClient) + err = dumper.DumpByName(cmd.Context(), outputPath, agentPolicy) if err != nil { return errors.Wrap(err, "dump failed") } cmd.Printf("Dumped agent policy %s to %s\n", agentPolicy, outputPath) case packageName != "": - dumper := dump.NewAgentPoliciesDumper(kibanaClient, nil) - count, err := dumper.DumpAgentPoliciesFileteredByPackage(cmd.Context(), packageName, outputPath) + dumper := dump.NewAgentPoliciesDumper(kibanaClient) + count, err := dumper.DumpByPackage(cmd.Context(), outputPath, packageName) if err != nil { return errors.Wrap(err, "dump failed") } @@ -143,7 +147,7 @@ func dumpAgentPoliciesCmdAction(cmd *cobra.Command, args []string) error { cmd.Printf("No agent policies were found filtering by package name %s\n", packageName) } default: - dumper := dump.NewAgentPoliciesDumper(kibanaClient, nil) + dumper := dump.NewAgentPoliciesDumper(kibanaClient) count, err := dumper.DumpAll(cmd.Context(), outputPath) if err != nil { return errors.Wrap(err, "dump failed") diff --git a/internal/dump/agentpolicies.go b/internal/dump/agentpolicies.go index 5e1cbff64..7646dba1f 100644 --- a/internal/dump/agentpolicies.go +++ b/internal/dump/agentpolicies.go @@ -17,7 +17,6 @@ import ( const AgentPoliciesDumpDir = "agent_policies" type AgentPoliciesDumper struct { - name *string client *kibana.Client policies []AgentPolicy @@ -36,33 +35,27 @@ func (p AgentPolicy) JSON() []byte { return p.raw } -func NewAgentPoliciesDumper(client *kibana.Client, agentPolicy *string) *AgentPoliciesDumper { - if agentPolicy != nil { - return &AgentPoliciesDumper{ - name: agentPolicy, - client: client, - } - } +func NewAgentPoliciesDumper(client *kibana.Client) *AgentPoliciesDumper { return &AgentPoliciesDumper{ client: client, } } -func (d *AgentPoliciesDumper) getAgentPolicy(ctx context.Context) (*AgentPolicy, error) { +func (d *AgentPoliciesDumper) getAgentPolicy(ctx context.Context, name string) (*AgentPolicy, error) { if len(d.policies) == 0 { - policy, err := d.client.GetRawPolicy(*d.name) + policy, err := d.client.GetRawPolicy(name) if err != nil { return nil, err } - d.policies = append(d.policies, AgentPolicy{name: *d.name, raw: policy}) + d.policies = append(d.policies, AgentPolicy{name: name, raw: policy}) } return &d.policies[0], nil } -func (d *AgentPoliciesDumper) DumpAgentPolicy(ctx context.Context, dir string) error { +func (d *AgentPoliciesDumper) DumpByName(ctx context.Context, dir, name string) error { d.policies = nil - agentPolicy, err := d.getAgentPolicy(ctx) + agentPolicy, err := d.getAgentPolicy(ctx, name) if err != nil { return fmt.Errorf("failed to get agent policy: %w", err) } @@ -164,7 +157,7 @@ func (d *AgentPoliciesDumper) DumpAll(ctx context.Context, dir string) (count in return len(agentPolicies), nil } -func (d *AgentPoliciesDumper) DumpAgentPoliciesFileteredByPackage(ctx context.Context, packageName, dir string) (count int, err error) { +func (d *AgentPoliciesDumper) DumpByPackage(ctx context.Context, dir, packageName string) (count int, err error) { d.policies = nil agentPolicies, err := d.getAgentPoliciesFilteredByPackage(ctx, packageName) if err != nil { diff --git a/internal/kibana/policies.go b/internal/kibana/policies.go index ebdbd06a5..a124d2c03 100644 --- a/internal/kibana/policies.go +++ b/internal/kibana/policies.go @@ -107,7 +107,7 @@ func (c *Client) ListRawPolicy() ([]json.RawMessage, error) { } for finished := false; !finished; finished = itemsRetrieved == resp.Total { - statusCode, respBody, err := c.get(fmt.Sprintf("%s/agent_policies?full=true&page=%d&perPage=1", FleetAPI, currentPage)) + statusCode, respBody, err := c.get(fmt.Sprintf("%s/agent_policies?full=true&page=%d", FleetAPI, currentPage)) if err != nil { return nil, errors.Wrap(err, "could not get policies") } From 898f15f22a9f7afe249be7a96fa4cfbeba4dffc0 Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Date: Thu, 23 Jun 2022 18:01:18 +0200 Subject: [PATCH 11/27] Rename dumpInstalledObject to be more generic --- internal/dump/agentpolicies.go | 6 +++--- internal/dump/installedobjects.go | 10 +++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/internal/dump/agentpolicies.go b/internal/dump/agentpolicies.go index 7646dba1f..b789c8932 100644 --- a/internal/dump/agentpolicies.go +++ b/internal/dump/agentpolicies.go @@ -61,7 +61,7 @@ func (d *AgentPoliciesDumper) DumpByName(ctx context.Context, dir, name string) } dir = filepath.Join(dir, AgentPoliciesDumpDir) - err = dumpInstalledObject(dir, agentPolicy) + err = dumpJSONResource(dir, agentPolicy) if err != nil { return fmt.Errorf("failed to dump agent policy %s: %w", agentPolicy.Name(), err) } @@ -149,7 +149,7 @@ func (d *AgentPoliciesDumper) DumpAll(ctx context.Context, dir string) (count in dir = filepath.Join(dir, AgentPoliciesDumpDir) for _, agentPolicy := range agentPolicies { - err := dumpInstalledObject(dir, agentPolicy) + err := dumpJSONResource(dir, agentPolicy) if err != nil { return 0, fmt.Errorf("failed to dump agent policy %s: %w", agentPolicy.Name(), err) } @@ -166,7 +166,7 @@ func (d *AgentPoliciesDumper) DumpByPackage(ctx context.Context, dir, packageNam dir = filepath.Join(dir, AgentPoliciesDumpDir) for _, agentPolicy := range agentPolicies { - err := dumpInstalledObject(dir, agentPolicy) + err := dumpJSONResource(dir, agentPolicy) if err != nil { return 0, fmt.Errorf("failed to dump agent policy %s: %w", agentPolicy.Name(), err) } diff --git a/internal/dump/installedobjects.go b/internal/dump/installedobjects.go index c3f099410..f2de84001 100644 --- a/internal/dump/installedobjects.go +++ b/internal/dump/installedobjects.go @@ -77,7 +77,7 @@ type DumpableInstalledObject interface { JSON() []byte } -func dumpInstalledObject(dir string, object DumpableInstalledObject) error { +func dumpJSONResource(dir string, object DumpableInstalledObject) error { if err := os.MkdirAll(dir, 0755); err != nil { return fmt.Errorf("failed to create dump directory: %w", err) } @@ -110,7 +110,7 @@ func (e *InstalledObjectsDumper) dumpIndexTemplates(ctx context.Context, dir str dir = filepath.Join(dir, IndexTemplatesDumpDir) for i, t := range indexTemplates { - err := dumpInstalledObject(dir, t) + err := dumpJSONResource(dir, t) if err != nil { return i, fmt.Errorf("failed to dump index template %s: %w", t.Name(), err) } @@ -138,7 +138,7 @@ func (e *InstalledObjectsDumper) dumpComponentTemplates(ctx context.Context, dir dir = filepath.Join(dir, ComponentTemplatesDumpDir) for i, t := range componentTemplates { - err := dumpInstalledObject(dir, t) + err := dumpJSONResource(dir, t) if err != nil { return i, fmt.Errorf("failed to dump component template %s: %w", t.Name(), err) } @@ -187,7 +187,7 @@ func (e *InstalledObjectsDumper) dumpILMPolicies(ctx context.Context, dir string dir = filepath.Join(dir, ILMPoliciesDumpDir) for i, t := range ilmPolicies { - err := dumpInstalledObject(dir, t) + err := dumpJSONResource(dir, t) if err != nil { return i, fmt.Errorf("failed to dump ILM policy %s: %w", t.Name(), err) } @@ -231,7 +231,7 @@ func (e *InstalledObjectsDumper) dumpIngestPipelines(ctx context.Context, dir st dir = filepath.Join(dir, IngestPipelinesDumpDir) for i, t := range ingestPipelines { - err := dumpInstalledObject(dir, t) + err := dumpJSONResource(dir, t) if err != nil { return i, fmt.Errorf("failed to dump ingest pipeline %s: %w", t.Name(), err) } From fb226d910c56d5e64fa55c43c83562db89c68d07 Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Date: Thu, 23 Jun 2022 18:01:44 +0200 Subject: [PATCH 12/27] Reuse agent filtering method to get all policies --- internal/dump/agentpolicies.go | 25 +++++++------------------ 1 file changed, 7 insertions(+), 18 deletions(-) diff --git a/internal/dump/agentpolicies.go b/internal/dump/agentpolicies.go index b789c8932..4d8fae1fc 100644 --- a/internal/dump/agentpolicies.go +++ b/internal/dump/agentpolicies.go @@ -70,24 +70,11 @@ func (d *AgentPoliciesDumper) DumpByName(ctx context.Context, dir, name string) func (d *AgentPoliciesDumper) getAllAgentPolicies(ctx context.Context) ([]AgentPolicy, error) { if len(d.policies) == 0 { - policies, err := d.client.ListRawPolicy() - + policies, err := d.getAgentPoliciesFilteredByPackage(ctx, "") if err != nil { return nil, err } - - var policyName struct { - ID string `json:"id"` - } - - for _, policy := range policies { - err = json.Unmarshal(policy, &policyName) - if err != nil { - return nil, fmt.Errorf("failed to get Agent Policy ID: %w", err) - } - agentPolicy := AgentPolicy{name: policyName.ID, raw: policy} - d.policies = append(d.policies, agentPolicy) - } + d.policies = policies } return d.policies, nil } @@ -128,9 +115,11 @@ func (d *AgentPoliciesDumper) getAgentPoliciesFilteredByPackage(ctx context.Cont if err != nil { return nil, fmt.Errorf("failed to get Agent Policy ID: %w", err) } - packageNames := getPackagesUsingAgentPolicy(policyPackages.PackagePolicies) - if !common.StringSliceContains(packageNames, packageName) { - continue + if packageName != "" { + packageNames := getPackagesUsingAgentPolicy(policyPackages.PackagePolicies) + if !common.StringSliceContains(packageNames, packageName) { + continue + } } agentPolicy := AgentPolicy{name: policyPackages.ID, raw: policy} From 7e17639de9eeb633e85b803616a77b143dfc6aac Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Date: Thu, 23 Jun 2022 18:04:47 +0200 Subject: [PATCH 13/27] Remove caching for agent policies --- internal/dump/agentpolicies.go | 72 +++++++++++++--------------------- 1 file changed, 28 insertions(+), 44 deletions(-) diff --git a/internal/dump/agentpolicies.go b/internal/dump/agentpolicies.go index 4d8fae1fc..0f1c2d1e5 100644 --- a/internal/dump/agentpolicies.go +++ b/internal/dump/agentpolicies.go @@ -18,8 +18,6 @@ const AgentPoliciesDumpDir = "agent_policies" type AgentPoliciesDumper struct { client *kibana.Client - - policies []AgentPolicy } type AgentPolicy struct { @@ -42,19 +40,14 @@ func NewAgentPoliciesDumper(client *kibana.Client) *AgentPoliciesDumper { } func (d *AgentPoliciesDumper) getAgentPolicy(ctx context.Context, name string) (*AgentPolicy, error) { - if len(d.policies) == 0 { - policy, err := d.client.GetRawPolicy(name) - - if err != nil { - return nil, err - } - d.policies = append(d.policies, AgentPolicy{name: name, raw: policy}) + policy, err := d.client.GetRawPolicy(name) + if err != nil { + return nil, err } - return &d.policies[0], nil + return &AgentPolicy{name: name, raw: policy}, nil } func (d *AgentPoliciesDumper) DumpByName(ctx context.Context, dir, name string) error { - d.policies = nil agentPolicy, err := d.getAgentPolicy(ctx, name) if err != nil { return fmt.Errorf("failed to get agent policy: %w", err) @@ -69,14 +62,7 @@ func (d *AgentPoliciesDumper) DumpByName(ctx context.Context, dir, name string) } func (d *AgentPoliciesDumper) getAllAgentPolicies(ctx context.Context) ([]AgentPolicy, error) { - if len(d.policies) == 0 { - policies, err := d.getAgentPoliciesFilteredByPackage(ctx, "") - if err != nil { - return nil, err - } - d.policies = policies - } - return d.policies, nil + return d.getAgentPoliciesFilteredByPackage(ctx, "") } type packagePolicy struct { @@ -98,39 +84,38 @@ func getPackagesUsingAgentPolicy(packagePolicies []packagePolicy) []string { } func (d *AgentPoliciesDumper) getAgentPoliciesFilteredByPackage(ctx context.Context, packageName string) ([]AgentPolicy, error) { - if len(d.policies) == 0 { - policies, err := d.client.ListRawPolicy() + rawPolicies, err := d.client.ListRawPolicy() - if err != nil { - return nil, err - } + if err != nil { + return nil, err + } - var policyPackages struct { - ID string `json:"id"` - PackagePolicies []packagePolicy `json:"package_policies"` - } + var policyPackages struct { + ID string `json:"id"` + PackagePolicies []packagePolicy `json:"package_policies"` + } - for _, policy := range policies { - err = json.Unmarshal(policy, &policyPackages) - if err != nil { - return nil, fmt.Errorf("failed to get Agent Policy ID: %w", err) - } - if packageName != "" { - packageNames := getPackagesUsingAgentPolicy(policyPackages.PackagePolicies) - if !common.StringSliceContains(packageNames, packageName) { - continue - } - } + var policies []AgentPolicy - agentPolicy := AgentPolicy{name: policyPackages.ID, raw: policy} - d.policies = append(d.policies, agentPolicy) + for _, policy := range rawPolicies { + err = json.Unmarshal(policy, &policyPackages) + if err != nil { + return nil, fmt.Errorf("failed to get Agent Policy ID: %w", err) } + if packageName != "" { + packageNames := getPackagesUsingAgentPolicy(policyPackages.PackagePolicies) + if !common.StringSliceContains(packageNames, packageName) { + continue + } + } + + agentPolicy := AgentPolicy{name: policyPackages.ID, raw: policy} + policies = append(policies, agentPolicy) } - return d.policies, nil + return policies, nil } func (d *AgentPoliciesDumper) DumpAll(ctx context.Context, dir string) (count int, err error) { - d.policies = nil agentPolicies, err := d.getAllAgentPolicies(ctx) if err != nil { return 0, fmt.Errorf("failed to get agent policy: %w", err) @@ -147,7 +132,6 @@ func (d *AgentPoliciesDumper) DumpAll(ctx context.Context, dir string) (count in } func (d *AgentPoliciesDumper) DumpByPackage(ctx context.Context, dir, packageName string) (count int, err error) { - d.policies = nil agentPolicies, err := d.getAgentPoliciesFilteredByPackage(ctx, packageName) if err != nil { return 0, fmt.Errorf("failed to get agent policy: %w", err) From 862883f725db51b03ad3b73e6bf48cc65f405b45 Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Date: Mon, 27 Jun 2022 10:31:02 +0200 Subject: [PATCH 14/27] Rename Ingest Manager to Fleet Check this issue for more info https://github.com/elastic/security-docs/issues/246 --- internal/kibana/policies.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/internal/kibana/policies.go b/internal/kibana/policies.go index a124d2c03..15d1fe568 100644 --- a/internal/kibana/policies.go +++ b/internal/kibana/policies.go @@ -14,7 +14,7 @@ import ( "github.com/elastic/elastic-package/internal/packages" ) -// Policy represents an Ingest Manager policy. +// Policy represents an Agent Policy in Fleet. type Policy struct { ID string `json:"id,omitempty"` Name string `json:"name"` @@ -23,7 +23,7 @@ type Policy struct { Revision int `json:"revision,omitempty"` } -// CreatePolicy persists the given Policy in the Ingest Manager. +// CreatePolicy persists the given Policy in Fleet. func (c *Client) CreatePolicy(p Policy) (*Policy, error) { reqBody, err := json.Marshal(p) if err != nil { @@ -50,7 +50,7 @@ func (c *Client) CreatePolicy(p Policy) (*Policy, error) { return &resp.Item, nil } -// GetPolicy fetches the given Policy in the Ingest Manager. +// GetPolicy fetches the given Policy in Fleet. func (c *Client) GetPolicy(policyID string) (*Policy, error) { statusCode, respBody, err := c.get(fmt.Sprintf("%s/agent_policies/%s", FleetAPI, policyID)) if err != nil { @@ -72,7 +72,7 @@ func (c *Client) GetPolicy(policyID string) (*Policy, error) { return &resp.Item, nil } -// GetRawPolicy fetches the given Policy with all the fields in the Ingest Manager. +// GetRawPolicy fetches the given Policy with all the fields in Fleet. func (c *Client) GetRawPolicy(policyID string) (json.RawMessage, error) { statusCode, respBody, err := c.get(fmt.Sprintf("%s/agent_policies/%s", FleetAPI, policyID)) if err != nil { @@ -94,7 +94,7 @@ func (c *Client) GetRawPolicy(policyID string) (json.RawMessage, error) { return resp.Item, nil } -// ListRawPolicy fetches all the Policies in the Ingest Manager. +// ListRawPolicy fetches all the Policies in Fleet. func (c *Client) ListRawPolicy() ([]json.RawMessage, error) { itemsRetrieved := 0 currentPage := 1 @@ -128,7 +128,7 @@ func (c *Client) ListRawPolicy() ([]json.RawMessage, error) { return items, nil } -// DeletePolicy removes the given Policy from the Ingest Manager. +// DeletePolicy removes the given Policy from Fleet. func (c *Client) DeletePolicy(p Policy) error { reqBody := `{ "agentPolicyId": "` + p.ID + `" }` @@ -179,7 +179,7 @@ type Input struct { } // PackageDataStream represents a request to add a single package's single data stream to a -// Policy in Ingest Manager. +// Policy in Fleet. type PackageDataStream struct { Name string `json:"name"` Description string `json:"description"` @@ -195,7 +195,7 @@ type PackageDataStream struct { } `json:"package"` } -// AddPackageDataStreamToPolicy adds a PackageDataStream to a Policy in Ingest Manager. +// AddPackageDataStreamToPolicy adds a PackageDataStream to a Policy in Fleet. func (c *Client) AddPackageDataStreamToPolicy(r PackageDataStream) error { reqBody, err := json.Marshal(r) if err != nil { From d1262359aca4fc6533c10f00bb740f4601e5f39f Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Date: Mon, 27 Jun 2022 10:44:36 +0200 Subject: [PATCH 15/27] Update dump command descriptions --- cmd/dump.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/dump.go b/cmd/dump.go index b69c8502b..000fb9bd6 100644 --- a/cmd/dump.go +++ b/cmd/dump.go @@ -16,15 +16,15 @@ import ( "github.com/elastic/elastic-package/internal/kibana" ) -const dumpLongDescription = `Use this command as a exploratory tool to dump assets relevant for the package.` +const dumpLongDescription = `Use this command as an exploratory tool to dump resources from Elastic Stack (objects installed as part of package and agent policies).` const dumpInstalledObjectsLongDescription = `Use this command to dump objects installed by Fleet as part of a package. -Use this command as a exploratory tool to dump objects as they are installed by Fleet when installing a package. Dumped objects are stored in files as they are returned by APIs of the stack, without any processing.` +Use this command as an exploratory tool to dump objects as they are installed by Fleet when installing a package. Dumped objects are stored in files as they are returned by APIs of the stack, without any processing.` const dumpAgentPoliciesLongDescription = `Use this command to dump agent policies created by Fleet as part of a package installation. -Use this command as a exploratory tool to dump agent policies as they are created by Fleet when installing a package. Dumped agent policies are stored in files as they are returned by APIs of the stack, without any processing. +Use this command as an exploratory tool to dump agent policies as they are created by Fleet when installing a package. Dumped agent policies are stored in files as they are returned by APIs of the stack, without any processing. If no flag is provided, by default this command dumps all agent policies created by Fleet. From 47fcf74bb6e7f4154fa3e5d1153f94fea69d50d7 Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Date: Mon, 27 Jun 2022 10:55:50 +0200 Subject: [PATCH 16/27] Update README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 077e76735..5952f75d1 100644 --- a/README.md +++ b/README.md @@ -126,7 +126,7 @@ For details on how to create a new package, review the [HOWTO guide](https://git _Context: global_ -Use this command as a exploratory tool to dump assets relevant for the package. +Use this command as an exploratory tool to dump resources from Elastic Stack (objects installed as part of package and agent policies). ### `elastic-package export` From c9af62300c501b26467ddcaa86834a7163271d07 Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Date: Mon, 27 Jun 2022 21:32:03 +0200 Subject: [PATCH 17/27] Added tests for agent-policies dump subcommand --- internal/dump/agentpolicies.go | 2 + internal/dump/agentpolicies_test.go | 162 +++ .../499b5aa7-d214-5b5d-838b-3cd76469844e.json | 77 ++ .../2016d7cc-135e-5583-9758-3ba01f5a06e5.json | 676 +++++++++++++ .../499b5aa7-d214-5b5d-838b-3cd76469844e.json | 78 ++ .../b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json | 931 ++++++++++++++++++ .../edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json | 931 ++++++++++++++++++ .../b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json | 931 ++++++++++++++++++ .../edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json | 931 ++++++++++++++++++ ...-499b5aa7-d214-5b5d-838b-3cd76469844e.json | 1 + ...fleet-agent_policies?full=true.page=1.json | 1 + .../agent_policies/fleet-server-policy.json | 75 ++ .../67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json | 931 ++++++++++++++++++ .../8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json | 931 ++++++++++++++++++ .../elastic-agent-managed-ep.json | 675 +++++++++++++ .../agent_policies/fleet-server-policy.json | 76 ++ .../67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json | 931 ++++++++++++++++++ .../8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json | 931 ++++++++++++++++++ ...et-agent_policies-fleet-server-policy.json | 1 + ...fleet-agent_policies?full=true.page=1.json | 1 + internal/kibana/agents.go | 4 +- internal/kibana/client.go | 2 +- internal/kibana/dashboards.go | 2 +- internal/kibana/injected_metadata.go | 2 +- internal/kibana/policies.go | 6 +- internal/kibana/saved_objects.go | 2 +- internal/kibana/test/httptest.go | 74 ++ 27 files changed, 9356 insertions(+), 9 deletions(-) create mode 100644 internal/dump/agentpolicies_test.go create mode 100644 internal/dump/testdata/fleet-7-dump/agentpolicy/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e.json create mode 100644 internal/dump/testdata/fleet-7-dump/all/agent_policies/2016d7cc-135e-5583-9758-3ba01f5a06e5.json create mode 100644 internal/dump/testdata/fleet-7-dump/all/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e.json create mode 100644 internal/dump/testdata/fleet-7-dump/all/agent_policies/b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json create mode 100644 internal/dump/testdata/fleet-7-dump/all/agent_policies/edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json create mode 100644 internal/dump/testdata/fleet-7-dump/package/agent_policies/b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json create mode 100644 internal/dump/testdata/fleet-7-dump/package/agent_policies/edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json create mode 100644 internal/dump/testdata/fleet-7-mock-dump-all/api-fleet-agent_policies-499b5aa7-d214-5b5d-838b-3cd76469844e.json create mode 100644 internal/dump/testdata/fleet-7-mock-dump-all/api-fleet-agent_policies?full=true.page=1.json create mode 100644 internal/dump/testdata/fleet-8-dump/agentpolicy/agent_policies/fleet-server-policy.json create mode 100644 internal/dump/testdata/fleet-8-dump/all/agent_policies/67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json create mode 100644 internal/dump/testdata/fleet-8-dump/all/agent_policies/8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json create mode 100644 internal/dump/testdata/fleet-8-dump/all/agent_policies/elastic-agent-managed-ep.json create mode 100644 internal/dump/testdata/fleet-8-dump/all/agent_policies/fleet-server-policy.json create mode 100644 internal/dump/testdata/fleet-8-dump/package/agent_policies/67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json create mode 100644 internal/dump/testdata/fleet-8-dump/package/agent_policies/8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json create mode 100644 internal/dump/testdata/fleet-8-mock-dump-all/api-fleet-agent_policies-fleet-server-policy.json create mode 100644 internal/dump/testdata/fleet-8-mock-dump-all/api-fleet-agent_policies?full=true.page=1.json create mode 100644 internal/kibana/test/httptest.go diff --git a/internal/dump/agentpolicies.go b/internal/dump/agentpolicies.go index 0f1c2d1e5..71cf889db 100644 --- a/internal/dump/agentpolicies.go +++ b/internal/dump/agentpolicies.go @@ -16,6 +16,7 @@ import ( const AgentPoliciesDumpDir = "agent_policies" +// AgentPoliciesDumper discovers and dumps agent policies in Fleet type AgentPoliciesDumper struct { client *kibana.Client } @@ -33,6 +34,7 @@ func (p AgentPolicy) JSON() []byte { return p.raw } +// NewAgentPoliciesDumper creates an AgentPoliciesDumper func NewAgentPoliciesDumper(client *kibana.Client) *AgentPoliciesDumper { return &AgentPoliciesDumper{ client: client, diff --git a/internal/dump/agentpolicies_test.go b/internal/dump/agentpolicies_test.go new file mode 100644 index 000000000..418d77b46 --- /dev/null +++ b/internal/dump/agentpolicies_test.go @@ -0,0 +1,162 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package dump + +import ( + "context" + "errors" + "os" + "testing" + + "github.com/stretchr/testify/suite" + + "github.com/elastic/elastic-package/internal/kibana" + kibtest "github.com/elastic/elastic-package/internal/kibana/test" +) + +func TestDumpAgentPolicies(t *testing.T) { + // Files for each suite are recorded automatically on first test run. + // To add a new suite: + // - Configure it here. + // - Add the needed agent policies or add new integrations in new or existing agent policies in a running stack. + // - Configure environment variables for this stack (eval "$(elastic-package stack shellinit)"). + // - Run tests. + // - Check that recorded files make sense and commit them. + suites := []*agentPoliciesDumpSuite{ + &agentPoliciesDumpSuite{ + AgentPolicy: "499b5aa7-d214-5b5d-838b-3cd76469844e", + PackageName: "nginx", + RecordDir: "./testdata/fleet-7-mock-dump-all", + DumpDirAll: "./testdata/fleet-7-dump/all", + DumpDirPackage: "./testdata/fleet-7-dump/package", + DumpDirAgentPolicy: "./testdata/fleet-7-dump/agentpolicy", + }, + &agentPoliciesDumpSuite{ + AgentPolicy: "fleet-server-policy", + PackageName: "nginx", + RecordDir: "./testdata/fleet-8-mock-dump-all", + DumpDirAll: "./testdata/fleet-8-dump/all", + DumpDirPackage: "./testdata/fleet-8-dump/package", + DumpDirAgentPolicy: "./testdata/fleet-8-dump/agentpolicy", + }, + } + + for _, s := range suites { + suite.Run(t, s) + } +} + +type agentPoliciesDumpSuite struct { + suite.Suite + + // PackageName is the name of the package to filter agent policies. + AgentPolicy string + + // AgentPolicy is the name of the agent policy to look for. + PackageName string + + // RecordDir is where responses from Kibana are recorded. + RecordDir string + + // DumpDirAll is where the expected dumped files are stored when looking for all agent policies. + DumpDirAll string + + // DumpDirPackage is where the expected dumped files are stored when filtering by package the agent policies. + DumpDirPackage string + + // DumpDirAgentPolicy is where the expected dumped files are stored when looking for a specific agent policy. + DumpDirAgentPolicy string +} + +func (s *agentPoliciesDumpSuite) SetupTest() { + _, err := os.Stat(s.DumpDirAll) + if errors.Is(err, os.ErrNotExist) { + client, err := kibana.NewClient() + s.Require().NoError(err) + + dumper := NewAgentPoliciesDumper(client) + n, err := dumper.DumpAll(context.Background(), s.DumpDirAll) + s.Require().NoError(err) + s.Require().Greater(n, 0) + } else { + s.Require().NoError(err) + } + + _, err = os.Stat(s.DumpDirPackage) + if errors.Is(err, os.ErrNotExist) { + client, err := kibana.NewClient() + s.Require().NoError(err) + + dumper := NewAgentPoliciesDumper(client) + n, err := dumper.DumpByPackage(context.Background(), s.DumpDirPackage, s.PackageName) + s.Require().NoError(err) + s.Require().Greater(n, 0) + } else { + s.Require().NoError(err) + } + + _, err = os.Stat(s.DumpDirAgentPolicy) + if errors.Is(err, os.ErrNotExist) { + client, err := kibana.NewClient() + s.Require().NoError(err) + + dumper := NewAgentPoliciesDumper(client) + err = dumper.DumpByName(context.Background(), s.DumpDirAgentPolicy, s.AgentPolicy) + s.Require().NoError(err) + } else { + s.Require().NoError(err) + } +} + +func (s *agentPoliciesDumpSuite) TestDumpAll() { + client := kibtest.KibanaClient(s.T(), s.RecordDir) + + outputDir := s.T().TempDir() + dumper := NewAgentPoliciesDumper(client) + n, err := dumper.DumpAll(context.Background(), outputDir) + s.Require().NoError(err) + + filesExpected := countFiles(s.T(), s.DumpDirAll) + s.Assert().Equal(filesExpected, n) + + filesFound := countFiles(s.T(), outputDir) + s.Assert().Equal(filesExpected, filesFound) + + assertEqualDumps(s.T(), s.DumpDirAll, outputDir) +} + +func (s *agentPoliciesDumpSuite) TestDumpByPackage() { + client := kibtest.KibanaClient(s.T(), s.RecordDir) + + outputDir := s.T().TempDir() + dumper := NewAgentPoliciesDumper(client) + n, err := dumper.DumpByPackage(context.Background(), outputDir, s.PackageName) + s.Require().NoError(err) + + filesExpected := countFiles(s.T(), s.DumpDirPackage) + s.Assert().Equal(filesExpected, n) + + filesFound := countFiles(s.T(), outputDir) + s.Assert().Equal(filesExpected, filesFound) + + assertEqualDumps(s.T(), s.DumpDirPackage, outputDir) +} + +func (s *agentPoliciesDumpSuite) TestDumpByName() { + client := kibtest.KibanaClient(s.T(), s.RecordDir) + + outputDir := s.T().TempDir() + dumper := NewAgentPoliciesDumper(client) + err := dumper.DumpByName(context.Background(), outputDir, s.AgentPolicy) + s.Require().NoError(err) + + filesExpected := countFiles(s.T(), s.DumpDirAgentPolicy) + s.Assert().Equal(filesExpected, 1) + + filesFound := countFiles(s.T(), outputDir) + s.Assert().Equal(filesExpected, filesFound) + + assertEqualDumps(s.T(), s.DumpDirAgentPolicy, outputDir) +} diff --git a/internal/dump/testdata/fleet-7-dump/agentpolicy/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e.json b/internal/dump/testdata/fleet-7-dump/agentpolicy/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e.json new file mode 100644 index 000000000..e76912f49 --- /dev/null +++ b/internal/dump/testdata/fleet-7-dump/agentpolicy/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e.json @@ -0,0 +1,77 @@ +{ + "id": "499b5aa7-d214-5b5d-838b-3cd76469844e", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "name": "Default Fleet Server policy", + "description": "Default Fleet Server agent policy created by Kibana", + "is_default": false, + "is_default_fleet_server": true, + "is_preconfigured": true, + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T19:19:42.793Z", + "updated_by": "system", + "package_policies": [ + { + "id": "default-fleet-server-agent-policy", + "version": "WzYxOSwxXQ==", + "name": "fleet_server-1", + "namespace": "default", + "package": { + "name": "fleet_server", + "title": "Fleet Server", + "version": "1.2.0" + }, + "enabled": true, + "policy_id": "499b5aa7-d214-5b5d-838b-3cd76469844e", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "fleet-server", + "policy_template": "fleet_server", + "enabled": true, + "streams": [], + "vars": { + "host": { + "value": [ + "0.0.0.0" + ], + "type": "text" + }, + "port": { + "value": [ + 8220 + ], + "type": "integer" + }, + "max_agents": { + "type": "integer" + }, + "max_connections": { + "type": "integer" + }, + "custom": { + "value": "", + "type": "yaml" + } + }, + "compiled_input": { + "server": { + "port": 8220, + "host": "0.0.0.0" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T19:19:41.976Z", + "created_by": "system", + "updated_at": "2022-06-27T19:19:41.976Z", + "updated_by": "system" + } + ] +} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-dump/all/agent_policies/2016d7cc-135e-5583-9758-3ba01f5a06e5.json b/internal/dump/testdata/fleet-7-dump/all/agent_policies/2016d7cc-135e-5583-9758-3ba01f5a06e5.json new file mode 100644 index 000000000..006683e24 --- /dev/null +++ b/internal/dump/testdata/fleet-7-dump/all/agent_policies/2016d7cc-135e-5583-9758-3ba01f5a06e5.json @@ -0,0 +1,676 @@ +{ + "id": "2016d7cc-135e-5583-9758-3ba01f5a06e5", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "name": "Default policy", + "description": "Default agent policy created by Kibana", + "is_default": true, + "is_preconfigured": true, + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T19:19:39.755Z", + "updated_by": "system", + "package_policies": [ + { + "id": "default-system-policy", + "version": "WzYxNywxXQ==", + "name": "system-1", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.11.0" + }, + "enabled": true, + "policy_id": "2016d7cc-135e-5583-9758-3ba01f5a06e5", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-default-system-policy", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-default-system-policy", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-default-system-policy", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-default-system-policy", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-default-system-policy", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-default-system-policy" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-default-system-policy", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-default-system-policy", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-default-system-policy", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-default-system-policy", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-default-system-policy", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-default-system-policy", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-default-system-policy", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-default-system-policy", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-default-system-policy", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-default-system-policy", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-default-system-policy", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-default-system-policy" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-default-system-policy" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-default-system-policy" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T19:19:38.837Z", + "created_by": "system", + "updated_at": "2022-06-27T19:19:38.837Z", + "updated_by": "system" + } + ], + "agents": 1 +} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-dump/all/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e.json b/internal/dump/testdata/fleet-7-dump/all/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e.json new file mode 100644 index 000000000..8a268d4b8 --- /dev/null +++ b/internal/dump/testdata/fleet-7-dump/all/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e.json @@ -0,0 +1,78 @@ +{ + "id": "499b5aa7-d214-5b5d-838b-3cd76469844e", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "name": "Default Fleet Server policy", + "description": "Default Fleet Server agent policy created by Kibana", + "is_default": false, + "is_default_fleet_server": true, + "is_preconfigured": true, + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T19:19:42.793Z", + "updated_by": "system", + "package_policies": [ + { + "id": "default-fleet-server-agent-policy", + "version": "WzYxOSwxXQ==", + "name": "fleet_server-1", + "namespace": "default", + "package": { + "name": "fleet_server", + "title": "Fleet Server", + "version": "1.2.0" + }, + "enabled": true, + "policy_id": "499b5aa7-d214-5b5d-838b-3cd76469844e", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "fleet-server", + "policy_template": "fleet_server", + "enabled": true, + "streams": [], + "vars": { + "host": { + "value": [ + "0.0.0.0" + ], + "type": "text" + }, + "port": { + "value": [ + 8220 + ], + "type": "integer" + }, + "max_agents": { + "type": "integer" + }, + "max_connections": { + "type": "integer" + }, + "custom": { + "value": "", + "type": "yaml" + } + }, + "compiled_input": { + "server": { + "port": 8220, + "host": "0.0.0.0" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T19:19:41.976Z", + "created_by": "system", + "updated_at": "2022-06-27T19:19:41.976Z", + "updated_by": "system" + } + ], + "agents": 1 +} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-dump/all/agent_policies/b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json b/internal/dump/testdata/fleet-7-dump/all/agent_policies/b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json new file mode 100644 index 000000000..9dfdad45e --- /dev/null +++ b/internal/dump/testdata/fleet-7-dump/all/agent_policies/b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json @@ -0,0 +1,931 @@ +{ + "id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", + "name": "HTTP servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T19:24:39.501Z", + "updated_by": "elastic", + "package_policies": [ + { + "id": "7a0e17cf-e39e-4846-911d-c1e4322ff358", + "version": "Wzg4OSwxXQ==", + "name": "system-2", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.11.0" + }, + "enabled": true, + "policy_id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-7a0e17cf-e39e-4846-911d-c1e4322ff358" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T19:24:09.017Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:24:09.017Z", + "updated_by": "elastic" + }, + { + "id": "95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "version": "Wzk5NSwxXQ==", + "name": "nginx-http-servers-test", + "description": "", + "namespace": "default", + "policy_id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", + "enabled": true, + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + }, + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" + } + }, + "id": "nginx/metrics-nginx.stubstatus-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } + } + ], + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.3.2" + }, + "revision": 1, + "created_at": "2022-06-27T19:24:38.498Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:24:38.498Z", + "updated_by": "elastic" + } + ], + "agents": 0 +} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-dump/all/agent_policies/edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json b/internal/dump/testdata/fleet-7-dump/all/agent_policies/edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json new file mode 100644 index 000000000..3accc582b --- /dev/null +++ b/internal/dump/testdata/fleet-7-dump/all/agent_policies/edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json @@ -0,0 +1,931 @@ +{ + "id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", + "name": "Load Balancers Servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T19:26:16.891Z", + "updated_by": "elastic", + "package_policies": [ + { + "id": "0483a039-2f91-4d47-b43c-4623cadd5f27", + "version": "WzEyNTcsMV0=", + "name": "system-3", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.11.0" + }, + "enabled": true, + "policy_id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-0483a039-2f91-4d47-b43c-4623cadd5f27" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T19:25:42.095Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:25:42.095Z", + "updated_by": "elastic" + }, + { + "id": "c864461b-b8d3-48e0-b477-7954434078b5", + "version": "WzE1MTgsMV0=", + "name": "nginx-load-balancers-testt", + "description": "", + "namespace": "default", + "policy_id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", + "enabled": true, + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + }, + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" + } + }, + "id": "nginx/metrics-nginx.stubstatus-c864461b-b8d3-48e0-b477-7954434078b5", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } + } + ], + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.3.2" + }, + "revision": 1, + "created_at": "2022-06-27T19:26:16.169Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:26:16.169Z", + "updated_by": "elastic" + } + ], + "agents": 0 +} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-dump/package/agent_policies/b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json b/internal/dump/testdata/fleet-7-dump/package/agent_policies/b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json new file mode 100644 index 000000000..9dfdad45e --- /dev/null +++ b/internal/dump/testdata/fleet-7-dump/package/agent_policies/b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json @@ -0,0 +1,931 @@ +{ + "id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", + "name": "HTTP servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T19:24:39.501Z", + "updated_by": "elastic", + "package_policies": [ + { + "id": "7a0e17cf-e39e-4846-911d-c1e4322ff358", + "version": "Wzg4OSwxXQ==", + "name": "system-2", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.11.0" + }, + "enabled": true, + "policy_id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-7a0e17cf-e39e-4846-911d-c1e4322ff358" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T19:24:09.017Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:24:09.017Z", + "updated_by": "elastic" + }, + { + "id": "95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "version": "Wzk5NSwxXQ==", + "name": "nginx-http-servers-test", + "description": "", + "namespace": "default", + "policy_id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", + "enabled": true, + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + }, + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" + } + }, + "id": "nginx/metrics-nginx.stubstatus-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } + } + ], + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.3.2" + }, + "revision": 1, + "created_at": "2022-06-27T19:24:38.498Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:24:38.498Z", + "updated_by": "elastic" + } + ], + "agents": 0 +} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-dump/package/agent_policies/edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json b/internal/dump/testdata/fleet-7-dump/package/agent_policies/edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json new file mode 100644 index 000000000..3accc582b --- /dev/null +++ b/internal/dump/testdata/fleet-7-dump/package/agent_policies/edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json @@ -0,0 +1,931 @@ +{ + "id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", + "name": "Load Balancers Servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T19:26:16.891Z", + "updated_by": "elastic", + "package_policies": [ + { + "id": "0483a039-2f91-4d47-b43c-4623cadd5f27", + "version": "WzEyNTcsMV0=", + "name": "system-3", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.11.0" + }, + "enabled": true, + "policy_id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-0483a039-2f91-4d47-b43c-4623cadd5f27" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T19:25:42.095Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:25:42.095Z", + "updated_by": "elastic" + }, + { + "id": "c864461b-b8d3-48e0-b477-7954434078b5", + "version": "WzE1MTgsMV0=", + "name": "nginx-load-balancers-testt", + "description": "", + "namespace": "default", + "policy_id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", + "enabled": true, + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + }, + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" + } + }, + "id": "nginx/metrics-nginx.stubstatus-c864461b-b8d3-48e0-b477-7954434078b5", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } + } + ], + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.3.2" + }, + "revision": 1, + "created_at": "2022-06-27T19:26:16.169Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:26:16.169Z", + "updated_by": "elastic" + } + ], + "agents": 0 +} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-mock-dump-all/api-fleet-agent_policies-499b5aa7-d214-5b5d-838b-3cd76469844e.json b/internal/dump/testdata/fleet-7-mock-dump-all/api-fleet-agent_policies-499b5aa7-d214-5b5d-838b-3cd76469844e.json new file mode 100644 index 000000000..629734ee4 --- /dev/null +++ b/internal/dump/testdata/fleet-7-mock-dump-all/api-fleet-agent_policies-499b5aa7-d214-5b5d-838b-3cd76469844e.json @@ -0,0 +1 @@ +{"item":{"id":"499b5aa7-d214-5b5d-838b-3cd76469844e","namespace":"default","monitoring_enabled":["logs","metrics"],"name":"Default Fleet Server policy","description":"Default Fleet Server agent policy created by Kibana","is_default":false,"is_default_fleet_server":true,"is_preconfigured":true,"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T19:19:42.793Z","updated_by":"system","package_policies":[{"id":"default-fleet-server-agent-policy","version":"WzYxOSwxXQ==","name":"fleet_server-1","namespace":"default","package":{"name":"fleet_server","title":"Fleet Server","version":"1.2.0"},"enabled":true,"policy_id":"499b5aa7-d214-5b5d-838b-3cd76469844e","output_id":"fleet-default-output","inputs":[{"type":"fleet-server","policy_template":"fleet_server","enabled":true,"streams":[],"vars":{"host":{"value":["0.0.0.0"],"type":"text"},"port":{"value":[8220],"type":"integer"},"max_agents":{"type":"integer"},"max_connections":{"type":"integer"},"custom":{"value":"","type":"yaml"}},"compiled_input":{"server":{"port":8220,"host":"0.0.0.0"}}}],"revision":1,"created_at":"2022-06-27T19:19:41.976Z","created_by":"system","updated_at":"2022-06-27T19:19:41.976Z","updated_by":"system"}]}} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-mock-dump-all/api-fleet-agent_policies?full=true.page=1.json b/internal/dump/testdata/fleet-7-mock-dump-all/api-fleet-agent_policies?full=true.page=1.json new file mode 100644 index 000000000..61c779910 --- /dev/null +++ b/internal/dump/testdata/fleet-7-mock-dump-all/api-fleet-agent_policies?full=true.page=1.json @@ -0,0 +1 @@ +{"items":[{"id":"edf437d0-f64e-11ec-acb0-0b2e9206fdb0","name":"Load Balancers Servers","description":"","namespace":"default","monitoring_enabled":["logs","metrics"],"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T19:26:16.891Z","updated_by":"elastic","package_policies":[{"id":"0483a039-2f91-4d47-b43c-4623cadd5f27","version":"WzEyNTcsMV0=","name":"system-3","namespace":"default","package":{"name":"system","title":"System","version":"1.11.0"},"enabled":true,"policy_id":"edf437d0-f64e-11ec-acb0-0b2e9206fdb0","output_id":"fleet-default-output","inputs":[{"type":"logfile","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.auth"},"vars":{"paths":{"value":["/var/log/auth.log*","/var/log/secure*"],"type":"text"}},"id":"logfile-system.auth-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"paths":["/var/log/auth.log*","/var/log/secure*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.syslog"},"vars":{"paths":{"value":["/var/log/messages*","/var/log/syslog*"],"type":"text"}},"id":"logfile-system.syslog-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"paths":["/var/log/messages*","/var/log/syslog*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"winlog","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"name":"Application","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"name":"Security","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"name":"System","condition":"${host.platform} == 'windows'","ignore_older":"72h"}}]},{"type":"system/metrics","policy_template":"system","enabled":true,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"system.core"},"vars":{"period":{"value":"10s","type":"text"},"core.metrics":{"value":["percentages"],"type":"text"}},"id":"system/metrics-system.core-0483a039-2f91-4d47-b43c-4623cadd5f27"},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.cpu"},"vars":{"period":{"value":"10s","type":"text"},"cpu.metrics":{"value":["percentages","normalized_percentages"],"type":"text"}},"id":"system/metrics-system.cpu-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["cpu"],"cpu.metrics":["percentages","normalized_percentages"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.diskio"},"vars":{"period":{"value":"10s","type":"text"},"diskio.include_devices":{"value":[],"type":"text"}},"id":"system/metrics-system.diskio-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["diskio"],"diskio.include_devices":null,"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.filesystem"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"},"filesystem.ignore_types":{"value":[],"type":"text"}},"id":"system/metrics-system.filesystem-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["filesystem"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.filesystem.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.fsstat"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"}},"id":"system/metrics-system.fsstat-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["fsstat"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.fsstat.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.load"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.load-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["load"],"condition":"${host.platform} != 'windows'","period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.memory"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.memory-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["memory"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.network"},"vars":{"period":{"value":"10s","type":"text"},"network.interfaces":{"value":[],"type":"text"}},"id":"system/metrics-system.network-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["network"],"period":"10s","network.interfaces":null}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process"},"vars":{"period":{"value":"10s","type":"text"},"process.include_top_n.by_cpu":{"value":5,"type":"integer"},"process.include_top_n.by_memory":{"value":5,"type":"integer"},"process.cmdline.cache.enabled":{"value":true,"type":"bool"},"process.cgroups.enabled":{"value":false,"type":"bool"},"process.env.whitelist":{"value":[],"type":"text"},"process.include_cpu_ticks":{"value":false,"type":"bool"},"processes":{"value":[".*"],"type":"text"}},"id":"system/metrics-system.process-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["process"],"period":"10s","process.include_top_n.by_cpu":5,"process.include_top_n.by_memory":5,"process.cmdline.cache.enabled":true,"process.cgroups.enabled":false,"process.include_cpu_ticks":false,"processes":[".*"]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process.summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.process.summary-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["process_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.socket_summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.socket_summary-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["socket_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.uptime"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.uptime-0483a039-2f91-4d47-b43c-4623cadd5f27","compiled_stream":{"metricsets":["uptime"],"period":"10s"}}],"vars":{"system.hostfs":{"type":"text"}}},{"type":"httpjson","policy_template":"system","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Application\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Security\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:System\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"preserve_original_event":{"value":false,"type":"bool"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}}],"revision":1,"created_at":"2022-06-27T19:25:42.095Z","created_by":"elastic","updated_at":"2022-06-27T19:25:42.095Z","updated_by":"elastic"},{"id":"c864461b-b8d3-48e0-b477-7954434078b5","version":"WzE1MTgsMV0=","name":"nginx-load-balancers-testt","description":"","namespace":"default","policy_id":"edf437d0-f64e-11ec-acb0-0b2e9206fdb0","enabled":true,"output_id":"","inputs":[{"type":"logfile","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"paths":{"value":["/var/log/nginx/access.log*"],"type":"text"},"tags":{"value":["nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5","compiled_stream":{"paths":["/var/log/nginx/access.log*"],"tags":["nginx-access"],"exclude_files":[".gz$"],"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"paths":{"value":["/var/log/nginx/error.log*"],"type":"text"},"tags":{"value":["nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5","compiled_stream":{"paths":["/var/log/nginx/error.log*"],"tags":["nginx-error"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\d{4}\\/\\d{2}\\/\\d{2} ","negate":true,"match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"httpjson","policy_template":"nginx","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:access","type":"text"},"tags":{"value":["forwarded","nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5"},{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:error","type":"text"},"tags":{"value":["forwarded","nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}},{"type":"nginx/metrics","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"nginx.stubstatus"},"vars":{"period":{"value":"10s","type":"text"},"server_status_path":{"value":"/nginx_status","type":"text"}},"id":"nginx/metrics-nginx.stubstatus-c864461b-b8d3-48e0-b477-7954434078b5","compiled_stream":{"metricsets":["stubstatus"],"hosts":["http://127.0.0.1:80"],"period":"10s","server_status_path":"/nginx_status"}}],"vars":{"hosts":{"value":["http://127.0.0.1:80"],"type":"text"}}}],"package":{"name":"nginx","title":"Nginx","version":"1.3.2"},"revision":1,"created_at":"2022-06-27T19:26:16.169Z","created_by":"elastic","updated_at":"2022-06-27T19:26:16.169Z","updated_by":"elastic"}],"agents":0},{"id":"b57023b0-f64e-11ec-acb0-0b2e9206fdb0","name":"HTTP servers","description":"","namespace":"default","monitoring_enabled":["logs","metrics"],"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T19:24:39.501Z","updated_by":"elastic","package_policies":[{"id":"7a0e17cf-e39e-4846-911d-c1e4322ff358","version":"Wzg4OSwxXQ==","name":"system-2","namespace":"default","package":{"name":"system","title":"System","version":"1.11.0"},"enabled":true,"policy_id":"b57023b0-f64e-11ec-acb0-0b2e9206fdb0","output_id":"fleet-default-output","inputs":[{"type":"logfile","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.auth"},"vars":{"paths":{"value":["/var/log/auth.log*","/var/log/secure*"],"type":"text"}},"id":"logfile-system.auth-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"paths":["/var/log/auth.log*","/var/log/secure*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.syslog"},"vars":{"paths":{"value":["/var/log/messages*","/var/log/syslog*"],"type":"text"}},"id":"logfile-system.syslog-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"paths":["/var/log/messages*","/var/log/syslog*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"winlog","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"name":"Application","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"name":"Security","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"name":"System","condition":"${host.platform} == 'windows'","ignore_older":"72h"}}]},{"type":"system/metrics","policy_template":"system","enabled":true,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"system.core"},"vars":{"period":{"value":"10s","type":"text"},"core.metrics":{"value":["percentages"],"type":"text"}},"id":"system/metrics-system.core-7a0e17cf-e39e-4846-911d-c1e4322ff358"},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.cpu"},"vars":{"period":{"value":"10s","type":"text"},"cpu.metrics":{"value":["percentages","normalized_percentages"],"type":"text"}},"id":"system/metrics-system.cpu-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["cpu"],"cpu.metrics":["percentages","normalized_percentages"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.diskio"},"vars":{"period":{"value":"10s","type":"text"},"diskio.include_devices":{"value":[],"type":"text"}},"id":"system/metrics-system.diskio-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["diskio"],"diskio.include_devices":null,"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.filesystem"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"},"filesystem.ignore_types":{"value":[],"type":"text"}},"id":"system/metrics-system.filesystem-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["filesystem"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.filesystem.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.fsstat"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"}},"id":"system/metrics-system.fsstat-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["fsstat"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.fsstat.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.load"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.load-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["load"],"condition":"${host.platform} != 'windows'","period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.memory"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.memory-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["memory"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.network"},"vars":{"period":{"value":"10s","type":"text"},"network.interfaces":{"value":[],"type":"text"}},"id":"system/metrics-system.network-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["network"],"period":"10s","network.interfaces":null}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process"},"vars":{"period":{"value":"10s","type":"text"},"process.include_top_n.by_cpu":{"value":5,"type":"integer"},"process.include_top_n.by_memory":{"value":5,"type":"integer"},"process.cmdline.cache.enabled":{"value":true,"type":"bool"},"process.cgroups.enabled":{"value":false,"type":"bool"},"process.env.whitelist":{"value":[],"type":"text"},"process.include_cpu_ticks":{"value":false,"type":"bool"},"processes":{"value":[".*"],"type":"text"}},"id":"system/metrics-system.process-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["process"],"period":"10s","process.include_top_n.by_cpu":5,"process.include_top_n.by_memory":5,"process.cmdline.cache.enabled":true,"process.cgroups.enabled":false,"process.include_cpu_ticks":false,"processes":[".*"]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process.summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.process.summary-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["process_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.socket_summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.socket_summary-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["socket_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.uptime"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.uptime-7a0e17cf-e39e-4846-911d-c1e4322ff358","compiled_stream":{"metricsets":["uptime"],"period":"10s"}}],"vars":{"system.hostfs":{"type":"text"}}},{"type":"httpjson","policy_template":"system","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Application\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Security\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:System\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"preserve_original_event":{"value":false,"type":"bool"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}}],"revision":1,"created_at":"2022-06-27T19:24:09.017Z","created_by":"elastic","updated_at":"2022-06-27T19:24:09.017Z","updated_by":"elastic"},{"id":"95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4","version":"Wzk5NSwxXQ==","name":"nginx-http-servers-test","description":"","namespace":"default","policy_id":"b57023b0-f64e-11ec-acb0-0b2e9206fdb0","enabled":true,"output_id":"","inputs":[{"type":"logfile","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"paths":{"value":["/var/log/nginx/access.log*"],"type":"text"},"tags":{"value":["nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4","compiled_stream":{"paths":["/var/log/nginx/access.log*"],"tags":["nginx-access"],"exclude_files":[".gz$"],"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"paths":{"value":["/var/log/nginx/error.log*"],"type":"text"},"tags":{"value":["nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4","compiled_stream":{"paths":["/var/log/nginx/error.log*"],"tags":["nginx-error"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\d{4}\\/\\d{2}\\/\\d{2} ","negate":true,"match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"httpjson","policy_template":"nginx","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:access","type":"text"},"tags":{"value":["forwarded","nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4"},{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:error","type":"text"},"tags":{"value":["forwarded","nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}},{"type":"nginx/metrics","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"nginx.stubstatus"},"vars":{"period":{"value":"10s","type":"text"},"server_status_path":{"value":"/nginx_status","type":"text"}},"id":"nginx/metrics-nginx.stubstatus-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4","compiled_stream":{"metricsets":["stubstatus"],"hosts":["http://127.0.0.1:80"],"period":"10s","server_status_path":"/nginx_status"}}],"vars":{"hosts":{"value":["http://127.0.0.1:80"],"type":"text"}}}],"package":{"name":"nginx","title":"Nginx","version":"1.3.2"},"revision":1,"created_at":"2022-06-27T19:24:38.498Z","created_by":"elastic","updated_at":"2022-06-27T19:24:38.498Z","updated_by":"elastic"}],"agents":0},{"id":"499b5aa7-d214-5b5d-838b-3cd76469844e","namespace":"default","monitoring_enabled":["logs","metrics"],"name":"Default Fleet Server policy","description":"Default Fleet Server agent policy created by Kibana","is_default":false,"is_default_fleet_server":true,"is_preconfigured":true,"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T19:19:42.793Z","updated_by":"system","package_policies":[{"id":"default-fleet-server-agent-policy","version":"WzYxOSwxXQ==","name":"fleet_server-1","namespace":"default","package":{"name":"fleet_server","title":"Fleet Server","version":"1.2.0"},"enabled":true,"policy_id":"499b5aa7-d214-5b5d-838b-3cd76469844e","output_id":"fleet-default-output","inputs":[{"type":"fleet-server","policy_template":"fleet_server","enabled":true,"streams":[],"vars":{"host":{"value":["0.0.0.0"],"type":"text"},"port":{"value":[8220],"type":"integer"},"max_agents":{"type":"integer"},"max_connections":{"type":"integer"},"custom":{"value":"","type":"yaml"}},"compiled_input":{"server":{"port":8220,"host":"0.0.0.0"}}}],"revision":1,"created_at":"2022-06-27T19:19:41.976Z","created_by":"system","updated_at":"2022-06-27T19:19:41.976Z","updated_by":"system"}],"agents":1},{"id":"2016d7cc-135e-5583-9758-3ba01f5a06e5","namespace":"default","monitoring_enabled":["logs","metrics"],"name":"Default policy","description":"Default agent policy created by Kibana","is_default":true,"is_preconfigured":true,"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T19:19:39.755Z","updated_by":"system","package_policies":[{"id":"default-system-policy","version":"WzYxNywxXQ==","name":"system-1","namespace":"default","package":{"name":"system","title":"System","version":"1.11.0"},"enabled":true,"policy_id":"2016d7cc-135e-5583-9758-3ba01f5a06e5","output_id":"fleet-default-output","inputs":[{"type":"logfile","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.auth"},"vars":{"paths":{"value":["/var/log/auth.log*","/var/log/secure*"],"type":"text"}},"id":"logfile-system.auth-default-system-policy","compiled_stream":{"paths":["/var/log/auth.log*","/var/log/secure*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.syslog"},"vars":{"paths":{"value":["/var/log/messages*","/var/log/syslog*"],"type":"text"}},"id":"logfile-system.syslog-default-system-policy","compiled_stream":{"paths":["/var/log/messages*","/var/log/syslog*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"winlog","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.application-default-system-policy","compiled_stream":{"name":"Application","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.security-default-system-policy","compiled_stream":{"name":"Security","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.system-default-system-policy","compiled_stream":{"name":"System","condition":"${host.platform} == 'windows'","ignore_older":"72h"}}]},{"type":"system/metrics","policy_template":"system","enabled":true,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"system.core"},"vars":{"period":{"value":"10s","type":"text"},"core.metrics":{"value":["percentages"],"type":"text"}},"id":"system/metrics-system.core-default-system-policy"},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.cpu"},"vars":{"period":{"value":"10s","type":"text"},"cpu.metrics":{"value":["percentages","normalized_percentages"],"type":"text"}},"id":"system/metrics-system.cpu-default-system-policy","compiled_stream":{"metricsets":["cpu"],"cpu.metrics":["percentages","normalized_percentages"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.diskio"},"vars":{"period":{"value":"10s","type":"text"},"diskio.include_devices":{"value":[],"type":"text"}},"id":"system/metrics-system.diskio-default-system-policy","compiled_stream":{"metricsets":["diskio"],"diskio.include_devices":null,"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.filesystem"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"},"filesystem.ignore_types":{"value":[],"type":"text"}},"id":"system/metrics-system.filesystem-default-system-policy","compiled_stream":{"metricsets":["filesystem"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.filesystem.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.fsstat"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"}},"id":"system/metrics-system.fsstat-default-system-policy","compiled_stream":{"metricsets":["fsstat"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.fsstat.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.load"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.load-default-system-policy","compiled_stream":{"metricsets":["load"],"condition":"${host.platform} != 'windows'","period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.memory"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.memory-default-system-policy","compiled_stream":{"metricsets":["memory"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.network"},"vars":{"period":{"value":"10s","type":"text"},"network.interfaces":{"value":[],"type":"text"}},"id":"system/metrics-system.network-default-system-policy","compiled_stream":{"metricsets":["network"],"period":"10s","network.interfaces":null}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process"},"vars":{"period":{"value":"10s","type":"text"},"process.include_top_n.by_cpu":{"value":5,"type":"integer"},"process.include_top_n.by_memory":{"value":5,"type":"integer"},"process.cmdline.cache.enabled":{"value":true,"type":"bool"},"process.cgroups.enabled":{"value":false,"type":"bool"},"process.env.whitelist":{"value":[],"type":"text"},"process.include_cpu_ticks":{"value":false,"type":"bool"},"processes":{"value":[".*"],"type":"text"}},"id":"system/metrics-system.process-default-system-policy","compiled_stream":{"metricsets":["process"],"period":"10s","process.include_top_n.by_cpu":5,"process.include_top_n.by_memory":5,"process.cmdline.cache.enabled":true,"process.cgroups.enabled":false,"process.include_cpu_ticks":false,"processes":[".*"]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process.summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.process.summary-default-system-policy","compiled_stream":{"metricsets":["process_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.socket_summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.socket_summary-default-system-policy","compiled_stream":{"metricsets":["socket_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.uptime"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.uptime-default-system-policy","compiled_stream":{"metricsets":["uptime"],"period":"10s"}}],"vars":{"system.hostfs":{"type":"text"}}},{"type":"httpjson","policy_template":"system","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Application\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.application-default-system-policy"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Security\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.security-default-system-policy"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:System\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.system-default-system-policy"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"preserve_original_event":{"value":false,"type":"bool"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}}],"revision":1,"created_at":"2022-06-27T19:19:38.837Z","created_by":"system","updated_at":"2022-06-27T19:19:38.837Z","updated_by":"system"}],"agents":1}],"total":4,"page":1,"perPage":20} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-dump/agentpolicy/agent_policies/fleet-server-policy.json b/internal/dump/testdata/fleet-8-dump/agentpolicy/agent_policies/fleet-server-policy.json new file mode 100644 index 000000000..3f56889e7 --- /dev/null +++ b/internal/dump/testdata/fleet-8-dump/agentpolicy/agent_policies/fleet-server-policy.json @@ -0,0 +1,75 @@ +{ + "id": "fleet-server-policy", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "name": "Fleet Server (elastic-package)", + "is_default_fleet_server": true, + "is_preconfigured": true, + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T15:31:03.382Z", + "updated_by": "system", + "package_policies": [ + { + "id": "default-fleet-server", + "version": "WzYyNCwxXQ==", + "name": "fleet_server-1", + "namespace": "default", + "package": { + "name": "fleet_server", + "title": "Fleet Server", + "version": "1.2.0" + }, + "enabled": true, + "policy_id": "fleet-server-policy", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "fleet-server", + "policy_template": "fleet_server", + "enabled": true, + "streams": [], + "vars": { + "host": { + "value": [ + "0.0.0.0" + ], + "type": "text" + }, + "port": { + "value": [ + 8220 + ], + "type": "integer" + }, + "max_agents": { + "type": "integer" + }, + "max_connections": { + "type": "integer" + }, + "custom": { + "value": "", + "type": "yaml" + } + }, + "compiled_input": { + "server": { + "port": 8220, + "host": "0.0.0.0" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T15:31:03.351Z", + "created_by": "system", + "updated_at": "2022-06-27T15:31:03.351Z", + "updated_by": "system" + } + ] +} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-dump/all/agent_policies/67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json b/internal/dump/testdata/fleet-8-dump/all/agent_policies/67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json new file mode 100644 index 000000000..d2d31e1da --- /dev/null +++ b/internal/dump/testdata/fleet-8-dump/all/agent_policies/67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json @@ -0,0 +1,931 @@ +{ + "id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", + "name": "HTTP servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T15:33:05.252Z", + "updated_by": "elastic", + "package_policies": [ + { + "id": "863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "version": "WzkyMywxXQ==", + "name": "system-2", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.16.2" + }, + "enabled": true, + "policy_id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T15:32:53.484Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:32:53.484Z", + "updated_by": "elastic" + }, + { + "id": "9be915b0-9b9b-45e2-adfc-37f18b64d468", + "version": "WzEwMjIsMV0=", + "name": "nginx-http-servers-test", + "namespace": "default", + "description": "", + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.4.0" + }, + "enabled": true, + "policy_id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + }, + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" + } + }, + "id": "nginx/metrics-nginx.stubstatus-9be915b0-9b9b-45e2-adfc-37f18b64d468", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T15:33:04.248Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:33:04.248Z", + "updated_by": "elastic" + } + ], + "agents": 0 +} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-dump/all/agent_policies/8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json b/internal/dump/testdata/fleet-8-dump/all/agent_policies/8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json new file mode 100644 index 000000000..60cbdaa91 --- /dev/null +++ b/internal/dump/testdata/fleet-8-dump/all/agent_policies/8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json @@ -0,0 +1,931 @@ +{ + "id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", + "name": "Load Balancers Servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T15:33:59.587Z", + "updated_by": "elastic", + "package_policies": [ + { + "id": "a09f2609-9e8b-4b48-998f-ce99340da027", + "version": "WzEzMjAsMV0=", + "name": "system-3", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.16.2" + }, + "enabled": true, + "policy_id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-a09f2609-9e8b-4b48-998f-ce99340da027" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-a09f2609-9e8b-4b48-998f-ce99340da027" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-a09f2609-9e8b-4b48-998f-ce99340da027" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-a09f2609-9e8b-4b48-998f-ce99340da027" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T15:33:55.519Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:33:55.519Z", + "updated_by": "elastic" + }, + { + "id": "46331ee9-90a9-4b1f-b568-98641e9bafc9", + "version": "WzEzMjIsMV0=", + "name": "nginx-load-balancers-test", + "namespace": "default", + "description": "", + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.4.0" + }, + "enabled": true, + "policy_id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + }, + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" + } + }, + "id": "nginx/metrics-nginx.stubstatus-46331ee9-90a9-4b1f-b568-98641e9bafc9", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T15:33:58.606Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:33:58.606Z", + "updated_by": "elastic" + } + ], + "agents": 0 +} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-dump/all/agent_policies/elastic-agent-managed-ep.json b/internal/dump/testdata/fleet-8-dump/all/agent_policies/elastic-agent-managed-ep.json new file mode 100644 index 000000000..ca549c5ee --- /dev/null +++ b/internal/dump/testdata/fleet-8-dump/all/agent_policies/elastic-agent-managed-ep.json @@ -0,0 +1,675 @@ +{ + "id": "elastic-agent-managed-ep", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "name": "Elastic-Agent (elastic-package)", + "is_default": true, + "is_preconfigured": true, + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T15:31:01.360Z", + "updated_by": "system", + "package_policies": [ + { + "id": "default-system", + "version": "WzYyMiwxXQ==", + "name": "system-1", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.16.2" + }, + "enabled": true, + "policy_id": "elastic-agent-managed-ep", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-default-system", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-default-system", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-default-system", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-default-system", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-default-system", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-default-system" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-default-system", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-default-system", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-default-system", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-default-system", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-default-system", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-default-system", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-default-system", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-default-system", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-default-system", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-default-system", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-default-system", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-default-system" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-default-system" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-default-system" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T15:31:00.403Z", + "created_by": "system", + "updated_at": "2022-06-27T15:31:00.403Z", + "updated_by": "system" + } + ], + "agents": 1 +} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-dump/all/agent_policies/fleet-server-policy.json b/internal/dump/testdata/fleet-8-dump/all/agent_policies/fleet-server-policy.json new file mode 100644 index 000000000..c9dcf5bcd --- /dev/null +++ b/internal/dump/testdata/fleet-8-dump/all/agent_policies/fleet-server-policy.json @@ -0,0 +1,76 @@ +{ + "id": "fleet-server-policy", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "name": "Fleet Server (elastic-package)", + "is_default_fleet_server": true, + "is_preconfigured": true, + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T15:31:03.382Z", + "updated_by": "system", + "package_policies": [ + { + "id": "default-fleet-server", + "version": "WzYyNCwxXQ==", + "name": "fleet_server-1", + "namespace": "default", + "package": { + "name": "fleet_server", + "title": "Fleet Server", + "version": "1.2.0" + }, + "enabled": true, + "policy_id": "fleet-server-policy", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "fleet-server", + "policy_template": "fleet_server", + "enabled": true, + "streams": [], + "vars": { + "host": { + "value": [ + "0.0.0.0" + ], + "type": "text" + }, + "port": { + "value": [ + 8220 + ], + "type": "integer" + }, + "max_agents": { + "type": "integer" + }, + "max_connections": { + "type": "integer" + }, + "custom": { + "value": "", + "type": "yaml" + } + }, + "compiled_input": { + "server": { + "port": 8220, + "host": "0.0.0.0" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T15:31:03.351Z", + "created_by": "system", + "updated_at": "2022-06-27T15:31:03.351Z", + "updated_by": "system" + } + ], + "agents": 1 +} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-dump/package/agent_policies/67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json b/internal/dump/testdata/fleet-8-dump/package/agent_policies/67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json new file mode 100644 index 000000000..d2d31e1da --- /dev/null +++ b/internal/dump/testdata/fleet-8-dump/package/agent_policies/67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json @@ -0,0 +1,931 @@ +{ + "id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", + "name": "HTTP servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T15:33:05.252Z", + "updated_by": "elastic", + "package_policies": [ + { + "id": "863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "version": "WzkyMywxXQ==", + "name": "system-2", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.16.2" + }, + "enabled": true, + "policy_id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T15:32:53.484Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:32:53.484Z", + "updated_by": "elastic" + }, + { + "id": "9be915b0-9b9b-45e2-adfc-37f18b64d468", + "version": "WzEwMjIsMV0=", + "name": "nginx-http-servers-test", + "namespace": "default", + "description": "", + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.4.0" + }, + "enabled": true, + "policy_id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + }, + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" + } + }, + "id": "nginx/metrics-nginx.stubstatus-9be915b0-9b9b-45e2-adfc-37f18b64d468", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T15:33:04.248Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:33:04.248Z", + "updated_by": "elastic" + } + ], + "agents": 0 +} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-dump/package/agent_policies/8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json b/internal/dump/testdata/fleet-8-dump/package/agent_policies/8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json new file mode 100644 index 000000000..60cbdaa91 --- /dev/null +++ b/internal/dump/testdata/fleet-8-dump/package/agent_policies/8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json @@ -0,0 +1,931 @@ +{ + "id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", + "name": "Load Balancers Servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T15:33:59.587Z", + "updated_by": "elastic", + "package_policies": [ + { + "id": "a09f2609-9e8b-4b48-998f-ce99340da027", + "version": "WzEzMjAsMV0=", + "name": "system-3", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.16.2" + }, + "enabled": true, + "policy_id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-a09f2609-9e8b-4b48-998f-ce99340da027" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-a09f2609-9e8b-4b48-998f-ce99340da027" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-a09f2609-9e8b-4b48-998f-ce99340da027" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-a09f2609-9e8b-4b48-998f-ce99340da027" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T15:33:55.519Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:33:55.519Z", + "updated_by": "elastic" + }, + { + "id": "46331ee9-90a9-4b1f-b568-98641e9bafc9", + "version": "WzEzMjIsMV0=", + "name": "nginx-load-balancers-test", + "namespace": "default", + "description": "", + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.4.0" + }, + "enabled": true, + "policy_id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + }, + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" + } + }, + "id": "nginx/metrics-nginx.stubstatus-46331ee9-90a9-4b1f-b568-98641e9bafc9", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T15:33:58.606Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:33:58.606Z", + "updated_by": "elastic" + } + ], + "agents": 0 +} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-mock-dump-all/api-fleet-agent_policies-fleet-server-policy.json b/internal/dump/testdata/fleet-8-mock-dump-all/api-fleet-agent_policies-fleet-server-policy.json new file mode 100644 index 000000000..65e418446 --- /dev/null +++ b/internal/dump/testdata/fleet-8-mock-dump-all/api-fleet-agent_policies-fleet-server-policy.json @@ -0,0 +1 @@ +{"item":{"id":"fleet-server-policy","namespace":"default","monitoring_enabled":["logs","metrics"],"name":"Fleet Server (elastic-package)","is_default_fleet_server":true,"is_preconfigured":true,"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T15:31:03.382Z","updated_by":"system","package_policies":[{"id":"default-fleet-server","version":"WzYyNCwxXQ==","name":"fleet_server-1","namespace":"default","package":{"name":"fleet_server","title":"Fleet Server","version":"1.2.0"},"enabled":true,"policy_id":"fleet-server-policy","output_id":"fleet-default-output","inputs":[{"type":"fleet-server","policy_template":"fleet_server","enabled":true,"streams":[],"vars":{"host":{"value":["0.0.0.0"],"type":"text"},"port":{"value":[8220],"type":"integer"},"max_agents":{"type":"integer"},"max_connections":{"type":"integer"},"custom":{"value":"","type":"yaml"}},"compiled_input":{"server":{"port":8220,"host":"0.0.0.0"}}}],"revision":1,"created_at":"2022-06-27T15:31:03.351Z","created_by":"system","updated_at":"2022-06-27T15:31:03.351Z","updated_by":"system"}]}} \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-mock-dump-all/api-fleet-agent_policies?full=true.page=1.json b/internal/dump/testdata/fleet-8-mock-dump-all/api-fleet-agent_policies?full=true.page=1.json new file mode 100644 index 000000000..7247809d6 --- /dev/null +++ b/internal/dump/testdata/fleet-8-mock-dump-all/api-fleet-agent_policies?full=true.page=1.json @@ -0,0 +1 @@ +{"items":[{"id":"8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f","name":"Load Balancers Servers","description":"","namespace":"default","monitoring_enabled":["logs","metrics"],"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T15:33:59.587Z","updated_by":"elastic","package_policies":[{"id":"a09f2609-9e8b-4b48-998f-ce99340da027","version":"WzEzMjAsMV0=","name":"system-3","namespace":"default","package":{"name":"system","title":"System","version":"1.16.2"},"enabled":true,"policy_id":"8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f","output_id":"fleet-default-output","inputs":[{"type":"logfile","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.auth"},"vars":{"paths":{"value":["/var/log/auth.log*","/var/log/secure*"],"type":"text"}},"id":"logfile-system.auth-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"paths":["/var/log/auth.log*","/var/log/secure*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.syslog"},"vars":{"paths":{"value":["/var/log/messages*","/var/log/syslog*"],"type":"text"}},"id":"logfile-system.syslog-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"paths":["/var/log/messages*","/var/log/syslog*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"winlog","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.application-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"name":"Application","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.security-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"name":"Security","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.system-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"name":"System","condition":"${host.platform} == 'windows'","ignore_older":"72h"}}]},{"type":"system/metrics","policy_template":"system","enabled":true,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"system.core"},"vars":{"period":{"value":"10s","type":"text"},"core.metrics":{"value":["percentages"],"type":"text"}},"id":"system/metrics-system.core-a09f2609-9e8b-4b48-998f-ce99340da027"},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.cpu"},"vars":{"period":{"value":"10s","type":"text"},"cpu.metrics":{"value":["percentages","normalized_percentages"],"type":"text"}},"id":"system/metrics-system.cpu-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["cpu"],"cpu.metrics":["percentages","normalized_percentages"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.diskio"},"vars":{"period":{"value":"10s","type":"text"},"diskio.include_devices":{"value":[],"type":"text"}},"id":"system/metrics-system.diskio-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["diskio"],"diskio.include_devices":null,"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.filesystem"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"},"filesystem.ignore_types":{"value":[],"type":"text"}},"id":"system/metrics-system.filesystem-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["filesystem"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.filesystem.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.fsstat"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"}},"id":"system/metrics-system.fsstat-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["fsstat"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.fsstat.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.load"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.load-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["load"],"condition":"${host.platform} != 'windows'","period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.memory"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.memory-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["memory"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.network"},"vars":{"period":{"value":"10s","type":"text"},"network.interfaces":{"value":[],"type":"text"}},"id":"system/metrics-system.network-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["network"],"period":"10s","network.interfaces":null}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process"},"vars":{"period":{"value":"10s","type":"text"},"process.include_top_n.by_cpu":{"value":5,"type":"integer"},"process.include_top_n.by_memory":{"value":5,"type":"integer"},"process.cmdline.cache.enabled":{"value":true,"type":"bool"},"process.cgroups.enabled":{"value":false,"type":"bool"},"process.env.whitelist":{"value":[],"type":"text"},"process.include_cpu_ticks":{"value":false,"type":"bool"},"processes":{"value":[".*"],"type":"text"}},"id":"system/metrics-system.process-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["process"],"period":"10s","process.include_top_n.by_cpu":5,"process.include_top_n.by_memory":5,"process.cmdline.cache.enabled":true,"process.cgroups.enabled":false,"process.include_cpu_ticks":false,"processes":[".*"]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process.summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.process.summary-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["process_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.socket_summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.socket_summary-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["socket_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.uptime"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.uptime-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["uptime"],"period":"10s"}}],"vars":{"system.hostfs":{"type":"text"}}},{"type":"httpjson","policy_template":"system","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Application\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.application-a09f2609-9e8b-4b48-998f-ce99340da027"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Security\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.security-a09f2609-9e8b-4b48-998f-ce99340da027"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:System\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.system-a09f2609-9e8b-4b48-998f-ce99340da027"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"preserve_original_event":{"value":false,"type":"bool"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}}],"revision":1,"created_at":"2022-06-27T15:33:55.519Z","created_by":"elastic","updated_at":"2022-06-27T15:33:55.519Z","updated_by":"elastic"},{"id":"46331ee9-90a9-4b1f-b568-98641e9bafc9","version":"WzEzMjIsMV0=","name":"nginx-load-balancers-test","namespace":"default","description":"","package":{"name":"nginx","title":"Nginx","version":"1.4.0"},"enabled":true,"policy_id":"8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f","output_id":"","inputs":[{"type":"logfile","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"paths":{"value":["/var/log/nginx/access.log*"],"type":"text"},"tags":{"value":["nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9","compiled_stream":{"paths":["/var/log/nginx/access.log*"],"tags":["nginx-access"],"exclude_files":[".gz$"],"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"paths":{"value":["/var/log/nginx/error.log*"],"type":"text"},"tags":{"value":["nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9","compiled_stream":{"paths":["/var/log/nginx/error.log*"],"tags":["nginx-error"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\d{4}\\/\\d{2}\\/\\d{2} ","negate":true,"match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"httpjson","policy_template":"nginx","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:access","type":"text"},"tags":{"value":["forwarded","nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9"},{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:error","type":"text"},"tags":{"value":["forwarded","nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}},{"type":"nginx/metrics","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"nginx.stubstatus"},"vars":{"period":{"value":"10s","type":"text"},"server_status_path":{"value":"/nginx_status","type":"text"}},"id":"nginx/metrics-nginx.stubstatus-46331ee9-90a9-4b1f-b568-98641e9bafc9","compiled_stream":{"metricsets":["stubstatus"],"hosts":["http://127.0.0.1:80"],"period":"10s","server_status_path":"/nginx_status"}}],"vars":{"hosts":{"value":["http://127.0.0.1:80"],"type":"text"}}}],"revision":1,"created_at":"2022-06-27T15:33:58.606Z","created_by":"elastic","updated_at":"2022-06-27T15:33:58.606Z","updated_by":"elastic"}],"agents":0},{"id":"67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f","name":"HTTP servers","description":"","namespace":"default","monitoring_enabled":["logs","metrics"],"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T15:33:05.252Z","updated_by":"elastic","package_policies":[{"id":"863e86ed-8d12-466c-a6b9-b5c3769f4f80","version":"WzkyMywxXQ==","name":"system-2","namespace":"default","package":{"name":"system","title":"System","version":"1.16.2"},"enabled":true,"policy_id":"67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f","output_id":"fleet-default-output","inputs":[{"type":"logfile","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.auth"},"vars":{"paths":{"value":["/var/log/auth.log*","/var/log/secure*"],"type":"text"}},"id":"logfile-system.auth-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"paths":["/var/log/auth.log*","/var/log/secure*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.syslog"},"vars":{"paths":{"value":["/var/log/messages*","/var/log/syslog*"],"type":"text"}},"id":"logfile-system.syslog-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"paths":["/var/log/messages*","/var/log/syslog*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"winlog","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"name":"Application","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"name":"Security","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"name":"System","condition":"${host.platform} == 'windows'","ignore_older":"72h"}}]},{"type":"system/metrics","policy_template":"system","enabled":true,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"system.core"},"vars":{"period":{"value":"10s","type":"text"},"core.metrics":{"value":["percentages"],"type":"text"}},"id":"system/metrics-system.core-863e86ed-8d12-466c-a6b9-b5c3769f4f80"},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.cpu"},"vars":{"period":{"value":"10s","type":"text"},"cpu.metrics":{"value":["percentages","normalized_percentages"],"type":"text"}},"id":"system/metrics-system.cpu-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["cpu"],"cpu.metrics":["percentages","normalized_percentages"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.diskio"},"vars":{"period":{"value":"10s","type":"text"},"diskio.include_devices":{"value":[],"type":"text"}},"id":"system/metrics-system.diskio-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["diskio"],"diskio.include_devices":null,"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.filesystem"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"},"filesystem.ignore_types":{"value":[],"type":"text"}},"id":"system/metrics-system.filesystem-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["filesystem"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.filesystem.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.fsstat"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"}},"id":"system/metrics-system.fsstat-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["fsstat"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.fsstat.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.load"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.load-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["load"],"condition":"${host.platform} != 'windows'","period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.memory"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.memory-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["memory"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.network"},"vars":{"period":{"value":"10s","type":"text"},"network.interfaces":{"value":[],"type":"text"}},"id":"system/metrics-system.network-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["network"],"period":"10s","network.interfaces":null}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process"},"vars":{"period":{"value":"10s","type":"text"},"process.include_top_n.by_cpu":{"value":5,"type":"integer"},"process.include_top_n.by_memory":{"value":5,"type":"integer"},"process.cmdline.cache.enabled":{"value":true,"type":"bool"},"process.cgroups.enabled":{"value":false,"type":"bool"},"process.env.whitelist":{"value":[],"type":"text"},"process.include_cpu_ticks":{"value":false,"type":"bool"},"processes":{"value":[".*"],"type":"text"}},"id":"system/metrics-system.process-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["process"],"period":"10s","process.include_top_n.by_cpu":5,"process.include_top_n.by_memory":5,"process.cmdline.cache.enabled":true,"process.cgroups.enabled":false,"process.include_cpu_ticks":false,"processes":[".*"]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process.summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.process.summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["process_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.socket_summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.socket_summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["socket_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.uptime"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.uptime-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["uptime"],"period":"10s"}}],"vars":{"system.hostfs":{"type":"text"}}},{"type":"httpjson","policy_template":"system","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Application\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Security\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:System\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"preserve_original_event":{"value":false,"type":"bool"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}}],"revision":1,"created_at":"2022-06-27T15:32:53.484Z","created_by":"elastic","updated_at":"2022-06-27T15:32:53.484Z","updated_by":"elastic"},{"id":"9be915b0-9b9b-45e2-adfc-37f18b64d468","version":"WzEwMjIsMV0=","name":"nginx-http-servers-test","namespace":"default","description":"","package":{"name":"nginx","title":"Nginx","version":"1.4.0"},"enabled":true,"policy_id":"67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f","output_id":"","inputs":[{"type":"logfile","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"paths":{"value":["/var/log/nginx/access.log*"],"type":"text"},"tags":{"value":["nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468","compiled_stream":{"paths":["/var/log/nginx/access.log*"],"tags":["nginx-access"],"exclude_files":[".gz$"],"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"paths":{"value":["/var/log/nginx/error.log*"],"type":"text"},"tags":{"value":["nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468","compiled_stream":{"paths":["/var/log/nginx/error.log*"],"tags":["nginx-error"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\d{4}\\/\\d{2}\\/\\d{2} ","negate":true,"match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"httpjson","policy_template":"nginx","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:access","type":"text"},"tags":{"value":["forwarded","nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468"},{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:error","type":"text"},"tags":{"value":["forwarded","nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}},{"type":"nginx/metrics","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"nginx.stubstatus"},"vars":{"period":{"value":"10s","type":"text"},"server_status_path":{"value":"/nginx_status","type":"text"}},"id":"nginx/metrics-nginx.stubstatus-9be915b0-9b9b-45e2-adfc-37f18b64d468","compiled_stream":{"metricsets":["stubstatus"],"hosts":["http://127.0.0.1:80"],"period":"10s","server_status_path":"/nginx_status"}}],"vars":{"hosts":{"value":["http://127.0.0.1:80"],"type":"text"}}}],"revision":1,"created_at":"2022-06-27T15:33:04.248Z","created_by":"elastic","updated_at":"2022-06-27T15:33:04.248Z","updated_by":"elastic"}],"agents":0},{"id":"fleet-server-policy","namespace":"default","monitoring_enabled":["logs","metrics"],"name":"Fleet Server (elastic-package)","is_default_fleet_server":true,"is_preconfigured":true,"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T15:31:03.382Z","updated_by":"system","package_policies":[{"id":"default-fleet-server","version":"WzYyNCwxXQ==","name":"fleet_server-1","namespace":"default","package":{"name":"fleet_server","title":"Fleet Server","version":"1.2.0"},"enabled":true,"policy_id":"fleet-server-policy","output_id":"fleet-default-output","inputs":[{"type":"fleet-server","policy_template":"fleet_server","enabled":true,"streams":[],"vars":{"host":{"value":["0.0.0.0"],"type":"text"},"port":{"value":[8220],"type":"integer"},"max_agents":{"type":"integer"},"max_connections":{"type":"integer"},"custom":{"value":"","type":"yaml"}},"compiled_input":{"server":{"port":8220,"host":"0.0.0.0"}}}],"revision":1,"created_at":"2022-06-27T15:31:03.351Z","created_by":"system","updated_at":"2022-06-27T15:31:03.351Z","updated_by":"system"}],"agents":1},{"id":"elastic-agent-managed-ep","namespace":"default","monitoring_enabled":["logs","metrics"],"name":"Elastic-Agent (elastic-package)","is_default":true,"is_preconfigured":true,"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T15:31:01.360Z","updated_by":"system","package_policies":[{"id":"default-system","version":"WzYyMiwxXQ==","name":"system-1","namespace":"default","package":{"name":"system","title":"System","version":"1.16.2"},"enabled":true,"policy_id":"elastic-agent-managed-ep","output_id":"fleet-default-output","inputs":[{"type":"logfile","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.auth"},"vars":{"paths":{"value":["/var/log/auth.log*","/var/log/secure*"],"type":"text"}},"id":"logfile-system.auth-default-system","compiled_stream":{"paths":["/var/log/auth.log*","/var/log/secure*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.syslog"},"vars":{"paths":{"value":["/var/log/messages*","/var/log/syslog*"],"type":"text"}},"id":"logfile-system.syslog-default-system","compiled_stream":{"paths":["/var/log/messages*","/var/log/syslog*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"winlog","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.application-default-system","compiled_stream":{"name":"Application","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.security-default-system","compiled_stream":{"name":"Security","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.system-default-system","compiled_stream":{"name":"System","condition":"${host.platform} == 'windows'","ignore_older":"72h"}}]},{"type":"system/metrics","policy_template":"system","enabled":true,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"system.core"},"vars":{"period":{"value":"10s","type":"text"},"core.metrics":{"value":["percentages"],"type":"text"}},"id":"system/metrics-system.core-default-system"},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.cpu"},"vars":{"period":{"value":"10s","type":"text"},"cpu.metrics":{"value":["percentages","normalized_percentages"],"type":"text"}},"id":"system/metrics-system.cpu-default-system","compiled_stream":{"metricsets":["cpu"],"cpu.metrics":["percentages","normalized_percentages"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.diskio"},"vars":{"period":{"value":"10s","type":"text"},"diskio.include_devices":{"value":[],"type":"text"}},"id":"system/metrics-system.diskio-default-system","compiled_stream":{"metricsets":["diskio"],"diskio.include_devices":null,"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.filesystem"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"},"filesystem.ignore_types":{"value":[],"type":"text"}},"id":"system/metrics-system.filesystem-default-system","compiled_stream":{"metricsets":["filesystem"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.filesystem.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.fsstat"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"}},"id":"system/metrics-system.fsstat-default-system","compiled_stream":{"metricsets":["fsstat"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.fsstat.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.load"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.load-default-system","compiled_stream":{"metricsets":["load"],"condition":"${host.platform} != 'windows'","period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.memory"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.memory-default-system","compiled_stream":{"metricsets":["memory"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.network"},"vars":{"period":{"value":"10s","type":"text"},"network.interfaces":{"value":[],"type":"text"}},"id":"system/metrics-system.network-default-system","compiled_stream":{"metricsets":["network"],"period":"10s","network.interfaces":null}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process"},"vars":{"period":{"value":"10s","type":"text"},"process.include_top_n.by_cpu":{"value":5,"type":"integer"},"process.include_top_n.by_memory":{"value":5,"type":"integer"},"process.cmdline.cache.enabled":{"value":true,"type":"bool"},"process.cgroups.enabled":{"value":false,"type":"bool"},"process.env.whitelist":{"value":[],"type":"text"},"process.include_cpu_ticks":{"value":false,"type":"bool"},"processes":{"value":[".*"],"type":"text"}},"id":"system/metrics-system.process-default-system","compiled_stream":{"metricsets":["process"],"period":"10s","process.include_top_n.by_cpu":5,"process.include_top_n.by_memory":5,"process.cmdline.cache.enabled":true,"process.cgroups.enabled":false,"process.include_cpu_ticks":false,"processes":[".*"]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process.summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.process.summary-default-system","compiled_stream":{"metricsets":["process_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.socket_summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.socket_summary-default-system","compiled_stream":{"metricsets":["socket_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.uptime"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.uptime-default-system","compiled_stream":{"metricsets":["uptime"],"period":"10s"}}],"vars":{"system.hostfs":{"type":"text"}}},{"type":"httpjson","policy_template":"system","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Application\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.application-default-system"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Security\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.security-default-system"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:System\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.system-default-system"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"preserve_original_event":{"value":false,"type":"bool"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}}],"revision":1,"created_at":"2022-06-27T15:31:00.403Z","created_by":"system","updated_at":"2022-06-27T15:31:00.403Z","updated_by":"system"}],"agents":1}],"total":4,"page":1,"perPage":20} \ No newline at end of file diff --git a/internal/kibana/agents.go b/internal/kibana/agents.go index b60588186..fa90ee226 100644 --- a/internal/kibana/agents.go +++ b/internal/kibana/agents.go @@ -41,7 +41,7 @@ func (a *Agent) String() string { // ListAgents returns the list of agents enrolled with Fleet. func (c *Client) ListAgents() ([]Agent, error) { - statusCode, respBody, err := c.get(fmt.Sprintf("%s/agents", FleetAPI)) + statusCode, respBody, err := c.Get(fmt.Sprintf("%s/agents", FleetAPI)) if err != nil { return nil, errors.Wrap(err, "could not list agents") } @@ -111,7 +111,7 @@ func (c *Client) waitUntilPolicyAssigned(a Agent, p Policy) error { } func (c *Client) getAgent(agentID string) (*Agent, error) { - statusCode, respBody, err := c.get(fmt.Sprintf("%s/agents/%s", FleetAPI, agentID)) + statusCode, respBody, err := c.Get(fmt.Sprintf("%s/agents/%s", FleetAPI, agentID)) if err != nil { return nil, errors.Wrap(err, "could not list agents") } diff --git a/internal/kibana/client.go b/internal/kibana/client.go index 7550dbb06..d8d89fe94 100644 --- a/internal/kibana/client.go +++ b/internal/kibana/client.go @@ -80,7 +80,7 @@ func CertificateAuthority(certificateAuthority string) ClientOption { } } -func (c *Client) get(resourcePath string) (int, []byte, error) { +func (c *Client) Get(resourcePath string) (int, []byte, error) { return c.sendRequest(http.MethodGet, resourcePath, nil) } diff --git a/internal/kibana/dashboards.go b/internal/kibana/dashboards.go index d1e9313ad..b0c00c29e 100644 --- a/internal/kibana/dashboards.go +++ b/internal/kibana/dashboards.go @@ -33,7 +33,7 @@ func (c *Client) Export(dashboardIDs []string) ([]common.MapStr, error) { } path := fmt.Sprintf("%s/dashboards/export%s", CoreAPI, query.String()) - statusCode, respBody, err := c.get(path) + statusCode, respBody, err := c.Get(path) if err != nil { return nil, errors.Wrapf(err, "could not export dashboards; API status code = %d; response body = %s", statusCode, respBody) } diff --git a/internal/kibana/injected_metadata.go b/internal/kibana/injected_metadata.go index 3b3f6e99a..67597fd77 100644 --- a/internal/kibana/injected_metadata.go +++ b/internal/kibana/injected_metadata.go @@ -24,7 +24,7 @@ type injectedMetadata struct { // Version method returns the Kibana version. func (c *Client) Version() (string, error) { - statusCode, respBody, err := c.get("/login") + statusCode, respBody, err := c.Get("/login") if err != nil { return "", errors.Wrap(err, "could not reach login endpoint") } diff --git a/internal/kibana/policies.go b/internal/kibana/policies.go index 15d1fe568..7f3b85202 100644 --- a/internal/kibana/policies.go +++ b/internal/kibana/policies.go @@ -52,7 +52,7 @@ func (c *Client) CreatePolicy(p Policy) (*Policy, error) { // GetPolicy fetches the given Policy in Fleet. func (c *Client) GetPolicy(policyID string) (*Policy, error) { - statusCode, respBody, err := c.get(fmt.Sprintf("%s/agent_policies/%s", FleetAPI, policyID)) + statusCode, respBody, err := c.Get(fmt.Sprintf("%s/agent_policies/%s", FleetAPI, policyID)) if err != nil { return nil, errors.Wrap(err, "could not get policy") } @@ -74,7 +74,7 @@ func (c *Client) GetPolicy(policyID string) (*Policy, error) { // GetRawPolicy fetches the given Policy with all the fields in Fleet. func (c *Client) GetRawPolicy(policyID string) (json.RawMessage, error) { - statusCode, respBody, err := c.get(fmt.Sprintf("%s/agent_policies/%s", FleetAPI, policyID)) + statusCode, respBody, err := c.Get(fmt.Sprintf("%s/agent_policies/%s", FleetAPI, policyID)) if err != nil { return nil, errors.Wrap(err, "could not get policy") } @@ -107,7 +107,7 @@ func (c *Client) ListRawPolicy() ([]json.RawMessage, error) { } for finished := false; !finished; finished = itemsRetrieved == resp.Total { - statusCode, respBody, err := c.get(fmt.Sprintf("%s/agent_policies?full=true&page=%d", FleetAPI, currentPage)) + statusCode, respBody, err := c.Get(fmt.Sprintf("%s/agent_policies?full=true&page=%d", FleetAPI, currentPage)) if err != nil { return nil, errors.Wrap(err, "could not get policies") } diff --git a/internal/kibana/saved_objects.go b/internal/kibana/saved_objects.go index c1a35ba9b..d448a5a43 100644 --- a/internal/kibana/saved_objects.go +++ b/internal/kibana/saved_objects.go @@ -92,7 +92,7 @@ func (c *Client) FindDashboards() (DashboardSavedObjects, error) { func (c *Client) findDashboardsNextPage(page int) (*savedObjectsResponse, error) { path := fmt.Sprintf("%s/_find?type=dashboard&fields=title&per_page=%d&page=%d", SavedObjectsAPI, findDashboardsPerPage, page) - statusCode, respBody, err := c.get(path) + statusCode, respBody, err := c.Get(path) if err != nil { return nil, errors.Wrapf(err, "could not find dashboards; API status code = %d; response body = %s", statusCode, respBody) } diff --git a/internal/kibana/test/httptest.go b/internal/kibana/test/httptest.go new file mode 100644 index 000000000..112b57d5d --- /dev/null +++ b/internal/kibana/test/httptest.go @@ -0,0 +1,74 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package test + +import ( + "net/http" + "net/http/httptest" + "os" + "path/filepath" + "strings" + "testing" + + "github.com/stretchr/testify/require" + + "github.com/elastic/elastic-package/internal/kibana" +) + +// KibanaClient returns a client for a testing http server that uses prerecorded +// responses. If responses are not found, it forwards the query to the server started by +// elastic-package stack, and records the response. +// Responses are recorded in the directory indicated by serverDataDir. +func KibanaClient(t *testing.T, serverDataDir string) *kibana.Client { + server := testKibanaServer(t, serverDataDir) + t.Cleanup(func() { server.Close() }) + + client, err := kibana.NewClient( + kibana.Address(server.URL), + ) + require.NoError(t, err) + + return client +} + +func testKibanaServer(t *testing.T, mockServerDir string) *httptest.Server { + return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + t.Log(r.Method, r.URL.String()) + f := filepath.Join(mockServerDir, pathForURL(r.URL.String())) + if _, err := os.Stat(f); err != nil { + recordRequest(t, r, f) + } + http.ServeFile(w, r, f) + })) +} + +var pathReplacer = strings.NewReplacer("/", "-", "*", "_", "&", ".") + +// FIXME duplicated in internal/elasticsearch/test/http_test.go +func pathForURL(url string) string { + clean := strings.Trim(url, "/") + if len(clean) == 0 { + return "root.jsn" + } + return pathReplacer.Replace(clean) + ".json" +} + +func recordRequest(t *testing.T, r *http.Request, path string) { + client, err := kibana.NewClient() + require.NoError(t, err) + + t.Logf("Recording %s in %s", r.URL.RequestURI(), path) + status, respBody, err := client.Get(r.URL.RequestURI()) + require.Equal(t, 200, status) + require.NoError(t, err) + + os.MkdirAll(filepath.Dir(path), 0755) + f, err := os.Create(path) + require.NoError(t, err) + defer f.Close() + + _, err = f.Write(respBody) + require.NoError(t, err) +} From 5aa71f3a7023d60ebffe7f855d3fa5a225fcee2d Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Date: Mon, 27 Jun 2022 21:41:49 +0200 Subject: [PATCH 18/27] Use get public method in client_test --- internal/kibana/client_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/internal/kibana/client_test.go b/internal/kibana/client_test.go index eb0402152..51c749eb0 100644 --- a/internal/kibana/client_test.go +++ b/internal/kibana/client_test.go @@ -30,7 +30,7 @@ func TestClientWithTLS(t *testing.T) { client, err := NewClient(Address(server.URL)) require.NoError(t, err) - _, _, err = client.get("/") + _, _, err = client.Get("/") assert.Error(t, err) }) @@ -38,7 +38,7 @@ func TestClientWithTLS(t *testing.T) { client, err := NewClient(Address(server.URL), CertificateAuthority(caCertFile)) require.NoError(t, err) - _, _, err = client.get("/") + _, _, err = client.Get("/") assert.NoError(t, err) }) @@ -46,7 +46,7 @@ func TestClientWithTLS(t *testing.T) { client, err := NewClient(Address(server.URL), TLSSkipVerify()) require.NoError(t, err) - _, _, err = client.get("/") + _, _, err = client.Get("/") assert.NoError(t, err) }) } From 3fa942bb8e47cd3f3694ca8c04aa52b0e1442381 Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Date: Mon, 27 Jun 2022 23:09:28 +0200 Subject: [PATCH 19/27] Set post,put,delete methods public as Get --- internal/kibana/agents.go | 2 +- internal/kibana/client.go | 6 +++--- internal/kibana/packages.go | 4 ++-- internal/kibana/policies.go | 6 +++--- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/kibana/agents.go b/internal/kibana/agents.go index fa90ee226..9b8e9bceb 100644 --- a/internal/kibana/agents.go +++ b/internal/kibana/agents.go @@ -66,7 +66,7 @@ func (c *Client) AssignPolicyToAgent(a Agent, p Policy) error { reqBody := `{ "policy_id": "` + p.ID + `" }` path := fmt.Sprintf("%s/agents/%s/reassign", FleetAPI, a.ID) - statusCode, respBody, err := c.put(path, []byte(reqBody)) + statusCode, respBody, err := c.Put(path, []byte(reqBody)) if err != nil { return errors.Wrap(err, "could not assign policy to agent") } diff --git a/internal/kibana/client.go b/internal/kibana/client.go index d8d89fe94..29018b75c 100644 --- a/internal/kibana/client.go +++ b/internal/kibana/client.go @@ -84,15 +84,15 @@ func (c *Client) Get(resourcePath string) (int, []byte, error) { return c.sendRequest(http.MethodGet, resourcePath, nil) } -func (c *Client) post(resourcePath string, body []byte) (int, []byte, error) { +func (c *Client) Post(resourcePath string, body []byte) (int, []byte, error) { return c.sendRequest(http.MethodPost, resourcePath, body) } -func (c *Client) put(resourcePath string, body []byte) (int, []byte, error) { +func (c *Client) Put(resourcePath string, body []byte) (int, []byte, error) { return c.sendRequest(http.MethodPut, resourcePath, body) } -func (c *Client) delete(resourcePath string) (int, []byte, error) { +func (c *Client) Delete(resourcePath string) (int, []byte, error) { return c.sendRequest(http.MethodDelete, resourcePath, nil) } diff --git a/internal/kibana/packages.go b/internal/kibana/packages.go index c0669a5e9..af463bcc9 100644 --- a/internal/kibana/packages.go +++ b/internal/kibana/packages.go @@ -19,7 +19,7 @@ func (c *Client) InstallPackage(pkg packages.PackageManifest) ([]packages.Asset, path := fmt.Sprintf("%s/epm/packages/%s-%s", FleetAPI, pkg.Name, pkg.Version) reqBody := []byte(`{"force":true}`) // allows installing older versions of the package being tested - statusCode, respBody, err := c.post(path, reqBody) + statusCode, respBody, err := c.Post(path, reqBody) if err != nil { return nil, errors.Wrap(err, "could not install package") } @@ -30,7 +30,7 @@ func (c *Client) InstallPackage(pkg packages.PackageManifest) ([]packages.Asset, // RemovePackage removes the given package from Fleet. func (c *Client) RemovePackage(pkg packages.PackageManifest) ([]packages.Asset, error) { path := fmt.Sprintf("%s/epm/packages/%s-%s", FleetAPI, pkg.Name, pkg.Version) - statusCode, respBody, err := c.delete(path) + statusCode, respBody, err := c.Delete(path) if err != nil { return nil, errors.Wrap(err, "could not delete package") } diff --git a/internal/kibana/policies.go b/internal/kibana/policies.go index 7f3b85202..ff3b840a9 100644 --- a/internal/kibana/policies.go +++ b/internal/kibana/policies.go @@ -30,7 +30,7 @@ func (c *Client) CreatePolicy(p Policy) (*Policy, error) { return nil, errors.Wrap(err, "could not convert policy (request) to JSON") } - statusCode, respBody, err := c.post(fmt.Sprintf("%s/agent_policies", FleetAPI), reqBody) + statusCode, respBody, err := c.Post(fmt.Sprintf("%s/agent_policies", FleetAPI), reqBody) if err != nil { return nil, errors.Wrap(err, "could not create policy") } @@ -132,7 +132,7 @@ func (c *Client) ListRawPolicy() ([]json.RawMessage, error) { func (c *Client) DeletePolicy(p Policy) error { reqBody := `{ "agentPolicyId": "` + p.ID + `" }` - statusCode, respBody, err := c.post(fmt.Sprintf("%s/agent_policies/delete", FleetAPI), []byte(reqBody)) + statusCode, respBody, err := c.Post(fmt.Sprintf("%s/agent_policies/delete", FleetAPI), []byte(reqBody)) if err != nil { return errors.Wrap(err, "could not delete policy") } @@ -202,7 +202,7 @@ func (c *Client) AddPackageDataStreamToPolicy(r PackageDataStream) error { return errors.Wrap(err, "could not convert policy-package (request) to JSON") } - statusCode, respBody, err := c.post(fmt.Sprintf("%s/package_policies", FleetAPI), reqBody) + statusCode, respBody, err := c.Post(fmt.Sprintf("%s/package_policies", FleetAPI), reqBody) if err != nil { return errors.Wrap(err, "could not add package to policy") } From 2184cecd2a76fc5f43971010e7bfc48ba4826ff3 Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Date: Mon, 27 Jun 2022 23:30:59 +0200 Subject: [PATCH 20/27] Rename method to list all agent policies --- internal/dump/agentpolicies.go | 2 +- internal/kibana/policies.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/internal/dump/agentpolicies.go b/internal/dump/agentpolicies.go index 71cf889db..579360bfd 100644 --- a/internal/dump/agentpolicies.go +++ b/internal/dump/agentpolicies.go @@ -86,7 +86,7 @@ func getPackagesUsingAgentPolicy(packagePolicies []packagePolicy) []string { } func (d *AgentPoliciesDumper) getAgentPoliciesFilteredByPackage(ctx context.Context, packageName string) ([]AgentPolicy, error) { - rawPolicies, err := d.client.ListRawPolicy() + rawPolicies, err := d.client.ListRawPolicies() if err != nil { return nil, err diff --git a/internal/kibana/policies.go b/internal/kibana/policies.go index ff3b840a9..366e957a7 100644 --- a/internal/kibana/policies.go +++ b/internal/kibana/policies.go @@ -94,8 +94,8 @@ func (c *Client) GetRawPolicy(policyID string) (json.RawMessage, error) { return resp.Item, nil } -// ListRawPolicy fetches all the Policies in Fleet. -func (c *Client) ListRawPolicy() ([]json.RawMessage, error) { +// ListRawPolicies fetches all the Policies in Fleet. +func (c *Client) ListRawPolicies() ([]json.RawMessage, error) { itemsRetrieved := 0 currentPage := 1 var items []json.RawMessage From 58487b53878d43493e690296f427b820ad4a2dc4 Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Date: Tue, 28 Jun 2022 09:21:17 +0200 Subject: [PATCH 21/27] Move functions to dump a generic json resource to its own file --- internal/dump/installedobjects.go | 34 ------------------------ internal/dump/json.go | 44 +++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+), 34 deletions(-) create mode 100644 internal/dump/json.go diff --git a/internal/dump/installedobjects.go b/internal/dump/installedobjects.go index f2de84001..5bbcf9f78 100644 --- a/internal/dump/installedobjects.go +++ b/internal/dump/installedobjects.go @@ -5,12 +5,8 @@ package dump import ( - "bytes" "context" - "encoding/json" "fmt" - "io/ioutil" - "os" "path/filepath" "github.com/elastic/elastic-package/internal/common" @@ -72,36 +68,6 @@ func (e *InstalledObjectsDumper) DumpAll(ctx context.Context, dir string) (count return count, nil } -type DumpableInstalledObject interface { - Name() string - JSON() []byte -} - -func dumpJSONResource(dir string, object DumpableInstalledObject) error { - if err := os.MkdirAll(dir, 0755); err != nil { - return fmt.Errorf("failed to create dump directory: %w", err) - } - formatted, err := formatJSON(object.JSON()) - if err != nil { - return fmt.Errorf("failed to format JSON object: %w", err) - } - path := filepath.Join(dir, object.Name()+".json") - err = ioutil.WriteFile(path, formatted, 0644) - if err != nil { - return fmt.Errorf("failed to dump object to file: %w", err) - } - return nil -} - -func formatJSON(in []byte) ([]byte, error) { - var buf bytes.Buffer - err := json.Indent(&buf, in, "", " ") - if err != nil { - return nil, err - } - return buf.Bytes(), nil -} - func (e *InstalledObjectsDumper) dumpIndexTemplates(ctx context.Context, dir string) (count int, err error) { indexTemplates, err := e.getIndexTemplates(ctx) if err != nil { diff --git a/internal/dump/json.go b/internal/dump/json.go new file mode 100644 index 000000000..c655a2b19 --- /dev/null +++ b/internal/dump/json.go @@ -0,0 +1,44 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package dump + +import ( + "bytes" + "encoding/json" + "fmt" + "io/ioutil" + "os" + "path/filepath" +) + +type DumpableJSONResource interface { + Name() string + JSON() []byte +} + +func dumpJSONResource(dir string, object DumpableJSONResource) error { + if err := os.MkdirAll(dir, 0755); err != nil { + return fmt.Errorf("failed to create dump directory: %w", err) + } + formatted, err := formatJSON(object.JSON()) + if err != nil { + return fmt.Errorf("failed to format JSON object: %w", err) + } + path := filepath.Join(dir, object.Name()+".json") + err = ioutil.WriteFile(path, formatted, 0644) + if err != nil { + return fmt.Errorf("failed to dump object to file: %w", err) + } + return nil +} + +func formatJSON(in []byte) ([]byte, error) { + var buf bytes.Buffer + err := json.Indent(&buf, in, "", " ") + if err != nil { + return nil, err + } + return buf.Bytes(), nil +} From 33341353b500935a2974bb0b232d1740b80e492d Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Date: Tue, 28 Jun 2022 11:36:25 +0200 Subject: [PATCH 22/27] Replace question mark char in files too --- ...ge=1.json => api-fleet-agent_policies.full=true.page=1.json} | 0 ...ge=1.json => api-fleet-agent_policies.full=true.page=1.json} | 0 internal/kibana/test/httptest.go | 2 +- 3 files changed, 1 insertion(+), 1 deletion(-) rename internal/dump/testdata/fleet-7-mock-dump-all/{api-fleet-agent_policies?full=true.page=1.json => api-fleet-agent_policies.full=true.page=1.json} (100%) rename internal/dump/testdata/fleet-8-mock-dump-all/{api-fleet-agent_policies?full=true.page=1.json => api-fleet-agent_policies.full=true.page=1.json} (100%) diff --git a/internal/dump/testdata/fleet-7-mock-dump-all/api-fleet-agent_policies?full=true.page=1.json b/internal/dump/testdata/fleet-7-mock-dump-all/api-fleet-agent_policies.full=true.page=1.json similarity index 100% rename from internal/dump/testdata/fleet-7-mock-dump-all/api-fleet-agent_policies?full=true.page=1.json rename to internal/dump/testdata/fleet-7-mock-dump-all/api-fleet-agent_policies.full=true.page=1.json diff --git a/internal/dump/testdata/fleet-8-mock-dump-all/api-fleet-agent_policies?full=true.page=1.json b/internal/dump/testdata/fleet-8-mock-dump-all/api-fleet-agent_policies.full=true.page=1.json similarity index 100% rename from internal/dump/testdata/fleet-8-mock-dump-all/api-fleet-agent_policies?full=true.page=1.json rename to internal/dump/testdata/fleet-8-mock-dump-all/api-fleet-agent_policies.full=true.page=1.json diff --git a/internal/kibana/test/httptest.go b/internal/kibana/test/httptest.go index 112b57d5d..435d7d500 100644 --- a/internal/kibana/test/httptest.go +++ b/internal/kibana/test/httptest.go @@ -44,7 +44,7 @@ func testKibanaServer(t *testing.T, mockServerDir string) *httptest.Server { })) } -var pathReplacer = strings.NewReplacer("/", "-", "*", "_", "&", ".") +var pathReplacer = strings.NewReplacer("/", "-", "*", "_", "?", ".", "&", ".") // FIXME duplicated in internal/elasticsearch/test/http_test.go func pathForURL(url string) string { From d872ec2cf00585c26d5cc1ecae90bf049997a657 Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Date: Tue, 28 Jun 2022 11:38:26 +0200 Subject: [PATCH 23/27] Fix default path url name --- internal/kibana/test/httptest.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/kibana/test/httptest.go b/internal/kibana/test/httptest.go index 435d7d500..56f962e78 100644 --- a/internal/kibana/test/httptest.go +++ b/internal/kibana/test/httptest.go @@ -50,7 +50,7 @@ var pathReplacer = strings.NewReplacer("/", "-", "*", "_", "?", ".", "&", ".") func pathForURL(url string) string { clean := strings.Trim(url, "/") if len(clean) == 0 { - return "root.jsn" + return "root.json" } return pathReplacer.Replace(clean) + ".json" } From ac2b8cafb75c39e9e4a0959b28d321b4232a243e Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Date: Tue, 28 Jun 2022 12:33:34 +0200 Subject: [PATCH 24/27] Use formatter package to dump JSONs - rewritten all dumped files --- internal/dump/json.go | 15 +- .../.fleet_component_template-1.json | 52 +- .../logs-apache.access@custom.json | 20 +- .../logs-apache.access@settings.json | 184 +- .../logs-apache.error@custom.json | 20 +- .../logs-apache.error@settings.json | 162 +- .../metrics-apache.status@custom.json | 20 +- .../metrics-apache.status@settings.json | 106 +- .../ilm_policies/logs.json | 100 +- .../ilm_policies/metrics.json | 156 +- .../index_templates/logs-apache.access.json | 1044 +++++----- .../index_templates/logs-apache.error.json | 958 ++++----- .../metrics-apache.status.json | 980 ++++----- .../.fleet_final_pipeline-1.json | 168 +- .../logs-apache.access-1.3.4-third-party.json | 130 +- .../logs-apache.access-1.3.4.json | 400 ++-- .../logs-apache.error-1.3.4-third-party.json | 130 +- .../logs-apache.error-1.3.4.json | 376 ++-- .../.fleet_component_template-1.json | 54 +- .../logs-apache.access@custom.json | 24 +- .../logs-apache.access@settings.json | 188 +- .../logs-apache.error@custom.json | 24 +- .../logs-apache.error@settings.json | 166 +- .../metrics-apache.status@custom.json | 24 +- .../metrics-apache.status@settings.json | 110 +- .../ilm_policies/logs.json | 80 +- .../ilm_policies/metrics.json | 92 +- .../index_templates/logs-apache.access.json | 1064 +++++----- .../index_templates/logs-apache.error.json | 978 ++++----- .../metrics-apache.status.json | 982 ++++----- .../.fleet_final_pipeline-1.json | 174 +- .../logs-apache.access-1.3.6-third-party.json | 142 +- .../logs-apache.access-1.3.6.json | 412 ++-- .../logs-apache.error-1.3.6-third-party.json | 142 +- .../logs-apache.error-1.3.6.json | 388 ++-- .../499b5aa7-d214-5b5d-838b-3cd76469844e.json | 144 +- .../2016d7cc-135e-5583-9758-3ba01f5a06e5.json | 1334 ++++++------ .../499b5aa7-d214-5b5d-838b-3cd76469844e.json | 146 +- .../b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json | 1834 ++++++++--------- .../edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json | 1834 ++++++++--------- .../b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json | 1834 ++++++++--------- .../edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json | 1834 ++++++++--------- .../agent_policies/fleet-server-policy.json | 140 +- .../67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json | 1834 ++++++++--------- .../8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json | 1834 ++++++++--------- .../elastic-agent-managed-ep.json | 1332 ++++++------ .../agent_policies/fleet-server-policy.json | 142 +- .../67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json | 1834 ++++++++--------- .../8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json | 1834 ++++++++--------- 49 files changed, 13983 insertions(+), 13992 deletions(-) diff --git a/internal/dump/json.go b/internal/dump/json.go index c655a2b19..7c6fcb83c 100644 --- a/internal/dump/json.go +++ b/internal/dump/json.go @@ -5,12 +5,12 @@ package dump import ( - "bytes" - "encoding/json" "fmt" "io/ioutil" "os" "path/filepath" + + "github.com/elastic/elastic-package/internal/formatter" ) type DumpableJSONResource interface { @@ -22,7 +22,7 @@ func dumpJSONResource(dir string, object DumpableJSONResource) error { if err := os.MkdirAll(dir, 0755); err != nil { return fmt.Errorf("failed to create dump directory: %w", err) } - formatted, err := formatJSON(object.JSON()) + formatted, _, err := formatter.JSONFormatter(object.JSON()) if err != nil { return fmt.Errorf("failed to format JSON object: %w", err) } @@ -33,12 +33,3 @@ func dumpJSONResource(dir string, object DumpableJSONResource) error { } return nil } - -func formatJSON(in []byte) ([]byte, error) { - var buf bytes.Buffer - err := json.Indent(&buf, in, "", " ") - if err != nil { - return nil, err - } - return buf.Bytes(), nil -} diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/.fleet_component_template-1.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/.fleet_component_template-1.json index e5371a1d2..ca0b9621e 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/.fleet_component_template-1.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/.fleet_component_template-1.json @@ -1,29 +1,29 @@ { - "name": ".fleet_component_template-1", - "component_template": { - "template": { - "settings": { - "index": { - "final_pipeline": ".fleet_final_pipeline-1" - } - }, - "mappings": { - "properties": { - "event": { - "properties": { - "agent_id_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "ingested": { - "format": "strict_date_time_no_millis||strict_date_optional_time||epoch_millis", - "type": "date" - } + "name": ".fleet_component_template-1", + "component_template": { + "template": { + "settings": { + "index": { + "final_pipeline": ".fleet_final_pipeline-1" + } + }, + "mappings": { + "properties": { + "event": { + "properties": { + "agent_id_status": { + "ignore_above": 1024, + "type": "keyword" + }, + "ingested": { + "format": "strict_date_time_no_millis||strict_date_optional_time||epoch_millis", + "type": "date" + } + } + } + } } - } - } - } - }, - "_meta": {} - } + }, + "_meta": {} + } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.access@custom.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.access@custom.json index e61071082..5d6265cfd 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.access@custom.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.access@custom.json @@ -1,13 +1,13 @@ { - "name": "logs-apache.access@custom", - "component_template": { - "template": { - "settings": {} - }, - "_meta": { - "package": { - "name": "apache" - } + "name": "logs-apache.access@custom", + "component_template": { + "template": { + "settings": {} + }, + "_meta": { + "package": { + "name": "apache" + } + } } - } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.access@settings.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.access@settings.json index 37ee561bd..63e917301 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.access@settings.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.access@settings.json @@ -1,97 +1,97 @@ { - "name": "logs-apache.access@settings", - "component_template": { - "template": { - "settings": { - "index": { - "lifecycle": { - "name": "logs" - }, - "codec": "best_compression", - "mapping": { - "total_fields": { - "limit": "10000" + "name": "logs-apache.access@settings", + "component_template": { + "template": { + "settings": { + "index": { + "lifecycle": { + "name": "logs" + }, + "codec": "best_compression", + "mapping": { + "total_fields": { + "limit": "10000" + } + }, + "query": { + "default_field": [ + "cloud.account.id", + "cloud.availability_zone", + "cloud.instance.id", + "cloud.instance.name", + "cloud.machine.type", + "cloud.provider", + "cloud.region", + "cloud.project.id", + "cloud.image.id", + "container.id", + "container.image.name", + "container.name", + "host.architecture", + "host.domain", + "host.hostname", + "host.id", + "host.mac", + "host.name", + "host.os.family", + "host.os.kernel", + "host.os.name", + "host.os.platform", + "host.os.version", + "host.type", + "host.os.build", + "host.os.codename", + "input.type", + "destination.domain", + "ecs.version", + "event.category", + "event.kind", + "event.outcome", + "file.path", + "http.request.method", + "http.request.referrer", + "http.version", + "log.file.path", + "log.level", + "source.address", + "source.as.organization.name", + "source.domain", + "source.geo.city_name", + "source.geo.continent_name", + "source.geo.country_iso_code", + "source.geo.country_name", + "source.geo.region_iso_code", + "source.geo.region_name", + "tags", + "tls.cipher", + "tls.version", + "tls.version_protocol", + "url.domain", + "url.extension", + "url.query", + "user.name", + "user_agent.device.name", + "user_agent.device.name", + "user_agent.name", + "user_agent.name", + "user_agent.original", + "user_agent.original", + "user_agent.os.full", + "user_agent.os.name", + "user_agent.os.name", + "user_agent.os.version", + "user_agent.version", + "apache.access.ssl.protocol", + "apache.access.ssl.cipher" + ] + } + } + } + }, + "_meta": { + "package": { + "name": "apache" } - }, - "query": { - "default_field": [ - "cloud.account.id", - "cloud.availability_zone", - "cloud.instance.id", - "cloud.instance.name", - "cloud.machine.type", - "cloud.provider", - "cloud.region", - "cloud.project.id", - "cloud.image.id", - "container.id", - "container.image.name", - "container.name", - "host.architecture", - "host.domain", - "host.hostname", - "host.id", - "host.mac", - "host.name", - "host.os.family", - "host.os.kernel", - "host.os.name", - "host.os.platform", - "host.os.version", - "host.type", - "host.os.build", - "host.os.codename", - "input.type", - "destination.domain", - "ecs.version", - "event.category", - "event.kind", - "event.outcome", - "file.path", - "http.request.method", - "http.request.referrer", - "http.version", - "log.file.path", - "log.level", - "source.address", - "source.as.organization.name", - "source.domain", - "source.geo.city_name", - "source.geo.continent_name", - "source.geo.country_iso_code", - "source.geo.country_name", - "source.geo.region_iso_code", - "source.geo.region_name", - "tags", - "tls.cipher", - "tls.version", - "tls.version_protocol", - "url.domain", - "url.extension", - "url.query", - "user.name", - "user_agent.device.name", - "user_agent.device.name", - "user_agent.name", - "user_agent.name", - "user_agent.original", - "user_agent.original", - "user_agent.os.full", - "user_agent.os.name", - "user_agent.os.name", - "user_agent.os.version", - "user_agent.version", - "apache.access.ssl.protocol", - "apache.access.ssl.cipher" - ] - } } - } - }, - "_meta": { - "package": { - "name": "apache" - } } - } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.error@custom.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.error@custom.json index 41cfc9eac..341be8997 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.error@custom.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.error@custom.json @@ -1,13 +1,13 @@ { - "name": "logs-apache.error@custom", - "component_template": { - "template": { - "settings": {} - }, - "_meta": { - "package": { - "name": "apache" - } + "name": "logs-apache.error@custom", + "component_template": { + "template": { + "settings": {} + }, + "_meta": { + "package": { + "name": "apache" + } + } } - } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.error@settings.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.error@settings.json index 65cbdba8b..08e8e9a83 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.error@settings.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.error@settings.json @@ -1,86 +1,86 @@ { - "name": "logs-apache.error@settings", - "component_template": { - "template": { - "settings": { - "index": { - "lifecycle": { - "name": "logs" - }, - "codec": "best_compression", - "mapping": { - "total_fields": { - "limit": "10000" + "name": "logs-apache.error@settings", + "component_template": { + "template": { + "settings": { + "index": { + "lifecycle": { + "name": "logs" + }, + "codec": "best_compression", + "mapping": { + "total_fields": { + "limit": "10000" + } + }, + "query": { + "default_field": [ + "cloud.account.id", + "cloud.availability_zone", + "cloud.instance.id", + "cloud.instance.name", + "cloud.machine.type", + "cloud.provider", + "cloud.region", + "cloud.project.id", + "cloud.image.id", + "container.id", + "container.image.name", + "container.name", + "host.architecture", + "host.domain", + "host.hostname", + "host.id", + "host.mac", + "host.name", + "host.os.family", + "host.os.kernel", + "host.os.name", + "host.os.platform", + "host.os.version", + "host.type", + "host.os.build", + "host.os.codename", + "input.type", + "tags", + "ecs.version", + "event.category", + "event.kind", + "event.timezone", + "event.type", + "file.path", + "http.request.method", + "http.request.referrer", + "http.version", + "log.file.path", + "log.level", + "source.address", + "source.as.organization.name", + "source.geo.city_name", + "source.geo.continent_name", + "source.geo.country_iso_code", + "source.geo.country_name", + "source.geo.region_iso_code", + "source.geo.region_name", + "tags", + "url.domain", + "url.extension", + "url.query", + "user.name", + "user_agent.device.name", + "user_agent.name", + "user_agent.original", + "user_agent.os.name", + "apache.error.module" + ] + } + } + } + }, + "_meta": { + "package": { + "name": "apache" } - }, - "query": { - "default_field": [ - "cloud.account.id", - "cloud.availability_zone", - "cloud.instance.id", - "cloud.instance.name", - "cloud.machine.type", - "cloud.provider", - "cloud.region", - "cloud.project.id", - "cloud.image.id", - "container.id", - "container.image.name", - "container.name", - "host.architecture", - "host.domain", - "host.hostname", - "host.id", - "host.mac", - "host.name", - "host.os.family", - "host.os.kernel", - "host.os.name", - "host.os.platform", - "host.os.version", - "host.type", - "host.os.build", - "host.os.codename", - "input.type", - "tags", - "ecs.version", - "event.category", - "event.kind", - "event.timezone", - "event.type", - "file.path", - "http.request.method", - "http.request.referrer", - "http.version", - "log.file.path", - "log.level", - "source.address", - "source.as.organization.name", - "source.geo.city_name", - "source.geo.continent_name", - "source.geo.country_iso_code", - "source.geo.country_name", - "source.geo.region_iso_code", - "source.geo.region_name", - "tags", - "url.domain", - "url.extension", - "url.query", - "user.name", - "user_agent.device.name", - "user_agent.name", - "user_agent.original", - "user_agent.os.name", - "apache.error.module" - ] - } } - } - }, - "_meta": { - "package": { - "name": "apache" - } } - } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/metrics-apache.status@custom.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/metrics-apache.status@custom.json index fbcf3cfe3..80e702519 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/metrics-apache.status@custom.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/metrics-apache.status@custom.json @@ -1,13 +1,13 @@ { - "name": "metrics-apache.status@custom", - "component_template": { - "template": { - "settings": {} - }, - "_meta": { - "package": { - "name": "apache" - } + "name": "metrics-apache.status@custom", + "component_template": { + "template": { + "settings": {} + }, + "_meta": { + "package": { + "name": "apache" + } + } } - } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/metrics-apache.status@settings.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/metrics-apache.status@settings.json index cbc410751..17c627e9a 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/metrics-apache.status@settings.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/metrics-apache.status@settings.json @@ -1,58 +1,58 @@ { - "name": "metrics-apache.status@settings", - "component_template": { - "template": { - "settings": { - "index": { - "lifecycle": { - "name": "metrics" - }, - "codec": "best_compression", - "mapping": { - "total_fields": { - "limit": "10000" + "name": "metrics-apache.status@settings", + "component_template": { + "template": { + "settings": { + "index": { + "lifecycle": { + "name": "metrics" + }, + "codec": "best_compression", + "mapping": { + "total_fields": { + "limit": "10000" + } + }, + "query": { + "default_field": [ + "cloud.account.id", + "cloud.availability_zone", + "cloud.instance.id", + "cloud.instance.name", + "cloud.machine.type", + "cloud.provider", + "cloud.region", + "cloud.project.id", + "cloud.image.id", + "container.id", + "container.image.name", + "container.name", + "host.architecture", + "host.domain", + "host.hostname", + "host.id", + "host.mac", + "host.name", + "host.os.family", + "host.os.kernel", + "host.os.name", + "host.os.platform", + "host.os.version", + "host.type", + "host.os.build", + "host.os.codename", + "ecs.version", + "service.address", + "service.type" + ] + } + } + } + }, + "_meta": { + "package": { + "name": "apache" } - }, - "query": { - "default_field": [ - "cloud.account.id", - "cloud.availability_zone", - "cloud.instance.id", - "cloud.instance.name", - "cloud.machine.type", - "cloud.provider", - "cloud.region", - "cloud.project.id", - "cloud.image.id", - "container.id", - "container.image.name", - "container.name", - "host.architecture", - "host.domain", - "host.hostname", - "host.id", - "host.mac", - "host.name", - "host.os.family", - "host.os.kernel", - "host.os.name", - "host.os.platform", - "host.os.version", - "host.type", - "host.os.build", - "host.os.codename", - "ecs.version", - "service.address", - "service.type" - ] - } } - } - }, - "_meta": { - "package": { - "name": "apache" - } } - } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ilm_policies/logs.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ilm_policies/logs.json index 65680aca2..539190ee4 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ilm_policies/logs.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ilm_policies/logs.json @@ -1,55 +1,55 @@ { - "version": 1, - "modified_date": "2022-01-25T18:01:46.058Z", - "policy": { - "phases": { - "hot": { - "min_age": "0ms", - "actions": { - "rollover": { - "max_primary_shard_size": "50gb", - "max_age": "30d" - } + "version": 1, + "modified_date": "2022-01-25T18:01:46.058Z", + "policy": { + "phases": { + "hot": { + "min_age": "0ms", + "actions": { + "rollover": { + "max_primary_shard_size": "50gb", + "max_age": "30d" + } + } + } + }, + "_meta": { + "managed": true, + "description": "default policy for the logs index template installed by x-pack" } - } }, - "_meta": { - "managed": true, - "description": "default policy for the logs index template installed by x-pack" + "in_use_by": { + "indices": [ + ".ds-logs-elastic_agent-default-2022.01.25-000001", + ".ds-logs-elastic_agent.metricbeat-default-2022.01.25-000001", + ".ds-logs-elastic_agent.filebeat-default-2022.01.25-000001", + ".ds-logs-elastic_agent.fleet_server-default-2022.01.25-000001" + ], + "data_streams": [ + "logs-elastic_agent-default", + "logs-elastic_agent.metricbeat-default", + "logs-elastic_agent.filebeat-default", + "logs-elastic_agent.fleet_server-default" + ], + "composable_templates": [ + "logs-apache.access", + "logs-elastic_agent.apm_server", + "logs-system.security", + "logs-system.auth", + "logs-elastic_agent.metricbeat", + "logs-elastic_agent.filebeat", + "logs-elastic_agent.packetbeat", + "logs-elastic_agent.endpoint_security", + "logs-elastic_agent.fleet_server", + "logs-apache.error", + "logs-system.system", + "logs-system.application", + "logs-elastic_agent.osquerybeat", + "logs-elastic_agent.heartbeat", + "logs-system.syslog", + "logs-elastic_agent.auditbeat", + "logs", + "logs-elastic_agent" + ] } - }, - "in_use_by": { - "indices": [ - ".ds-logs-elastic_agent-default-2022.01.25-000001", - ".ds-logs-elastic_agent.metricbeat-default-2022.01.25-000001", - ".ds-logs-elastic_agent.filebeat-default-2022.01.25-000001", - ".ds-logs-elastic_agent.fleet_server-default-2022.01.25-000001" - ], - "data_streams": [ - "logs-elastic_agent-default", - "logs-elastic_agent.metricbeat-default", - "logs-elastic_agent.filebeat-default", - "logs-elastic_agent.fleet_server-default" - ], - "composable_templates": [ - "logs-apache.access", - "logs-elastic_agent.apm_server", - "logs-system.security", - "logs-system.auth", - "logs-elastic_agent.metricbeat", - "logs-elastic_agent.filebeat", - "logs-elastic_agent.packetbeat", - "logs-elastic_agent.endpoint_security", - "logs-elastic_agent.fleet_server", - "logs-apache.error", - "logs-system.system", - "logs-system.application", - "logs-elastic_agent.osquerybeat", - "logs-elastic_agent.heartbeat", - "logs-system.syslog", - "logs-elastic_agent.auditbeat", - "logs", - "logs-elastic_agent" - ] - } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ilm_policies/metrics.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ilm_policies/metrics.json index ef39cae8a..ea1fc7545 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ilm_policies/metrics.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ilm_policies/metrics.json @@ -1,83 +1,83 @@ { - "version": 1, - "modified_date": "2022-01-25T18:01:48.410Z", - "policy": { - "phases": { - "hot": { - "min_age": "0ms", - "actions": { - "rollover": { - "max_primary_shard_size": "50gb", - "max_age": "30d" - } + "version": 1, + "modified_date": "2022-01-25T18:01:48.410Z", + "policy": { + "phases": { + "hot": { + "min_age": "0ms", + "actions": { + "rollover": { + "max_primary_shard_size": "50gb", + "max_age": "30d" + } + } + } + }, + "_meta": { + "managed": true, + "description": "default policy for the metrics index template installed by x-pack" } - } }, - "_meta": { - "managed": true, - "description": "default policy for the metrics index template installed by x-pack" + "in_use_by": { + "indices": [ + ".ds-metrics-system.socket_summary-default-2022.01.25-000001", + ".ds-metrics-system.cpu-default-2022.01.25-000001", + ".ds-metrics-elastic_agent.metricbeat-default-2022.01.25-000001", + ".ds-metrics-system.uptime-default-2022.01.25-000001", + ".ds-metrics-system.process-default-2022.01.25-000001", + ".ds-metrics-system.memory-default-2022.01.25-000001", + ".ds-metrics-system.diskio-default-2022.01.25-000001", + ".ds-metrics-elastic_agent.fleet_server-default-2022.01.25-000001", + ".ds-metrics-elastic_agent.filebeat-default-2022.01.25-000001", + ".ds-metrics-system.load-default-2022.01.25-000001", + ".ds-metrics-system.process.summary-default-2022.01.25-000001", + ".ds-metrics-elastic_agent.elastic_agent-default-2022.01.25-000001", + ".ds-metrics-system.filesystem-default-2022.01.25-000001", + ".ds-metrics-system.network-default-2022.01.25-000001", + ".ds-metrics-system.fsstat-default-2022.01.25-000001" + ], + "data_streams": [ + "metrics-system.filesystem-default", + "metrics-system.cpu-default", + "metrics-system.process.summary-default", + "metrics-system.memory-default", + "metrics-elastic_agent.fleet_server-default", + "metrics-system.uptime-default", + "metrics-elastic_agent.elastic_agent-default", + "metrics-elastic_agent.metricbeat-default", + "metrics-system.fsstat-default", + "metrics-system.process-default", + "metrics-elastic_agent.filebeat-default", + "metrics-system.network-default", + "metrics-system.diskio-default", + "metrics-system.load-default", + "metrics-system.socket_summary-default" + ], + "composable_templates": [ + "metrics-system.process", + "metrics-elastic_agent.packetbeat", + "metrics-system.fsstat", + "metrics-elastic_agent.osquerybeat", + "metrics-elastic_agent.endpoint_security", + "metrics-elastic_agent.apm_server", + "metrics-system.memory", + "metrics-system.socket_summary", + "metrics-apache.status", + "metrics-elastic_agent.elastic_agent", + "metrics-elastic_agent.fleet_server", + "metrics-system.load", + "metrics-system.core", + "metrics-elastic_agent.filebeat", + "metrics-system.uptime", + "metrics-system.process.summary", + "metrics-system.cpu", + "metrics-elastic_agent.heartbeat", + "metrics-system.diskio", + "metrics-elastic_agent.metricbeat", + "metrics-elastic_agent.auditbeat", + "metrics-system.network", + "metrics-system.filesystem", + "metrics" + ] } - }, - "in_use_by": { - "indices": [ - ".ds-metrics-system.socket_summary-default-2022.01.25-000001", - ".ds-metrics-system.cpu-default-2022.01.25-000001", - ".ds-metrics-elastic_agent.metricbeat-default-2022.01.25-000001", - ".ds-metrics-system.uptime-default-2022.01.25-000001", - ".ds-metrics-system.process-default-2022.01.25-000001", - ".ds-metrics-system.memory-default-2022.01.25-000001", - ".ds-metrics-system.diskio-default-2022.01.25-000001", - ".ds-metrics-elastic_agent.fleet_server-default-2022.01.25-000001", - ".ds-metrics-elastic_agent.filebeat-default-2022.01.25-000001", - ".ds-metrics-system.load-default-2022.01.25-000001", - ".ds-metrics-system.process.summary-default-2022.01.25-000001", - ".ds-metrics-elastic_agent.elastic_agent-default-2022.01.25-000001", - ".ds-metrics-system.filesystem-default-2022.01.25-000001", - ".ds-metrics-system.network-default-2022.01.25-000001", - ".ds-metrics-system.fsstat-default-2022.01.25-000001" - ], - "data_streams": [ - "metrics-system.filesystem-default", - "metrics-system.cpu-default", - "metrics-system.process.summary-default", - "metrics-system.memory-default", - "metrics-elastic_agent.fleet_server-default", - "metrics-system.uptime-default", - "metrics-elastic_agent.elastic_agent-default", - "metrics-elastic_agent.metricbeat-default", - "metrics-system.fsstat-default", - "metrics-system.process-default", - "metrics-elastic_agent.filebeat-default", - "metrics-system.network-default", - "metrics-system.diskio-default", - "metrics-system.load-default", - "metrics-system.socket_summary-default" - ], - "composable_templates": [ - "metrics-system.process", - "metrics-elastic_agent.packetbeat", - "metrics-system.fsstat", - "metrics-elastic_agent.osquerybeat", - "metrics-elastic_agent.endpoint_security", - "metrics-elastic_agent.apm_server", - "metrics-system.memory", - "metrics-system.socket_summary", - "metrics-apache.status", - "metrics-elastic_agent.elastic_agent", - "metrics-elastic_agent.fleet_server", - "metrics-system.load", - "metrics-system.core", - "metrics-elastic_agent.filebeat", - "metrics-system.uptime", - "metrics-system.process.summary", - "metrics-system.cpu", - "metrics-elastic_agent.heartbeat", - "metrics-system.diskio", - "metrics-elastic_agent.metricbeat", - "metrics-elastic_agent.auditbeat", - "metrics-system.network", - "metrics-system.filesystem", - "metrics" - ] - } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/logs-apache.access.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/logs-apache.access.json index 476280409..29ac4b907 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/logs-apache.access.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/logs-apache.access.json @@ -1,535 +1,535 @@ { - "name": "logs-apache.access", - "index_template": { - "index_patterns": [ - "logs-apache.access-*" - ], - "template": { - "settings": { - "index": { - "default_pipeline": "logs-apache.access-1.3.4" - } - }, - "mappings": { - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "ingest-manager", - "managed": true - }, - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } + "name": "logs-apache.access", + "index_template": { + "index_patterns": [ + "logs-apache.access-*" ], - "date_detection": false, - "properties": { - "container": { - "properties": { - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "labels": { - "type": "object" - } - } - }, - "process": { - "properties": { - "pid": { - "type": "long" - }, - "thread": { - "properties": { - "id": { - "type": "long" - } + "template": { + "settings": { + "index": { + "default_pipeline": "logs-apache.access-1.3.4" } - } - } - }, - "log": { - "properties": { - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "offset": { - "type": "long" - }, - "level": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "destination": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "source": { - "properties": { - "geo": { - "properties": { - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } + }, + "mappings": { + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "ingest-manager", + "managed": true + }, + "dynamic_templates": [ + { + "strings_as_keyword": { + "mapping": { + "ignore_above": 1024, + "type": "keyword" + }, + "match_mapping_type": "string" + } } - } - } - }, - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - } - } - }, - "error": { - "properties": { - "message": { - "type": "match_only_text" - } - } - }, - "message": { - "type": "match_only_text" - }, - "url": { - "properties": { - "path": { - "type": "wildcard" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "type": "wildcard" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - }, - "cloud": { - "properties": { - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "instance": { + ], + "date_detection": false, "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - }, - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "input": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "@timestamp": { - "type": "date" - }, - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "apache": { - "properties": { - "access": { - "properties": { - "ssl": { - "properties": { - "cipher": { + "container": { + "properties": { + "image": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "labels": { + "type": "object" + } + } + }, + "process": { + "properties": { + "pid": { + "type": "long" + }, + "thread": { + "properties": { + "id": { + "type": "long" + } + } + } + } + }, + "log": { + "properties": { + "file": { + "properties": { + "path": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "offset": { + "type": "long" + }, + "level": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "destination": { + "properties": { + "domain": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "source": { + "properties": { + "geo": { + "properties": { + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "as": { + "properties": { + "number": { + "type": "long" + }, + "organization": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + } + } + }, + "error": { + "properties": { + "message": { + "type": "match_only_text" + } + } + }, + "message": { + "type": "match_only_text" + }, + "url": { + "properties": { + "path": { + "type": "wildcard" + }, + "extension": { + "ignore_above": 1024, + "type": "keyword" + }, + "original": { + "type": "wildcard" + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "query": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "tags": { "ignore_above": 1024, "type": "keyword" - }, - "protocol": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } - }, - "host": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "text" - } - } - }, - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "containerized": { - "type": "boolean" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "architecture": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "http": { - "properties": { - "request": { - "properties": { - "referrer": { - "ignore_above": 1024, - "type": "keyword" - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "response": { - "properties": { - "status_code": { - "type": "long" - }, - "body": { - "properties": { - "bytes": { - "type": "long" - } + }, + "cloud": { + "properties": { + "availability_zone": { + "ignore_above": 1024, + "type": "keyword" + }, + "image": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "instance": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "provider": { + "ignore_above": 1024, + "type": "keyword" + }, + "machine": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "project": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "region": { + "ignore_above": 1024, + "type": "keyword" + }, + "account": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "input": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "@timestamp": { + "type": "date" + }, + "file": { + "properties": { + "path": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "apache": { + "properties": { + "access": { + "properties": { + "ssl": { + "properties": { + "cipher": { + "ignore_above": 1024, + "type": "keyword" + }, + "protocol": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + } + } + }, + "ecs": { + "properties": { + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "data_stream": { + "properties": { + "namespace": { + "type": "constant_keyword" + }, + "type": { + "type": "constant_keyword" + }, + "dataset": { + "type": "constant_keyword" + } + } + }, + "host": { + "properties": { + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "build": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "codename": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "text": { + "type": "text" + } + } + }, + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + }, + "containerized": { + "type": "boolean" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "architecture": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "http": { + "properties": { + "request": { + "properties": { + "referrer": { + "ignore_above": 1024, + "type": "keyword" + }, + "method": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "response": { + "properties": { + "status_code": { + "type": "long" + }, + "body": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "tls": { + "properties": { + "cipher": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + }, + "version_protocol": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "event": { + "properties": { + "created": { + "type": "date" + }, + "kind": { + "ignore_above": 1024, + "type": "keyword" + }, + "module": { + "type": "constant_keyword", + "value": "apache" + }, + "category": { + "ignore_above": 1024, + "type": "keyword" + }, + "dataset": { + "type": "constant_keyword", + "value": "apache.access" + }, + "outcome": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "user": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "user_agent": { + "properties": { + "original": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + }, + "full": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "device": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } } - } } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "tls": { - "properties": { - "cipher": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "version_protocol": { - "ignore_above": 1024, - "type": "keyword" - } } - }, - "event": { - "properties": { - "created": { - "type": "date" - }, - "kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "module": { - "type": "constant_keyword", - "value": "apache" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "dataset": { - "type": "constant_keyword", - "value": "apache.access" - }, - "outcome": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user_agent": { - "properties": { - "original": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "device": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } + }, + "composed_of": [ + "logs-apache.access@settings", + "logs-apache.access@custom", + ".fleet_component_template-1" + ], + "priority": 200, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "ingest-manager", + "managed": true + }, + "data_stream": { + "hidden": false } - } - }, - "composed_of": [ - "logs-apache.access@settings", - "logs-apache.access@custom", - ".fleet_component_template-1" - ], - "priority": 200, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "ingest-manager", - "managed": true - }, - "data_stream": { - "hidden": false } - } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/logs-apache.error.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/logs-apache.error.json index 779b5d8ee..5c1e14319 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/logs-apache.error.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/logs-apache.error.json @@ -1,491 +1,491 @@ { - "name": "logs-apache.error", - "index_template": { - "index_patterns": [ - "logs-apache.error-*" - ], - "template": { - "settings": { - "index": { - "default_pipeline": "logs-apache.error-1.3.4" - } - }, - "mappings": { - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "ingest-manager", - "managed": true - }, - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } + "name": "logs-apache.error", + "index_template": { + "index_patterns": [ + "logs-apache.error-*" ], - "date_detection": false, - "properties": { - "container": { - "properties": { - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "labels": { - "type": "object" - } - } - }, - "process": { - "properties": { - "pid": { - "type": "long" - }, - "thread": { - "properties": { - "id": { - "type": "long" - } - } - } - } - }, - "log": { - "properties": { - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "offset": { - "type": "long" - }, - "level": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "source": { - "properties": { - "geo": { - "properties": { - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } + "template": { + "settings": { + "index": { + "default_pipeline": "logs-apache.error-1.3.4" } - }, - "as": { + }, + "mappings": { + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "ingest-manager", + "managed": true + }, + "dynamic_templates": [ + { + "strings_as_keyword": { + "mapping": { + "ignore_above": 1024, + "type": "keyword" + }, + "match_mapping_type": "string" + } + } + ], + "date_detection": false, "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { + "container": { + "properties": { + "image": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "labels": { + "type": "object" + } + } + }, + "process": { + "properties": { + "pid": { + "type": "long" + }, + "thread": { + "properties": { + "id": { + "type": "long" + } + } + } + } + }, + "log": { + "properties": { + "file": { + "properties": { + "path": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "offset": { + "type": "long" + }, + "level": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "source": { + "properties": { + "geo": { + "properties": { + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "as": { + "properties": { + "number": { + "type": "long" + }, + "organization": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "port": { + "type": "long" + }, + "ip": { + "type": "ip" + } + } + }, + "error": { + "properties": { + "message": { + "type": "match_only_text" + } + } + }, + "message": { + "type": "match_only_text" + }, + "url": { + "properties": { + "path": { + "type": "wildcard" + }, + "extension": { + "ignore_above": 1024, + "type": "keyword" + }, + "original": { + "type": "wildcard" + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "query": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "tags": { "ignore_above": 1024, "type": "keyword" - } - } - } - } - }, - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "port": { - "type": "long" - }, - "ip": { - "type": "ip" - } - } - }, - "error": { - "properties": { - "message": { - "type": "match_only_text" - } - } - }, - "message": { - "type": "match_only_text" - }, - "url": { - "properties": { - "path": { - "type": "wildcard" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "type": "wildcard" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - }, - "cloud": { - "properties": { - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "instance": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - }, - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "input": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "@timestamp": { - "type": "date" - }, - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "apache": { - "properties": { - "error": { - "properties": { - "module": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } - }, - "host": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "text" - } - } - }, - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "containerized": { - "type": "boolean" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "architecture": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "http": { - "properties": { - "request": { - "properties": { - "referrer": { - "ignore_above": 1024, - "type": "keyword" - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "response": { - "properties": { - "status_code": { - "type": "long" - }, - "body": { - "properties": { - "bytes": { - "type": "long" - } + }, + "cloud": { + "properties": { + "availability_zone": { + "ignore_above": 1024, + "type": "keyword" + }, + "image": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "instance": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "provider": { + "ignore_above": 1024, + "type": "keyword" + }, + "machine": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "project": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "region": { + "ignore_above": 1024, + "type": "keyword" + }, + "account": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "input": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "@timestamp": { + "type": "date" + }, + "file": { + "properties": { + "path": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "apache": { + "properties": { + "error": { + "properties": { + "module": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "ecs": { + "properties": { + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "data_stream": { + "properties": { + "namespace": { + "type": "constant_keyword" + }, + "type": { + "type": "constant_keyword" + }, + "dataset": { + "type": "constant_keyword" + } + } + }, + "host": { + "properties": { + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "build": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "codename": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "text": { + "type": "text" + } + } + }, + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + }, + "containerized": { + "type": "boolean" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "architecture": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "http": { + "properties": { + "request": { + "properties": { + "referrer": { + "ignore_above": 1024, + "type": "keyword" + }, + "method": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "response": { + "properties": { + "status_code": { + "type": "long" + }, + "body": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "event": { + "properties": { + "kind": { + "ignore_above": 1024, + "type": "keyword" + }, + "timezone": { + "ignore_above": 1024, + "type": "keyword" + }, + "module": { + "type": "constant_keyword", + "value": "apache" + }, + "category": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "dataset": { + "type": "constant_keyword", + "value": "apache.error" + } + } + }, + "user": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "user_agent": { + "properties": { + "original": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "device": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } } - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event": { - "properties": { - "kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - }, - "module": { - "type": "constant_keyword", - "value": "apache" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "dataset": { - "type": "constant_keyword", - "value": "apache.error" - } - } - }, - "user": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user_agent": { - "properties": { - "original": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "device": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } } - } } - } + }, + "composed_of": [ + "logs-apache.error@settings", + "logs-apache.error@custom", + ".fleet_component_template-1" + ], + "priority": 200, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "ingest-manager", + "managed": true + }, + "data_stream": { + "hidden": false } - } - }, - "composed_of": [ - "logs-apache.error@settings", - "logs-apache.error@custom", - ".fleet_component_template-1" - ], - "priority": 200, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "ingest-manager", - "managed": true - }, - "data_stream": { - "hidden": false } - } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/metrics-apache.status.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/metrics-apache.status.json index 6ee90f181..6aefaa654 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/metrics-apache.status.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/metrics-apache.status.json @@ -1,509 +1,509 @@ { - "name": "metrics-apache.status", - "index_template": { - "index_patterns": [ - "metrics-apache.status-*" - ], - "template": { - "settings": {}, - "mappings": { - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "ingest-manager", - "managed": true - }, - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } + "name": "metrics-apache.status", + "index_template": { + "index_patterns": [ + "metrics-apache.status-*" ], - "date_detection": false, - "properties": { - "cloud": { - "properties": { - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "instance": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - }, - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "container": { - "properties": { - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "labels": { - "type": "object" - } - } - }, - "@timestamp": { - "type": "date" - }, - "apache": { - "properties": { - "status": { - "properties": { - "bytes_per_request": { - "meta": { - "metric_type": "gauge" + "template": { + "settings": {}, + "mappings": { + "_meta": { + "package": { + "name": "apache" }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "load": { - "properties": { - "1": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "15": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "5": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - } + "managed_by": "ingest-manager", + "managed": true + }, + "dynamic_templates": [ + { + "strings_as_keyword": { + "mapping": { + "ignore_above": 1024, + "type": "keyword" + }, + "match_mapping_type": "string" + } } - }, - "bytes_per_sec": { - "meta": { - "metric_type": "gauge" + ], + "date_detection": false, + "properties": { + "cloud": { + "properties": { + "availability_zone": { + "ignore_above": 1024, + "type": "keyword" + }, + "image": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "instance": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "provider": { + "ignore_above": 1024, + "type": "keyword" + }, + "machine": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "project": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "region": { + "ignore_above": 1024, + "type": "keyword" + }, + "account": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "total_bytes": { - "meta": { - "unit": "byte", - "metric_type": "counter" + "container": { + "properties": { + "image": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "labels": { + "type": "object" + } + } }, - "type": "long" - }, - "cpu": { - "properties": { - "system": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "load": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "children_system": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "children_user": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "user": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "total_accesses": { - "meta": { - "metric_type": "counter" + "@timestamp": { + "type": "date" }, - "type": "long" - }, - "scoreboard": { - "properties": { - "total": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "keepalive": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "idle_cleanup": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "waiting_for_connection": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "logging": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "gracefully_finishing": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "open_slot": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "dns_lookup": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "sending_reply": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "closing_connection": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "starting_up": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "reading_request": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - } - } - }, - "workers": { - "properties": { - "idle": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "busy": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - } - } - }, - "connections": { - "properties": { - "async": { + "apache": { "properties": { - "closing": { - "meta": { - "metric_type": "gauge" + "status": { + "properties": { + "bytes_per_request": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "load": { + "properties": { + "1": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "15": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "5": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + } + } + }, + "bytes_per_sec": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "total_bytes": { + "meta": { + "unit": "byte", + "metric_type": "counter" + }, + "type": "long" + }, + "cpu": { + "properties": { + "system": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "load": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "children_system": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "children_user": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "user": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + } + } + }, + "total_accesses": { + "meta": { + "metric_type": "counter" + }, + "type": "long" + }, + "scoreboard": { + "properties": { + "total": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "keepalive": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "idle_cleanup": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "waiting_for_connection": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "logging": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "gracefully_finishing": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "open_slot": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "dns_lookup": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "sending_reply": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "closing_connection": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "starting_up": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "reading_request": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + } + } + }, + "workers": { + "properties": { + "idle": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "busy": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + } + } + }, + "connections": { + "properties": { + "async": { + "properties": { + "closing": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "writing": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "keep_alive": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + } + } + }, + "total": { + "meta": { + "metric_type": "counter" + }, + "type": "long" + } + } + }, + "requests_per_sec": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "uptime": { + "properties": { + "server_uptime": { + "meta": { + "metric_type": "counter" + }, + "type": "long" + }, + "uptime": { + "meta": { + "metric_type": "counter" + }, + "type": "long" + } + } + } + } + } + } + }, + "ecs": { + "properties": { + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "data_stream": { + "properties": { + "namespace": { + "type": "constant_keyword" }, - "type": "long" - }, - "writing": { - "meta": { - "metric_type": "gauge" + "type": { + "type": "constant_keyword" }, - "type": "long" - }, - "keep_alive": { - "meta": { - "metric_type": "gauge" + "dataset": { + "type": "constant_keyword" + } + } + }, + "service": { + "properties": { + "address": { + "ignore_above": 1024, + "type": "keyword" }, - "type": "long" - } + "type": { + "ignore_above": 1024, + "type": "keyword" + } } - }, - "total": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - } - } - }, - "requests_per_sec": { - "meta": { - "metric_type": "gauge" }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "uptime": { - "properties": { - "server_uptime": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - }, - "uptime": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - } - } - } - } - } - } - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } - }, - "service": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "host": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "text" - } + "host": { + "properties": { + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "build": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "codename": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "text": { + "type": "text" + } + } + }, + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + }, + "containerized": { + "type": "boolean" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "architecture": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "event": { + "properties": { + "module": { + "type": "constant_keyword", + "value": "apache" + }, + "dataset": { + "type": "constant_keyword", + "value": "apache.status" + } + } + }, + "error": { + "properties": { + "message": { + "type": "match_only_text" + } + } } - }, - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - } } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "containerized": { - "type": "boolean" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "architecture": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event": { - "properties": { - "module": { - "type": "constant_keyword", - "value": "apache" - }, - "dataset": { - "type": "constant_keyword", - "value": "apache.status" - } - } - }, - "error": { - "properties": { - "message": { - "type": "match_only_text" - } } - } + }, + "composed_of": [ + "metrics-apache.status@settings", + "metrics-apache.status@custom", + ".fleet_component_template-1" + ], + "priority": 200, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "ingest-manager", + "managed": true + }, + "data_stream": { + "hidden": false } - } - }, - "composed_of": [ - "metrics-apache.status@settings", - "metrics-apache.status@custom", - ".fleet_component_template-1" - ], - "priority": 200, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "ingest-manager", - "managed": true - }, - "data_stream": { - "hidden": false } - } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/.fleet_final_pipeline-1.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/.fleet_final_pipeline-1.json index 4fe60d4b4..73d074234 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/.fleet_final_pipeline-1.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/.fleet_final_pipeline-1.json @@ -1,88 +1,88 @@ { - "version": 1, - "description": "Final pipeline for processing all incoming Fleet Agent documents.\n", - "processors": [ - { - "set": { - "description": "Add time when event was ingested.", - "field": "event.ingested", - "copy_from": "_ingest.timestamp" - } - }, - { - "script": { - "description": "Remove sub-seconds from event.ingested to improve storage efficiency.", - "tag": "truncate-subseconds-event-ingested", - "source": "ctx.event.ingested = ctx.event.ingested.withNano(0).format(DateTimeFormatter.ISO_OFFSET_DATE_TIME);", - "ignore_failure": true - } - }, - { - "remove": { - "description": "Remove any pre-existing untrusted values.", - "field": [ - "event.agent_id_status", - "_security" - ], - "ignore_missing": true - } - }, - { - "set_security_user": { - "field": "_security", - "properties": [ - "authentication_type", - "username", - "realm", - "api_key" - ] - } - }, - { - "script": { - "description": "Add event.agent_id_status based on the API key metadata and the agent.id contained in the event.\n", - "tag": "agent-id-status", - "source": "boolean is_user_trusted(def ctx, def users) {\n if (ctx?._security?.username == null) {\n return false;\n }\n\n def user = null;\n for (def item : users) {\n if (item?.username == ctx._security.username) {\n user = item;\n break;\n }\n }\n\n if (user == null || user?.realm == null || ctx?._security?.realm?.name == null) {\n return false;\n }\n\n if (ctx._security.realm.name != user.realm) {\n return false;\n }\n\n return true;\n}\n\nString verified(def ctx, def params) {\n // No agent.id field to validate.\n if (ctx?.agent?.id == null) {\n return \"missing\";\n }\n\n // Check auth metadata from API key.\n if (ctx?._security?.authentication_type == null\n // Agents only use API keys.\n || ctx._security.authentication_type != 'API_KEY'\n // Verify the API key owner before trusting any metadata it contains.\n || !is_user_trusted(ctx, params.trusted_users)\n // Verify the API key has metadata indicating the assigned agent ID.\n || ctx?._security?.api_key?.metadata?.agent_id == null) {\n return \"auth_metadata_missing\";\n }\n\n // The API key can only be used represent the agent.id it was issued to.\n if (ctx._security.api_key.metadata.agent_id != ctx.agent.id) {\n // Potential masquerade attempt.\n return \"mismatch\";\n }\n\n return \"verified\";\n}\n\nif (ctx?.event == null) {\n ctx.event = [:];\n}\n\nctx.event.agent_id_status = verified(ctx, params);", - "params": { - "trusted_users": [ - { - "username": "elastic/fleet-server", - "realm": "_service_account" - }, - { - "username": "cloud-internal-agent-server", - "realm": "found" - }, - { - "username": "elastic", - "realm": "reserved" + "version": 1, + "description": "Final pipeline for processing all incoming Fleet Agent documents.\n", + "processors": [ + { + "set": { + "description": "Add time when event was ingested.", + "field": "event.ingested", + "copy_from": "_ingest.timestamp" + } + }, + { + "script": { + "description": "Remove sub-seconds from event.ingested to improve storage efficiency.", + "tag": "truncate-subseconds-event-ingested", + "source": "ctx.event.ingested = ctx.event.ingested.withNano(0).format(DateTimeFormatter.ISO_OFFSET_DATE_TIME);", + "ignore_failure": true + } + }, + { + "remove": { + "description": "Remove any pre-existing untrusted values.", + "field": [ + "event.agent_id_status", + "_security" + ], + "ignore_missing": true + } + }, + { + "set_security_user": { + "field": "_security", + "properties": [ + "authentication_type", + "username", + "realm", + "api_key" + ] + } + }, + { + "script": { + "description": "Add event.agent_id_status based on the API key metadata and the agent.id contained in the event.\n", + "tag": "agent-id-status", + "source": "boolean is_user_trusted(def ctx, def users) {\n if (ctx?._security?.username == null) {\n return false;\n }\n\n def user = null;\n for (def item : users) {\n if (item?.username == ctx._security.username) {\n user = item;\n break;\n }\n }\n\n if (user == null || user?.realm == null || ctx?._security?.realm?.name == null) {\n return false;\n }\n\n if (ctx._security.realm.name != user.realm) {\n return false;\n }\n\n return true;\n}\n\nString verified(def ctx, def params) {\n // No agent.id field to validate.\n if (ctx?.agent?.id == null) {\n return \"missing\";\n }\n\n // Check auth metadata from API key.\n if (ctx?._security?.authentication_type == null\n // Agents only use API keys.\n || ctx._security.authentication_type != 'API_KEY'\n // Verify the API key owner before trusting any metadata it contains.\n || !is_user_trusted(ctx, params.trusted_users)\n // Verify the API key has metadata indicating the assigned agent ID.\n || ctx?._security?.api_key?.metadata?.agent_id == null) {\n return \"auth_metadata_missing\";\n }\n\n // The API key can only be used represent the agent.id it was issued to.\n if (ctx._security.api_key.metadata.agent_id != ctx.agent.id) {\n // Potential masquerade attempt.\n return \"mismatch\";\n }\n\n return \"verified\";\n}\n\nif (ctx?.event == null) {\n ctx.event = [:];\n}\n\nctx.event.agent_id_status = verified(ctx, params);", + "params": { + "trusted_users": [ + { + "username": "elastic/fleet-server", + "realm": "_service_account" + }, + { + "username": "cloud-internal-agent-server", + "realm": "found" + }, + { + "username": "elastic", + "realm": "reserved" + } + ] + } + } + }, + { + "remove": { + "field": "_security", + "ignore_missing": true + } + } + ], + "on_failure": [ + { + "remove": { + "field": "_security", + "ignore_missing": true, + "ignore_failure": true + } + }, + { + "append": { + "field": "error.message", + "value": [ + "failed in Fleet agent final_pipeline: {{ _ingest.on_failure_message }}" + ] } - ] } - } - }, - { - "remove": { - "field": "_security", - "ignore_missing": true - } - } - ], - "on_failure": [ - { - "remove": { - "field": "_security", - "ignore_missing": true, - "ignore_failure": true - } - }, - { - "append": { - "field": "error.message", - "value": [ - "failed in Fleet agent final_pipeline: {{ _ingest.on_failure_message }}" - ] - } - } - ] + ] } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.4-third-party.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.4-third-party.json index 4f71b9360..09cc15794 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.4-third-party.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.4-third-party.json @@ -1,67 +1,67 @@ { - "description": "Pipeline for parsing Apache HTTP Server logs from third party api", - "processors": [ - { - "json": { - "field": "message", - "target_field": "json" - } - }, - { - "drop": { - "if": "ctx.json?.result == null" - } - }, - { - "fingerprint": { - "fields": [ - "json.result._cd", - "json.result._indextime", - "json.result._raw", - "json.result._time", - "json.result.host", - "json.result.source" - ], - "target_field": "_id", - "ignore_missing": true - } - }, - { - "set": { - "copy_from": "json.result._raw", - "field": "message", - "ignore_empty_value": true - } - }, - { - "set": { - "copy_from": "json.result.host", - "field": "host.name", - "ignore_empty_value": true - } - }, - { - "set": { - "copy_from": "json.result.source", - "field": "file.path", - "ignore_empty_value": true - } - }, - { - "remove": { - "field": [ - "json" - ], - "ignore_missing": true - } - } - ], - "on_failure": [ - { - "append": { - "field": "error.message", - "value": "error in third-party pipeline: error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}} with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}} {{ _ingest.on_failure_message }}" - } - } - ] + "description": "Pipeline for parsing Apache HTTP Server logs from third party api", + "processors": [ + { + "json": { + "field": "message", + "target_field": "json" + } + }, + { + "drop": { + "if": "ctx.json?.result == null" + } + }, + { + "fingerprint": { + "fields": [ + "json.result._cd", + "json.result._indextime", + "json.result._raw", + "json.result._time", + "json.result.host", + "json.result.source" + ], + "target_field": "_id", + "ignore_missing": true + } + }, + { + "set": { + "copy_from": "json.result._raw", + "field": "message", + "ignore_empty_value": true + } + }, + { + "set": { + "copy_from": "json.result.host", + "field": "host.name", + "ignore_empty_value": true + } + }, + { + "set": { + "copy_from": "json.result.source", + "field": "file.path", + "ignore_empty_value": true + } + }, + { + "remove": { + "field": [ + "json" + ], + "ignore_missing": true + } + } + ], + "on_failure": [ + { + "append": { + "field": "error.message", + "value": "error in third-party pipeline: error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}} with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}} {{ _ingest.on_failure_message }}" + } + } + ] } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.4.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.4.json index e2e3a3816..ca802e200 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.4.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.4.json @@ -1,202 +1,202 @@ { - "description": "Pipeline for parsing Apache HTTP Server access logs. Requires the geoip and user_agent plugins.", - "processors": [ - { - "pipeline": { - "if": "ctx.message.startsWith('{')", - "name": "logs-apache.access-1.3.4-third-party" - } - }, - { - "set": { - "field": "event.ingested", - "value": "{{_ingest.timestamp}}" - } - }, - { - "set": { - "field": "ecs.version", - "value": "1.12.0" - } - }, - { - "rename": { - "field": "message", - "target_field": "event.original" - } - }, - { - "grok": { - "field": "event.original", - "patterns": [ - "%{IPORHOST:destination.domain} %{IPORHOST:source.ip} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"(?:%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}|-)?\" %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)( \"%{DATA:http.request.referrer}\")?( \"%{DATA:user_agent.original}\")?", - "%{IPORHOST:source.address} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"(?:%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}|-)?\" %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)( \"%{DATA:http.request.referrer}\")?( \"%{DATA:user_agent.original}\")?", - "%{IPORHOST:source.address} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"-\" %{NUMBER:http.response.status_code:long} -", - "\\[%{HTTPDATE:apache.access.time}\\] %{IPORHOST:source.address} %{DATA:apache.access.ssl.protocol} %{DATA:apache.access.ssl.cipher} \"%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}\" (-|%{NUMBER:http.response.body.bytes:long})" - ], - "ignore_missing": true - } - }, - { - "uri_parts": { - "field": "_tmp.url_orig", - "ignore_failure": true - } - }, - { - "remove": { - "field": [ - "_tmp" - ], - "ignore_missing": true - } - }, - { - "set": { - "field": "url.domain", - "value": "{{destination.domain}}", - "if": "ctx.url?.domain == null && ctx.destination?.domain != null" - } - }, - { - "set": { - "field": "event.kind", - "value": "event" - } - }, - { - "set": { - "field": "event.category", - "value": "web" - } - }, - { - "set": { - "field": "event.outcome", - "value": "success", - "if": "ctx?.http?.response?.status_code != null && ctx.http.response.status_code < 400" - } - }, - { - "set": { - "field": "event.outcome", - "value": "failure", - "if": "ctx?.http?.response?.status_code != null && ctx.http.response.status_code > 399" - } - }, - { - "grok": { - "field": "source.address", - "ignore_missing": true, - "patterns": [ - "^(%{IP:source.ip}|%{HOSTNAME:source.domain})$" - ] - } - }, - { - "remove": { - "field": "event.created", - "ignore_missing": true, - "ignore_failure": true - } - }, - { - "rename": { - "field": "@timestamp", - "target_field": "event.created" - } - }, - { - "date": { - "field": "apache.access.time", - "target_field": "@timestamp", - "formats": [ - "dd/MMM/yyyy:H:m:s Z" - ], - "ignore_failure": true - } - }, - { - "remove": { - "field": "apache.access.time", - "ignore_failure": true - } - }, - { - "user_agent": { - "field": "user_agent.original", - "ignore_failure": true - } - }, - { - "geoip": { - "field": "source.ip", - "target_field": "source.geo", - "ignore_missing": true - } - }, - { - "geoip": { - "database_file": "GeoLite2-ASN.mmdb", - "field": "source.ip", - "target_field": "source.as", - "properties": [ - "asn", - "organization_name" - ], - "ignore_missing": true - } - }, - { - "rename": { - "field": "source.as.asn", - "target_field": "source.as.number", - "ignore_missing": true - } - }, - { - "rename": { - "field": "source.as.organization_name", - "target_field": "source.as.organization.name", - "ignore_missing": true - } - }, - { - "set": { - "field": "tls.cipher", - "value": "{{apache.access.ssl.cipher}}", - "if": "ctx?.apache?.access?.ssl?.cipher != null" - } - }, - { - "script": { - "lang": "painless", - "if": "ctx?.apache?.access?.ssl?.protocol != null", - "source": "def parts = ctx.apache.access.ssl.protocol.toLowerCase().splitOnToken(\"v\"); if (parts.length != 2) {\n return;\n} if (parts[1].contains(\".\")) {\n ctx.tls.version = parts[1];\n} else {\n ctx.tls.version = parts[1] + \".0\";\n} ctx.tls.version_protocol = parts[0];" - } - }, - { - "script": { - "lang": "painless", - "description": "This script processor iterates over the whole document to remove fields with null values.", - "source": "void handleMap(Map map) {\n for (def x : map.values()) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n map.values().removeIf(v -> v == null);\n}\nvoid handleList(List list) {\n for (def x : list) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n}\nhandleMap(ctx);\n" - } - }, - { - "remove": { - "field": "event.original", - "if": "ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))", - "ignore_failure": true, - "ignore_missing": true - } - } - ], - "on_failure": [ - { - "set": { - "field": "error.message", - "value": "{{ _ingest.on_failure_message }}" - } - } - ] + "description": "Pipeline for parsing Apache HTTP Server access logs. Requires the geoip and user_agent plugins.", + "processors": [ + { + "pipeline": { + "if": "ctx.message.startsWith('{')", + "name": "logs-apache.access-1.3.4-third-party" + } + }, + { + "set": { + "field": "event.ingested", + "value": "{{_ingest.timestamp}}" + } + }, + { + "set": { + "field": "ecs.version", + "value": "1.12.0" + } + }, + { + "rename": { + "field": "message", + "target_field": "event.original" + } + }, + { + "grok": { + "field": "event.original", + "patterns": [ + "%{IPORHOST:destination.domain} %{IPORHOST:source.ip} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"(?:%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}|-)?\" %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)( \"%{DATA:http.request.referrer}\")?( \"%{DATA:user_agent.original}\")?", + "%{IPORHOST:source.address} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"(?:%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}|-)?\" %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)( \"%{DATA:http.request.referrer}\")?( \"%{DATA:user_agent.original}\")?", + "%{IPORHOST:source.address} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"-\" %{NUMBER:http.response.status_code:long} -", + "\\[%{HTTPDATE:apache.access.time}\\] %{IPORHOST:source.address} %{DATA:apache.access.ssl.protocol} %{DATA:apache.access.ssl.cipher} \"%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}\" (-|%{NUMBER:http.response.body.bytes:long})" + ], + "ignore_missing": true + } + }, + { + "uri_parts": { + "field": "_tmp.url_orig", + "ignore_failure": true + } + }, + { + "remove": { + "field": [ + "_tmp" + ], + "ignore_missing": true + } + }, + { + "set": { + "field": "url.domain", + "value": "{{destination.domain}}", + "if": "ctx.url?.domain == null \u0026\u0026 ctx.destination?.domain != null" + } + }, + { + "set": { + "field": "event.kind", + "value": "event" + } + }, + { + "set": { + "field": "event.category", + "value": "web" + } + }, + { + "set": { + "field": "event.outcome", + "value": "success", + "if": "ctx?.http?.response?.status_code != null \u0026\u0026 ctx.http.response.status_code \u003c 400" + } + }, + { + "set": { + "field": "event.outcome", + "value": "failure", + "if": "ctx?.http?.response?.status_code != null \u0026\u0026 ctx.http.response.status_code \u003e 399" + } + }, + { + "grok": { + "field": "source.address", + "ignore_missing": true, + "patterns": [ + "^(%{IP:source.ip}|%{HOSTNAME:source.domain})$" + ] + } + }, + { + "remove": { + "field": "event.created", + "ignore_missing": true, + "ignore_failure": true + } + }, + { + "rename": { + "field": "@timestamp", + "target_field": "event.created" + } + }, + { + "date": { + "field": "apache.access.time", + "target_field": "@timestamp", + "formats": [ + "dd/MMM/yyyy:H:m:s Z" + ], + "ignore_failure": true + } + }, + { + "remove": { + "field": "apache.access.time", + "ignore_failure": true + } + }, + { + "user_agent": { + "field": "user_agent.original", + "ignore_failure": true + } + }, + { + "geoip": { + "field": "source.ip", + "target_field": "source.geo", + "ignore_missing": true + } + }, + { + "geoip": { + "database_file": "GeoLite2-ASN.mmdb", + "field": "source.ip", + "target_field": "source.as", + "properties": [ + "asn", + "organization_name" + ], + "ignore_missing": true + } + }, + { + "rename": { + "field": "source.as.asn", + "target_field": "source.as.number", + "ignore_missing": true + } + }, + { + "rename": { + "field": "source.as.organization_name", + "target_field": "source.as.organization.name", + "ignore_missing": true + } + }, + { + "set": { + "field": "tls.cipher", + "value": "{{apache.access.ssl.cipher}}", + "if": "ctx?.apache?.access?.ssl?.cipher != null" + } + }, + { + "script": { + "lang": "painless", + "if": "ctx?.apache?.access?.ssl?.protocol != null", + "source": "def parts = ctx.apache.access.ssl.protocol.toLowerCase().splitOnToken(\"v\"); if (parts.length != 2) {\n return;\n} if (parts[1].contains(\".\")) {\n ctx.tls.version = parts[1];\n} else {\n ctx.tls.version = parts[1] + \".0\";\n} ctx.tls.version_protocol = parts[0];" + } + }, + { + "script": { + "lang": "painless", + "description": "This script processor iterates over the whole document to remove fields with null values.", + "source": "void handleMap(Map map) {\n for (def x : map.values()) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n map.values().removeIf(v -\u003e v == null);\n}\nvoid handleList(List list) {\n for (def x : list) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n}\nhandleMap(ctx);\n" + } + }, + { + "remove": { + "field": "event.original", + "if": "ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))", + "ignore_failure": true, + "ignore_missing": true + } + } + ], + "on_failure": [ + { + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.4-third-party.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.4-third-party.json index 4f71b9360..09cc15794 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.4-third-party.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.4-third-party.json @@ -1,67 +1,67 @@ { - "description": "Pipeline for parsing Apache HTTP Server logs from third party api", - "processors": [ - { - "json": { - "field": "message", - "target_field": "json" - } - }, - { - "drop": { - "if": "ctx.json?.result == null" - } - }, - { - "fingerprint": { - "fields": [ - "json.result._cd", - "json.result._indextime", - "json.result._raw", - "json.result._time", - "json.result.host", - "json.result.source" - ], - "target_field": "_id", - "ignore_missing": true - } - }, - { - "set": { - "copy_from": "json.result._raw", - "field": "message", - "ignore_empty_value": true - } - }, - { - "set": { - "copy_from": "json.result.host", - "field": "host.name", - "ignore_empty_value": true - } - }, - { - "set": { - "copy_from": "json.result.source", - "field": "file.path", - "ignore_empty_value": true - } - }, - { - "remove": { - "field": [ - "json" - ], - "ignore_missing": true - } - } - ], - "on_failure": [ - { - "append": { - "field": "error.message", - "value": "error in third-party pipeline: error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}} with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}} {{ _ingest.on_failure_message }}" - } - } - ] + "description": "Pipeline for parsing Apache HTTP Server logs from third party api", + "processors": [ + { + "json": { + "field": "message", + "target_field": "json" + } + }, + { + "drop": { + "if": "ctx.json?.result == null" + } + }, + { + "fingerprint": { + "fields": [ + "json.result._cd", + "json.result._indextime", + "json.result._raw", + "json.result._time", + "json.result.host", + "json.result.source" + ], + "target_field": "_id", + "ignore_missing": true + } + }, + { + "set": { + "copy_from": "json.result._raw", + "field": "message", + "ignore_empty_value": true + } + }, + { + "set": { + "copy_from": "json.result.host", + "field": "host.name", + "ignore_empty_value": true + } + }, + { + "set": { + "copy_from": "json.result.source", + "field": "file.path", + "ignore_empty_value": true + } + }, + { + "remove": { + "field": [ + "json" + ], + "ignore_missing": true + } + } + ], + "on_failure": [ + { + "append": { + "field": "error.message", + "value": "error in third-party pipeline: error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}} with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}} {{ _ingest.on_failure_message }}" + } + } + ] } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.4.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.4.json index abda1839b..300572b3a 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.4.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.4.json @@ -1,190 +1,190 @@ { - "description": "Pipeline for parsing apache error logs", - "processors": [ - { - "pipeline": { - "if": "ctx.message.startsWith('{')", - "name": "logs-apache.error-1.3.4-third-party" - } - }, - { - "set": { - "field": "event.ingested", - "value": "{{_ingest.timestamp}}" - } - }, - { - "set": { - "field": "ecs.version", - "value": "1.12.0" - } - }, - { - "rename": { - "field": "message", - "target_field": "event.original" - } - }, - { - "grok": { - "field": "event.original", - "patterns": [ - "\\[%{APACHE_TIME:apache.error.timestamp}\\] \\[%{LOGLEVEL:log.level}\\]( \\[client %{IPORHOST:source.address}(:%{POSINT:source.port})?\\])? %{GREEDYDATA:message}", - "\\[%{APACHE_TIME:apache.error.timestamp}\\] \\[%{DATA:apache.error.module}:%{APACHE_LOGLEVEL:log.level}\\] \\[pid %{NUMBER:process.pid:long}(:tid %{NUMBER:process.thread.id:long})?\\]( \\[client %{IPORHOST:source.address}(:%{POSINT:source.port})?\\])? %{GREEDYDATA:message}" - ], - "pattern_definitions": { - "APACHE_LOGLEVEL": "%{LOGLEVEL}[0-9]*", - "APACHE_TIME": "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}" - }, - "ignore_missing": true - } - }, - { - "grok": { - "field": "message", - "patterns": [ - "File does not exist: %{URIPATH:file.path}, referer: %{URI:http.request.referrer}", - "File does not exist: %{URIPATH:file.path}" - ], - "ignore_missing": true, - "ignore_failure": true - } - }, - { - "date": { - "if": "ctx.event.timezone == null", - "field": "apache.error.timestamp", - "target_field": "@timestamp", - "formats": [ - "EEE MMM dd H:m:s yyyy", - "EEE MMM dd H:m:s.SSSSSS yyyy" - ], - "on_failure": [ - { - "append": { - "field": "error.message", - "value": "{{ _ingest.on_failure_message }}" - } - } - ] - } - }, - { - "date": { - "if": "ctx.event.timezone != null", - "field": "apache.error.timestamp", - "target_field": "@timestamp", - "formats": [ - "EEE MMM dd H:m:s yyyy", - "EEE MMM dd H:m:s.SSSSSS yyyy" - ], - "timezone": "{{ event.timezone }}", - "on_failure": [ - { - "append": { - "field": "error.message", - "value": "{{ _ingest.on_failure_message }}" - } - } - ] - } - }, - { - "remove": { - "field": "apache.error.timestamp", - "ignore_failure": true - } - }, - { - "set": { - "field": "event.kind", - "value": "event" - } - }, - { - "set": { - "field": "event.category", - "value": "web" - } - }, - { - "script": { - "if": "ctx?.log?.level != null", - "lang": "painless", - "source": "def err_levels = [\"emerg\", \"alert\", \"crit\", \"error\", \"warn\"]; if (err_levels.contains(ctx.log.level)) {\n ctx.event.type = \"error\";\n} else {\n ctx.event.type = \"info\";\n}" - } - }, - { - "grok": { - "field": "source.address", - "ignore_missing": true, - "patterns": [ - "^(%{IP:source.ip}|%{HOSTNAME:source.domain})$" - ] - } - }, - { - "geoip": { - "field": "source.ip", - "target_field": "source.geo", - "ignore_missing": true - } - }, - { - "geoip": { - "database_file": "GeoLite2-ASN.mmdb", - "field": "source.ip", - "target_field": "source.as", - "properties": [ - "asn", - "organization_name" - ], - "ignore_missing": true - } - }, - { - "rename": { - "field": "source.as.asn", - "target_field": "source.as.number", - "ignore_missing": true - } - }, - { - "rename": { - "field": "source.as.organization_name", - "target_field": "source.as.organization.name", - "ignore_missing": true - } - }, - { - "convert": { - "field": "source.port", - "type": "long", - "ignore_missing": true - } - }, - { - "script": { - "lang": "painless", - "description": "This script processor iterates over the whole document to remove fields with null values.", - "source": "void handleMap(Map map) {\n for (def x : map.values()) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n map.values().removeIf(v -> v == null);\n}\nvoid handleList(List list) {\n for (def x : list) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n}\nhandleMap(ctx);\n" - } - }, - { - "remove": { - "field": "event.original", - "if": "ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))", - "ignore_failure": true, - "ignore_missing": true - } - } - ], - "on_failure": [ - { - "set": { - "field": "error.message", - "value": "{{ _ingest.on_failure_message }}" - } - } - ] + "description": "Pipeline for parsing apache error logs", + "processors": [ + { + "pipeline": { + "if": "ctx.message.startsWith('{')", + "name": "logs-apache.error-1.3.4-third-party" + } + }, + { + "set": { + "field": "event.ingested", + "value": "{{_ingest.timestamp}}" + } + }, + { + "set": { + "field": "ecs.version", + "value": "1.12.0" + } + }, + { + "rename": { + "field": "message", + "target_field": "event.original" + } + }, + { + "grok": { + "field": "event.original", + "patterns": [ + "\\[%{APACHE_TIME:apache.error.timestamp}\\] \\[%{LOGLEVEL:log.level}\\]( \\[client %{IPORHOST:source.address}(:%{POSINT:source.port})?\\])? %{GREEDYDATA:message}", + "\\[%{APACHE_TIME:apache.error.timestamp}\\] \\[%{DATA:apache.error.module}:%{APACHE_LOGLEVEL:log.level}\\] \\[pid %{NUMBER:process.pid:long}(:tid %{NUMBER:process.thread.id:long})?\\]( \\[client %{IPORHOST:source.address}(:%{POSINT:source.port})?\\])? %{GREEDYDATA:message}" + ], + "pattern_definitions": { + "APACHE_LOGLEVEL": "%{LOGLEVEL}[0-9]*", + "APACHE_TIME": "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}" + }, + "ignore_missing": true + } + }, + { + "grok": { + "field": "message", + "patterns": [ + "File does not exist: %{URIPATH:file.path}, referer: %{URI:http.request.referrer}", + "File does not exist: %{URIPATH:file.path}" + ], + "ignore_missing": true, + "ignore_failure": true + } + }, + { + "date": { + "if": "ctx.event.timezone == null", + "field": "apache.error.timestamp", + "target_field": "@timestamp", + "formats": [ + "EEE MMM dd H:m:s yyyy", + "EEE MMM dd H:m:s.SSSSSS yyyy" + ], + "on_failure": [ + { + "append": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] + } + }, + { + "date": { + "if": "ctx.event.timezone != null", + "field": "apache.error.timestamp", + "target_field": "@timestamp", + "formats": [ + "EEE MMM dd H:m:s yyyy", + "EEE MMM dd H:m:s.SSSSSS yyyy" + ], + "timezone": "{{ event.timezone }}", + "on_failure": [ + { + "append": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] + } + }, + { + "remove": { + "field": "apache.error.timestamp", + "ignore_failure": true + } + }, + { + "set": { + "field": "event.kind", + "value": "event" + } + }, + { + "set": { + "field": "event.category", + "value": "web" + } + }, + { + "script": { + "if": "ctx?.log?.level != null", + "lang": "painless", + "source": "def err_levels = [\"emerg\", \"alert\", \"crit\", \"error\", \"warn\"]; if (err_levels.contains(ctx.log.level)) {\n ctx.event.type = \"error\";\n} else {\n ctx.event.type = \"info\";\n}" + } + }, + { + "grok": { + "field": "source.address", + "ignore_missing": true, + "patterns": [ + "^(%{IP:source.ip}|%{HOSTNAME:source.domain})$" + ] + } + }, + { + "geoip": { + "field": "source.ip", + "target_field": "source.geo", + "ignore_missing": true + } + }, + { + "geoip": { + "database_file": "GeoLite2-ASN.mmdb", + "field": "source.ip", + "target_field": "source.as", + "properties": [ + "asn", + "organization_name" + ], + "ignore_missing": true + } + }, + { + "rename": { + "field": "source.as.asn", + "target_field": "source.as.number", + "ignore_missing": true + } + }, + { + "rename": { + "field": "source.as.organization_name", + "target_field": "source.as.organization.name", + "ignore_missing": true + } + }, + { + "convert": { + "field": "source.port", + "type": "long", + "ignore_missing": true + } + }, + { + "script": { + "lang": "painless", + "description": "This script processor iterates over the whole document to remove fields with null values.", + "source": "void handleMap(Map map) {\n for (def x : map.values()) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n map.values().removeIf(v -\u003e v == null);\n}\nvoid handleList(List list) {\n for (def x : list) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n}\nhandleMap(ctx);\n" + } + }, + { + "remove": { + "field": "event.original", + "if": "ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))", + "ignore_failure": true, + "ignore_missing": true + } + } + ], + "on_failure": [ + { + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/.fleet_component_template-1.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/.fleet_component_template-1.json index d6283b3f2..1ef11224d 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/.fleet_component_template-1.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/.fleet_component_template-1.json @@ -1,32 +1,32 @@ { - "name": ".fleet_component_template-1", - "component_template": { - "template": { - "settings": { - "index": { - "final_pipeline": ".fleet_final_pipeline-1" - } - }, - "mappings": { - "properties": { - "event": { - "properties": { - "agent_id_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "ingested": { - "format": "strict_date_time_no_millis||strict_date_optional_time||epoch_millis", - "type": "date" - } + "name": ".fleet_component_template-1", + "component_template": { + "template": { + "settings": { + "index": { + "final_pipeline": ".fleet_final_pipeline-1" + } + }, + "mappings": { + "properties": { + "event": { + "properties": { + "agent_id_status": { + "ignore_above": 1024, + "type": "keyword" + }, + "ingested": { + "format": "strict_date_time_no_millis||strict_date_optional_time||epoch_millis", + "type": "date" + } + } + } + } } - } + }, + "_meta": { + "managed_by": "fleet", + "managed": true } - } - }, - "_meta": { - "managed_by": "fleet", - "managed": true } - } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@custom.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@custom.json index cc43b5320..6059896fe 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@custom.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@custom.json @@ -1,15 +1,15 @@ { - "name": "logs-apache.access@custom", - "component_template": { - "template": { - "settings": {} - }, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true + "name": "logs-apache.access@custom", + "component_template": { + "template": { + "settings": {} + }, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true + } } - } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@settings.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@settings.json index 547e96d54..cd660d6eb 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@settings.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@settings.json @@ -1,99 +1,99 @@ { - "name": "logs-apache.access@settings", - "component_template": { - "template": { - "settings": { - "index": { - "lifecycle": { - "name": "logs" - }, - "codec": "best_compression", - "mapping": { - "total_fields": { - "limit": "10000" + "name": "logs-apache.access@settings", + "component_template": { + "template": { + "settings": { + "index": { + "lifecycle": { + "name": "logs" + }, + "codec": "best_compression", + "mapping": { + "total_fields": { + "limit": "10000" + } + }, + "query": { + "default_field": [ + "cloud.account.id", + "cloud.availability_zone", + "cloud.instance.id", + "cloud.instance.name", + "cloud.machine.type", + "cloud.provider", + "cloud.region", + "cloud.project.id", + "cloud.image.id", + "container.id", + "container.image.name", + "container.name", + "host.architecture", + "host.domain", + "host.hostname", + "host.id", + "host.mac", + "host.name", + "host.os.family", + "host.os.kernel", + "host.os.name", + "host.os.platform", + "host.os.version", + "host.type", + "host.os.build", + "host.os.codename", + "input.type", + "destination.domain", + "ecs.version", + "event.category", + "event.kind", + "event.outcome", + "file.path", + "http.request.method", + "http.request.referrer", + "http.version", + "log.file.path", + "log.level", + "source.address", + "source.as.organization.name", + "source.domain", + "source.geo.city_name", + "source.geo.continent_name", + "source.geo.country_iso_code", + "source.geo.country_name", + "source.geo.region_iso_code", + "source.geo.region_name", + "tags", + "tls.cipher", + "tls.version", + "tls.version_protocol", + "url.domain", + "url.extension", + "url.query", + "user.name", + "user_agent.device.name", + "user_agent.device.name", + "user_agent.name", + "user_agent.name", + "user_agent.original", + "user_agent.original", + "user_agent.os.full", + "user_agent.os.name", + "user_agent.os.name", + "user_agent.os.version", + "user_agent.version", + "apache.access.ssl.protocol", + "apache.access.ssl.cipher" + ] + } + } } - }, - "query": { - "default_field": [ - "cloud.account.id", - "cloud.availability_zone", - "cloud.instance.id", - "cloud.instance.name", - "cloud.machine.type", - "cloud.provider", - "cloud.region", - "cloud.project.id", - "cloud.image.id", - "container.id", - "container.image.name", - "container.name", - "host.architecture", - "host.domain", - "host.hostname", - "host.id", - "host.mac", - "host.name", - "host.os.family", - "host.os.kernel", - "host.os.name", - "host.os.platform", - "host.os.version", - "host.type", - "host.os.build", - "host.os.codename", - "input.type", - "destination.domain", - "ecs.version", - "event.category", - "event.kind", - "event.outcome", - "file.path", - "http.request.method", - "http.request.referrer", - "http.version", - "log.file.path", - "log.level", - "source.address", - "source.as.organization.name", - "source.domain", - "source.geo.city_name", - "source.geo.continent_name", - "source.geo.country_iso_code", - "source.geo.country_name", - "source.geo.region_iso_code", - "source.geo.region_name", - "tags", - "tls.cipher", - "tls.version", - "tls.version_protocol", - "url.domain", - "url.extension", - "url.query", - "user.name", - "user_agent.device.name", - "user_agent.device.name", - "user_agent.name", - "user_agent.name", - "user_agent.original", - "user_agent.original", - "user_agent.os.full", - "user_agent.os.name", - "user_agent.os.name", - "user_agent.os.version", - "user_agent.version", - "apache.access.ssl.protocol", - "apache.access.ssl.cipher" - ] - } + }, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true } - } - }, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true } - } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@custom.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@custom.json index 7297f02da..044d8ed10 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@custom.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@custom.json @@ -1,15 +1,15 @@ { - "name": "logs-apache.error@custom", - "component_template": { - "template": { - "settings": {} - }, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true + "name": "logs-apache.error@custom", + "component_template": { + "template": { + "settings": {} + }, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true + } } - } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@settings.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@settings.json index fcfcfd233..a0863edaf 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@settings.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@settings.json @@ -1,88 +1,88 @@ { - "name": "logs-apache.error@settings", - "component_template": { - "template": { - "settings": { - "index": { - "lifecycle": { - "name": "logs" - }, - "codec": "best_compression", - "mapping": { - "total_fields": { - "limit": "10000" + "name": "logs-apache.error@settings", + "component_template": { + "template": { + "settings": { + "index": { + "lifecycle": { + "name": "logs" + }, + "codec": "best_compression", + "mapping": { + "total_fields": { + "limit": "10000" + } + }, + "query": { + "default_field": [ + "cloud.account.id", + "cloud.availability_zone", + "cloud.instance.id", + "cloud.instance.name", + "cloud.machine.type", + "cloud.provider", + "cloud.region", + "cloud.project.id", + "cloud.image.id", + "container.id", + "container.image.name", + "container.name", + "host.architecture", + "host.domain", + "host.hostname", + "host.id", + "host.mac", + "host.name", + "host.os.family", + "host.os.kernel", + "host.os.name", + "host.os.platform", + "host.os.version", + "host.type", + "host.os.build", + "host.os.codename", + "input.type", + "tags", + "ecs.version", + "event.category", + "event.kind", + "event.timezone", + "event.type", + "file.path", + "http.request.method", + "http.request.referrer", + "http.version", + "log.file.path", + "log.level", + "source.address", + "source.as.organization.name", + "source.geo.city_name", + "source.geo.continent_name", + "source.geo.country_iso_code", + "source.geo.country_name", + "source.geo.region_iso_code", + "source.geo.region_name", + "tags", + "url.domain", + "url.extension", + "url.query", + "user.name", + "user_agent.device.name", + "user_agent.name", + "user_agent.original", + "user_agent.os.name", + "apache.error.module" + ] + } + } } - }, - "query": { - "default_field": [ - "cloud.account.id", - "cloud.availability_zone", - "cloud.instance.id", - "cloud.instance.name", - "cloud.machine.type", - "cloud.provider", - "cloud.region", - "cloud.project.id", - "cloud.image.id", - "container.id", - "container.image.name", - "container.name", - "host.architecture", - "host.domain", - "host.hostname", - "host.id", - "host.mac", - "host.name", - "host.os.family", - "host.os.kernel", - "host.os.name", - "host.os.platform", - "host.os.version", - "host.type", - "host.os.build", - "host.os.codename", - "input.type", - "tags", - "ecs.version", - "event.category", - "event.kind", - "event.timezone", - "event.type", - "file.path", - "http.request.method", - "http.request.referrer", - "http.version", - "log.file.path", - "log.level", - "source.address", - "source.as.organization.name", - "source.geo.city_name", - "source.geo.continent_name", - "source.geo.country_iso_code", - "source.geo.country_name", - "source.geo.region_iso_code", - "source.geo.region_name", - "tags", - "url.domain", - "url.extension", - "url.query", - "user.name", - "user_agent.device.name", - "user_agent.name", - "user_agent.original", - "user_agent.os.name", - "apache.error.module" - ] - } + }, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true } - } - }, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true } - } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@custom.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@custom.json index cabce8463..66f11878e 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@custom.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@custom.json @@ -1,15 +1,15 @@ { - "name": "metrics-apache.status@custom", - "component_template": { - "template": { - "settings": {} - }, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true + "name": "metrics-apache.status@custom", + "component_template": { + "template": { + "settings": {} + }, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true + } } - } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@settings.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@settings.json index c878ce03f..9ead41b97 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@settings.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@settings.json @@ -1,60 +1,60 @@ { - "name": "metrics-apache.status@settings", - "component_template": { - "template": { - "settings": { - "index": { - "lifecycle": { - "name": "metrics" - }, - "codec": "best_compression", - "mapping": { - "total_fields": { - "limit": "10000" + "name": "metrics-apache.status@settings", + "component_template": { + "template": { + "settings": { + "index": { + "lifecycle": { + "name": "metrics" + }, + "codec": "best_compression", + "mapping": { + "total_fields": { + "limit": "10000" + } + }, + "query": { + "default_field": [ + "cloud.account.id", + "cloud.availability_zone", + "cloud.instance.id", + "cloud.instance.name", + "cloud.machine.type", + "cloud.provider", + "cloud.region", + "cloud.project.id", + "cloud.image.id", + "container.id", + "container.image.name", + "container.name", + "host.architecture", + "host.domain", + "host.hostname", + "host.id", + "host.mac", + "host.name", + "host.os.family", + "host.os.kernel", + "host.os.name", + "host.os.platform", + "host.os.version", + "host.type", + "host.os.build", + "host.os.codename", + "ecs.version", + "service.address", + "service.type" + ] + } + } } - }, - "query": { - "default_field": [ - "cloud.account.id", - "cloud.availability_zone", - "cloud.instance.id", - "cloud.instance.name", - "cloud.machine.type", - "cloud.provider", - "cloud.region", - "cloud.project.id", - "cloud.image.id", - "container.id", - "container.image.name", - "container.name", - "host.architecture", - "host.domain", - "host.hostname", - "host.id", - "host.mac", - "host.name", - "host.os.family", - "host.os.kernel", - "host.os.name", - "host.os.platform", - "host.os.version", - "host.type", - "host.os.build", - "host.os.codename", - "ecs.version", - "service.address", - "service.type" - ] - } + }, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true } - } - }, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true } - } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/logs.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/logs.json index 0260e14f6..20d386bea 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/logs.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/logs.json @@ -1,45 +1,45 @@ { - "version": 1, - "modified_date": "2022-04-06T15:40:04.029Z", - "policy": { - "phases": { - "hot": { - "min_age": "0ms", - "actions": { - "rollover": { - "max_primary_shard_size": "50gb", - "max_age": "30d" - } + "version": 1, + "modified_date": "2022-04-06T15:40:04.029Z", + "policy": { + "phases": { + "hot": { + "min_age": "0ms", + "actions": { + "rollover": { + "max_primary_shard_size": "50gb", + "max_age": "30d" + } + } + } + }, + "_meta": { + "managed": true, + "description": "default policy for the logs index template installed by x-pack" } - } }, - "_meta": { - "managed": true, - "description": "default policy for the logs index template installed by x-pack" + "in_use_by": { + "indices": [], + "data_streams": [], + "composable_templates": [ + "logs-apache.access", + "logs-elastic_agent.apm_server", + "logs-system.security", + "logs-system.auth", + "logs-elastic_agent.metricbeat", + "logs-elastic_agent.filebeat", + "logs-elastic_agent.packetbeat", + "logs-elastic_agent.endpoint_security", + "logs-elastic_agent.fleet_server", + "logs-apache.error", + "logs-system.system", + "logs-system.application", + "logs-elastic_agent.osquerybeat", + "logs-elastic_agent.heartbeat", + "logs-system.syslog", + "logs-elastic_agent.auditbeat", + "logs", + "logs-elastic_agent" + ] } - }, - "in_use_by": { - "indices": [], - "data_streams": [], - "composable_templates": [ - "logs-apache.access", - "logs-elastic_agent.apm_server", - "logs-system.security", - "logs-system.auth", - "logs-elastic_agent.metricbeat", - "logs-elastic_agent.filebeat", - "logs-elastic_agent.packetbeat", - "logs-elastic_agent.endpoint_security", - "logs-elastic_agent.fleet_server", - "logs-apache.error", - "logs-system.system", - "logs-system.application", - "logs-elastic_agent.osquerybeat", - "logs-elastic_agent.heartbeat", - "logs-system.syslog", - "logs-elastic_agent.auditbeat", - "logs", - "logs-elastic_agent" - ] - } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/metrics.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/metrics.json index aea99c4d5..e99281b3a 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/metrics.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/metrics.json @@ -1,51 +1,51 @@ { - "version": 1, - "modified_date": "2022-04-06T15:40:04.332Z", - "policy": { - "phases": { - "hot": { - "min_age": "0ms", - "actions": { - "rollover": { - "max_primary_shard_size": "50gb", - "max_age": "30d" - } + "version": 1, + "modified_date": "2022-04-06T15:40:04.332Z", + "policy": { + "phases": { + "hot": { + "min_age": "0ms", + "actions": { + "rollover": { + "max_primary_shard_size": "50gb", + "max_age": "30d" + } + } + } + }, + "_meta": { + "managed": true, + "description": "default policy for the metrics index template installed by x-pack" } - } }, - "_meta": { - "managed": true, - "description": "default policy for the metrics index template installed by x-pack" + "in_use_by": { + "indices": [], + "data_streams": [], + "composable_templates": [ + "metrics-system.process", + "metrics-elastic_agent.packetbeat", + "metrics-system.fsstat", + "metrics-elastic_agent.osquerybeat", + "metrics-elastic_agent.endpoint_security", + "metrics-elastic_agent.apm_server", + "metrics-system.memory", + "metrics-system.socket_summary", + "metrics-apache.status", + "metrics-elastic_agent.elastic_agent", + "metrics-elastic_agent.fleet_server", + "metrics-system.load", + "metrics-system.core", + "metrics-elastic_agent.filebeat", + "metrics-system.uptime", + "metrics-system.process.summary", + "metrics-system.cpu", + "metrics-elastic_agent.heartbeat", + "metrics-system.diskio", + "metrics-elastic_agent.metricbeat", + "metrics-elastic_agent.auditbeat", + "metrics-system.network", + "metrics-system.filesystem", + "metrics" + ] } - }, - "in_use_by": { - "indices": [], - "data_streams": [], - "composable_templates": [ - "metrics-system.process", - "metrics-elastic_agent.packetbeat", - "metrics-system.fsstat", - "metrics-elastic_agent.osquerybeat", - "metrics-elastic_agent.endpoint_security", - "metrics-elastic_agent.apm_server", - "metrics-system.memory", - "metrics-system.socket_summary", - "metrics-apache.status", - "metrics-elastic_agent.elastic_agent", - "metrics-elastic_agent.fleet_server", - "metrics-system.load", - "metrics-system.core", - "metrics-elastic_agent.filebeat", - "metrics-system.uptime", - "metrics-system.process.summary", - "metrics-system.cpu", - "metrics-elastic_agent.heartbeat", - "metrics-system.diskio", - "metrics-elastic_agent.metricbeat", - "metrics-elastic_agent.auditbeat", - "metrics-system.network", - "metrics-system.filesystem", - "metrics" - ] - } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.access.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.access.json index 219cff1e5..961c4dd23 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.access.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.access.json @@ -1,545 +1,545 @@ { - "name": "logs-apache.access", - "index_template": { - "index_patterns": [ - "logs-apache.access-*" - ], - "template": { - "settings": { - "index": { - "default_pipeline": "logs-apache.access-1.3.6" - } - }, - "mappings": { - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true - }, - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } + "name": "logs-apache.access", + "index_template": { + "index_patterns": [ + "logs-apache.access-*" ], - "date_detection": false, - "properties": { - "container": { - "properties": { - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "labels": { - "type": "object" - } - } - }, - "process": { - "properties": { - "pid": { - "type": "long" - }, - "thread": { - "properties": { - "id": { - "type": "long" - } - } - } - } - }, - "log": { - "properties": { - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "offset": { - "type": "long" - }, - "level": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "destination": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "source": { - "properties": { - "geo": { - "properties": { - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } + "template": { + "settings": { + "index": { + "default_pipeline": "logs-apache.access-1.3.6" } - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - } + }, + "mappings": { + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true + }, + "dynamic_templates": [ + { + "strings_as_keyword": { + "mapping": { + "ignore_above": 1024, + "type": "keyword" + }, + "match_mapping_type": "string" + } } - } - } - }, - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - } - } - }, - "error": { - "properties": { - "message": { - "type": "match_only_text" - } - } - }, - "message": { - "type": "match_only_text" - }, - "url": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "wildcard" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "ignore_above": 1024, - "type": "wildcard", - "fields": {} - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - }, - "cloud": { - "properties": { - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "instance": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - }, - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "input": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "@timestamp": { - "type": "date" - }, - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - } - } - }, - "apache": { - "properties": { - "access": { + ], + "date_detection": false, "properties": { - "ssl": { - "properties": { - "cipher": { + "container": { + "properties": { + "image": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "labels": { + "type": "object" + } + } + }, + "process": { + "properties": { + "pid": { + "type": "long" + }, + "thread": { + "properties": { + "id": { + "type": "long" + } + } + } + } + }, + "log": { + "properties": { + "file": { + "properties": { + "path": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "offset": { + "type": "long" + }, + "level": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "destination": { + "properties": { + "domain": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "source": { + "properties": { + "geo": { + "properties": { + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "as": { + "properties": { + "number": { + "type": "long" + }, + "organization": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + } + } + } + } + }, + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + } + } + }, + "error": { + "properties": { + "message": { + "type": "match_only_text" + } + } + }, + "message": { + "type": "match_only_text" + }, + "url": { + "properties": { + "path": { + "ignore_above": 1024, + "type": "wildcard" + }, + "extension": { + "ignore_above": 1024, + "type": "keyword" + }, + "original": { + "ignore_above": 1024, + "type": "wildcard", + "fields": {} + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "query": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "tags": { "ignore_above": 1024, "type": "keyword" - }, - "protocol": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } - }, - "host": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "text" - } - } - }, - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "containerized": { - "type": "boolean" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "architecture": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "http": { - "properties": { - "request": { - "properties": { - "referrer": { - "ignore_above": 1024, - "type": "keyword" - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "response": { - "properties": { - "status_code": { - "type": "long" - }, - "body": { - "properties": { - "bytes": { - "type": "long" - } + }, + "cloud": { + "properties": { + "availability_zone": { + "ignore_above": 1024, + "type": "keyword" + }, + "image": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "instance": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "provider": { + "ignore_above": 1024, + "type": "keyword" + }, + "machine": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "project": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "region": { + "ignore_above": 1024, + "type": "keyword" + }, + "account": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "input": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "@timestamp": { + "type": "date" + }, + "file": { + "properties": { + "path": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + } + } + }, + "apache": { + "properties": { + "access": { + "properties": { + "ssl": { + "properties": { + "cipher": { + "ignore_above": 1024, + "type": "keyword" + }, + "protocol": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + } + } + }, + "ecs": { + "properties": { + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "data_stream": { + "properties": { + "namespace": { + "type": "constant_keyword" + }, + "type": { + "type": "constant_keyword" + }, + "dataset": { + "type": "constant_keyword" + } + } + }, + "host": { + "properties": { + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "build": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "codename": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "text": { + "type": "text" + } + } + }, + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + }, + "containerized": { + "type": "boolean" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "architecture": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "http": { + "properties": { + "request": { + "properties": { + "referrer": { + "ignore_above": 1024, + "type": "keyword" + }, + "method": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "response": { + "properties": { + "status_code": { + "type": "long" + }, + "body": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "tls": { + "properties": { + "cipher": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + }, + "version_protocol": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "event": { + "properties": { + "created": { + "type": "date" + }, + "kind": { + "ignore_above": 1024, + "type": "keyword" + }, + "module": { + "type": "constant_keyword", + "value": "apache" + }, + "category": { + "ignore_above": 1024, + "type": "keyword" + }, + "dataset": { + "type": "constant_keyword", + "value": "apache.access" + }, + "outcome": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "user": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + } + } + }, + "user_agent": { + "properties": { + "original": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + }, + "os": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + }, + "full": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "device": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } } - } } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "tls": { - "properties": { - "cipher": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "version_protocol": { - "ignore_above": 1024, - "type": "keyword" - } } - }, - "event": { - "properties": { - "created": { - "type": "date" - }, - "kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "module": { - "type": "constant_keyword", - "value": "apache" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "dataset": { - "type": "constant_keyword", - "value": "apache.access" - }, - "outcome": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - } - } - }, - "user_agent": { - "properties": { - "original": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - }, - "os": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "device": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } + }, + "composed_of": [ + "logs-apache.access@settings", + "logs-apache.access@custom", + ".fleet_component_template-1" + ], + "priority": 200, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true + }, + "data_stream": { + "hidden": false, + "allow_custom_routing": false } - } - }, - "composed_of": [ - "logs-apache.access@settings", - "logs-apache.access@custom", - ".fleet_component_template-1" - ], - "priority": 200, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true - }, - "data_stream": { - "hidden": false, - "allow_custom_routing": false } - } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.error.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.error.json index 78912bfde..157425454 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.error.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.error.json @@ -1,500 +1,500 @@ { - "name": "logs-apache.error", - "index_template": { - "index_patterns": [ - "logs-apache.error-*" - ], - "template": { - "settings": { - "index": { - "default_pipeline": "logs-apache.error-1.3.6" - } - }, - "mappings": { - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true - }, - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } + "name": "logs-apache.error", + "index_template": { + "index_patterns": [ + "logs-apache.error-*" ], - "date_detection": false, - "properties": { - "container": { - "properties": { - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "labels": { - "type": "object" - } - } - }, - "process": { - "properties": { - "pid": { - "type": "long" - }, - "thread": { - "properties": { - "id": { - "type": "long" - } - } - } - } - }, - "log": { - "properties": { - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "offset": { - "type": "long" - }, - "level": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "source": { - "properties": { - "geo": { - "properties": { - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - } - } - } - } - }, - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "port": { - "type": "long" - }, - "ip": { - "type": "ip" - } - } - }, - "error": { - "properties": { - "message": { - "type": "match_only_text" - } - } - }, - "message": { - "type": "match_only_text" - }, - "url": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "wildcard" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "ignore_above": 1024, - "type": "wildcard", - "fields": {} - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - }, - "cloud": { - "properties": { - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "instance": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - }, - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "input": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "@timestamp": { - "type": "date" - }, - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - } - } - }, - "apache": { - "properties": { - "error": { - "properties": { - "module": { - "ignore_above": 1024, - "type": "keyword" - } + "template": { + "settings": { + "index": { + "default_pipeline": "logs-apache.error-1.3.6" } - } - } - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } - }, - "host": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "text" - } + }, + "mappings": { + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true + }, + "dynamic_templates": [ + { + "strings_as_keyword": { + "mapping": { + "ignore_above": 1024, + "type": "keyword" + }, + "match_mapping_type": "string" + } } - }, - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "containerized": { - "type": "boolean" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "architecture": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "http": { - "properties": { - "request": { + ], + "date_detection": false, "properties": { - "referrer": { - "ignore_above": 1024, - "type": "keyword" - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "response": { - "properties": { - "status_code": { - "type": "long" - }, - "body": { - "properties": { - "bytes": { - "type": "long" - } + "container": { + "properties": { + "image": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "labels": { + "type": "object" + } + } + }, + "process": { + "properties": { + "pid": { + "type": "long" + }, + "thread": { + "properties": { + "id": { + "type": "long" + } + } + } + } + }, + "log": { + "properties": { + "file": { + "properties": { + "path": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "offset": { + "type": "long" + }, + "level": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "source": { + "properties": { + "geo": { + "properties": { + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "as": { + "properties": { + "number": { + "type": "long" + }, + "organization": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + } + } + } + } + }, + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "port": { + "type": "long" + }, + "ip": { + "type": "ip" + } + } + }, + "error": { + "properties": { + "message": { + "type": "match_only_text" + } + } + }, + "message": { + "type": "match_only_text" + }, + "url": { + "properties": { + "path": { + "ignore_above": 1024, + "type": "wildcard" + }, + "extension": { + "ignore_above": 1024, + "type": "keyword" + }, + "original": { + "ignore_above": 1024, + "type": "wildcard", + "fields": {} + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "query": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "tags": { + "ignore_above": 1024, + "type": "keyword" + }, + "cloud": { + "properties": { + "availability_zone": { + "ignore_above": 1024, + "type": "keyword" + }, + "image": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "instance": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "provider": { + "ignore_above": 1024, + "type": "keyword" + }, + "machine": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "project": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "region": { + "ignore_above": 1024, + "type": "keyword" + }, + "account": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "input": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "@timestamp": { + "type": "date" + }, + "file": { + "properties": { + "path": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + } + } + }, + "apache": { + "properties": { + "error": { + "properties": { + "module": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "ecs": { + "properties": { + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "data_stream": { + "properties": { + "namespace": { + "type": "constant_keyword" + }, + "type": { + "type": "constant_keyword" + }, + "dataset": { + "type": "constant_keyword" + } + } + }, + "host": { + "properties": { + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "build": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "codename": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "text": { + "type": "text" + } + } + }, + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + }, + "containerized": { + "type": "boolean" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "architecture": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "http": { + "properties": { + "request": { + "properties": { + "referrer": { + "ignore_above": 1024, + "type": "keyword" + }, + "method": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "response": { + "properties": { + "status_code": { + "type": "long" + }, + "body": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "event": { + "properties": { + "kind": { + "ignore_above": 1024, + "type": "keyword" + }, + "timezone": { + "ignore_above": 1024, + "type": "keyword" + }, + "module": { + "type": "constant_keyword", + "value": "apache" + }, + "category": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "dataset": { + "type": "constant_keyword", + "value": "apache.error" + } + } + }, + "user": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + } + } + }, + "user_agent": { + "properties": { + "original": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + }, + "os": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "device": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } } - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event": { - "properties": { - "kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - }, - "module": { - "type": "constant_keyword", - "value": "apache" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "dataset": { - "type": "constant_keyword", - "value": "apache.error" - } - } - }, - "user": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - } - } - }, - "user_agent": { - "properties": { - "original": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - }, - "os": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "device": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } } - } } - } + }, + "composed_of": [ + "logs-apache.error@settings", + "logs-apache.error@custom", + ".fleet_component_template-1" + ], + "priority": 200, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true + }, + "data_stream": { + "hidden": false, + "allow_custom_routing": false } - } - }, - "composed_of": [ - "logs-apache.error@settings", - "logs-apache.error@custom", - ".fleet_component_template-1" - ], - "priority": 200, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true - }, - "data_stream": { - "hidden": false, - "allow_custom_routing": false } - } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/metrics-apache.status.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/metrics-apache.status.json index d35ade557..06ee21bd7 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/metrics-apache.status.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/metrics-apache.status.json @@ -1,510 +1,510 @@ { - "name": "metrics-apache.status", - "index_template": { - "index_patterns": [ - "metrics-apache.status-*" - ], - "template": { - "settings": {}, - "mappings": { - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true - }, - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } + "name": "metrics-apache.status", + "index_template": { + "index_patterns": [ + "metrics-apache.status-*" ], - "date_detection": false, - "properties": { - "cloud": { - "properties": { - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "instance": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - }, - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "container": { - "properties": { - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "labels": { - "type": "object" - } - } - }, - "@timestamp": { - "type": "date" - }, - "apache": { - "properties": { - "status": { - "properties": { - "bytes_per_request": { - "meta": { - "metric_type": "gauge" + "template": { + "settings": {}, + "mappings": { + "_meta": { + "package": { + "name": "apache" }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "load": { - "properties": { - "1": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "15": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "5": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - } + "managed_by": "fleet", + "managed": true + }, + "dynamic_templates": [ + { + "strings_as_keyword": { + "mapping": { + "ignore_above": 1024, + "type": "keyword" + }, + "match_mapping_type": "string" + } } - }, - "bytes_per_sec": { - "meta": { - "metric_type": "gauge" + ], + "date_detection": false, + "properties": { + "cloud": { + "properties": { + "availability_zone": { + "ignore_above": 1024, + "type": "keyword" + }, + "image": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "instance": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "provider": { + "ignore_above": 1024, + "type": "keyword" + }, + "machine": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "project": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "region": { + "ignore_above": 1024, + "type": "keyword" + }, + "account": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "total_bytes": { - "meta": { - "unit": "byte", - "metric_type": "counter" + "container": { + "properties": { + "image": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "labels": { + "type": "object" + } + } }, - "type": "long" - }, - "cpu": { - "properties": { - "system": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "load": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "children_system": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "children_user": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "user": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "total_accesses": { - "meta": { - "metric_type": "counter" + "@timestamp": { + "type": "date" }, - "type": "long" - }, - "scoreboard": { - "properties": { - "total": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "keepalive": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "idle_cleanup": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "waiting_for_connection": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "logging": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "gracefully_finishing": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "open_slot": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "dns_lookup": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "sending_reply": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "closing_connection": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "starting_up": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "reading_request": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - } - } - }, - "workers": { - "properties": { - "idle": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "busy": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - } - } - }, - "connections": { - "properties": { - "async": { + "apache": { "properties": { - "closing": { - "meta": { - "metric_type": "gauge" + "status": { + "properties": { + "bytes_per_request": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "load": { + "properties": { + "1": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "15": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "5": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + } + } + }, + "bytes_per_sec": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "total_bytes": { + "meta": { + "unit": "byte", + "metric_type": "counter" + }, + "type": "long" + }, + "cpu": { + "properties": { + "system": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "load": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "children_system": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "children_user": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "user": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + } + } + }, + "total_accesses": { + "meta": { + "metric_type": "counter" + }, + "type": "long" + }, + "scoreboard": { + "properties": { + "total": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "keepalive": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "idle_cleanup": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "waiting_for_connection": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "logging": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "gracefully_finishing": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "open_slot": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "dns_lookup": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "sending_reply": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "closing_connection": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "starting_up": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "reading_request": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + } + } + }, + "workers": { + "properties": { + "idle": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "busy": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + } + } + }, + "connections": { + "properties": { + "async": { + "properties": { + "closing": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "writing": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "keep_alive": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + } + } + }, + "total": { + "meta": { + "metric_type": "counter" + }, + "type": "long" + } + } + }, + "requests_per_sec": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "uptime": { + "properties": { + "server_uptime": { + "meta": { + "metric_type": "counter" + }, + "type": "long" + }, + "uptime": { + "meta": { + "metric_type": "counter" + }, + "type": "long" + } + } + } + } + } + } + }, + "ecs": { + "properties": { + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "data_stream": { + "properties": { + "namespace": { + "type": "constant_keyword" }, - "type": "long" - }, - "writing": { - "meta": { - "metric_type": "gauge" + "type": { + "type": "constant_keyword" }, - "type": "long" - }, - "keep_alive": { - "meta": { - "metric_type": "gauge" + "dataset": { + "type": "constant_keyword" + } + } + }, + "service": { + "properties": { + "address": { + "ignore_above": 1024, + "type": "keyword" }, - "type": "long" - } + "type": { + "ignore_above": 1024, + "type": "keyword" + } } - }, - "total": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - } - } - }, - "requests_per_sec": { - "meta": { - "metric_type": "gauge" }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "uptime": { - "properties": { - "server_uptime": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - }, - "uptime": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - } - } - } - } - } - } - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } - }, - "service": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "host": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "text" - } + "host": { + "properties": { + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "build": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "codename": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "text": { + "type": "text" + } + } + }, + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + }, + "containerized": { + "type": "boolean" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "architecture": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "event": { + "properties": { + "module": { + "type": "constant_keyword", + "value": "apache" + }, + "dataset": { + "type": "constant_keyword", + "value": "apache.status" + } + } + }, + "error": { + "properties": { + "message": { + "type": "match_only_text" + } + } } - }, - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - } } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "containerized": { - "type": "boolean" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "architecture": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event": { - "properties": { - "module": { - "type": "constant_keyword", - "value": "apache" - }, - "dataset": { - "type": "constant_keyword", - "value": "apache.status" - } - } - }, - "error": { - "properties": { - "message": { - "type": "match_only_text" - } } - } + }, + "composed_of": [ + "metrics-apache.status@settings", + "metrics-apache.status@custom", + ".fleet_component_template-1" + ], + "priority": 200, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true + }, + "data_stream": { + "hidden": false, + "allow_custom_routing": false } - } - }, - "composed_of": [ - "metrics-apache.status@settings", - "metrics-apache.status@custom", - ".fleet_component_template-1" - ], - "priority": 200, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true - }, - "data_stream": { - "hidden": false, - "allow_custom_routing": false } - } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/.fleet_final_pipeline-1.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/.fleet_final_pipeline-1.json index ff7d6617e..8fb8c1732 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/.fleet_final_pipeline-1.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/.fleet_final_pipeline-1.json @@ -1,92 +1,92 @@ { - "version": 2, - "_meta": { - "managed_by": "fleet", - "managed": true - }, - "description": "Final pipeline for processing all incoming Fleet Agent documents.\n", - "processors": [ - { - "set": { - "description": "Add time when event was ingested.", - "field": "event.ingested", - "copy_from": "_ingest.timestamp" - } + "version": 2, + "_meta": { + "managed_by": "fleet", + "managed": true }, - { - "script": { - "description": "Remove sub-seconds from event.ingested to improve storage efficiency.", - "tag": "truncate-subseconds-event-ingested", - "source": "ctx.event.ingested = ctx.event.ingested.withNano(0).format(DateTimeFormatter.ISO_OFFSET_DATE_TIME);", - "ignore_failure": true - } - }, - { - "remove": { - "description": "Remove any pre-existing untrusted values.", - "field": [ - "event.agent_id_status", - "_security" - ], - "ignore_missing": true - } - }, - { - "set_security_user": { - "field": "_security", - "properties": [ - "authentication_type", - "username", - "realm", - "api_key" - ] - } - }, - { - "script": { - "description": "Add event.agent_id_status based on the API key metadata and the agent.id contained in the event.\n", - "tag": "agent-id-status", - "source": "boolean is_user_trusted(def ctx, def users) {\n if (ctx?._security?.username == null) {\n return false;\n }\n\n def user = null;\n for (def item : users) {\n if (item?.username == ctx._security.username) {\n user = item;\n break;\n }\n }\n\n if (user == null || user?.realm == null || ctx?._security?.realm?.name == null) {\n return false;\n }\n\n if (ctx._security.realm.name != user.realm) {\n return false;\n }\n\n return true;\n}\n\nString verified(def ctx, def params) {\n // No agent.id field to validate.\n if (ctx?.agent?.id == null) {\n return \"missing\";\n }\n\n // Check auth metadata from API key.\n if (ctx?._security?.authentication_type == null\n // Agents only use API keys.\n || ctx._security.authentication_type != 'API_KEY'\n // Verify the API key owner before trusting any metadata it contains.\n || !is_user_trusted(ctx, params.trusted_users)\n // Verify the API key has metadata indicating the assigned agent ID.\n || ctx?._security?.api_key?.metadata?.agent_id == null) {\n return \"auth_metadata_missing\";\n }\n\n // The API key can only be used represent the agent.id it was issued to.\n if (ctx._security.api_key.metadata.agent_id != ctx.agent.id) {\n // Potential masquerade attempt.\n return \"mismatch\";\n }\n\n return \"verified\";\n}\n\nif (ctx?.event == null) {\n ctx.event = [:];\n}\n\nctx.event.agent_id_status = verified(ctx, params);", - "params": { - "trusted_users": [ - { - "username": "elastic/fleet-server", - "realm": "_service_account" - }, - { - "username": "cloud-internal-agent-server", - "realm": "found" - }, - { - "username": "elastic", - "realm": "reserved" + "description": "Final pipeline for processing all incoming Fleet Agent documents.\n", + "processors": [ + { + "set": { + "description": "Add time when event was ingested.", + "field": "event.ingested", + "copy_from": "_ingest.timestamp" + } + }, + { + "script": { + "description": "Remove sub-seconds from event.ingested to improve storage efficiency.", + "tag": "truncate-subseconds-event-ingested", + "source": "ctx.event.ingested = ctx.event.ingested.withNano(0).format(DateTimeFormatter.ISO_OFFSET_DATE_TIME);", + "ignore_failure": true + } + }, + { + "remove": { + "description": "Remove any pre-existing untrusted values.", + "field": [ + "event.agent_id_status", + "_security" + ], + "ignore_missing": true + } + }, + { + "set_security_user": { + "field": "_security", + "properties": [ + "authentication_type", + "username", + "realm", + "api_key" + ] + } + }, + { + "script": { + "description": "Add event.agent_id_status based on the API key metadata and the agent.id contained in the event.\n", + "tag": "agent-id-status", + "source": "boolean is_user_trusted(def ctx, def users) {\n if (ctx?._security?.username == null) {\n return false;\n }\n\n def user = null;\n for (def item : users) {\n if (item?.username == ctx._security.username) {\n user = item;\n break;\n }\n }\n\n if (user == null || user?.realm == null || ctx?._security?.realm?.name == null) {\n return false;\n }\n\n if (ctx._security.realm.name != user.realm) {\n return false;\n }\n\n return true;\n}\n\nString verified(def ctx, def params) {\n // No agent.id field to validate.\n if (ctx?.agent?.id == null) {\n return \"missing\";\n }\n\n // Check auth metadata from API key.\n if (ctx?._security?.authentication_type == null\n // Agents only use API keys.\n || ctx._security.authentication_type != 'API_KEY'\n // Verify the API key owner before trusting any metadata it contains.\n || !is_user_trusted(ctx, params.trusted_users)\n // Verify the API key has metadata indicating the assigned agent ID.\n || ctx?._security?.api_key?.metadata?.agent_id == null) {\n return \"auth_metadata_missing\";\n }\n\n // The API key can only be used represent the agent.id it was issued to.\n if (ctx._security.api_key.metadata.agent_id != ctx.agent.id) {\n // Potential masquerade attempt.\n return \"mismatch\";\n }\n\n return \"verified\";\n}\n\nif (ctx?.event == null) {\n ctx.event = [:];\n}\n\nctx.event.agent_id_status = verified(ctx, params);", + "params": { + "trusted_users": [ + { + "username": "elastic/fleet-server", + "realm": "_service_account" + }, + { + "username": "cloud-internal-agent-server", + "realm": "found" + }, + { + "username": "elastic", + "realm": "reserved" + } + ] + } + } + }, + { + "remove": { + "field": "_security", + "ignore_missing": true } - ] } - } - }, - { - "remove": { - "field": "_security", - "ignore_missing": true - } - } - ], - "on_failure": [ - { - "remove": { - "field": "_security", - "ignore_missing": true, - "ignore_failure": true - } - }, - { - "append": { - "field": "error.message", - "value": [ - "failed in Fleet agent final_pipeline: {{ _ingest.on_failure_message }}" - ] - } - } - ] + ], + "on_failure": [ + { + "remove": { + "field": "_security", + "ignore_missing": true, + "ignore_failure": true + } + }, + { + "append": { + "field": "error.message", + "value": [ + "failed in Fleet agent final_pipeline: {{ _ingest.on_failure_message }}" + ] + } + } + ] } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6-third-party.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6-third-party.json index 6e0001119..ff2578ba8 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6-third-party.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6-third-party.json @@ -1,74 +1,74 @@ { - "description": "Pipeline for parsing Apache HTTP Server logs from third party api", - "processors": [ - { - "json": { - "field": "message", - "target_field": "json" - } - }, - { - "drop": { - "if": "ctx.json?.result == null" - } - }, - { - "fingerprint": { - "fields": [ - "json.result._cd", - "json.result._indextime", - "json.result._raw", - "json.result._time", - "json.result.host", - "json.result.source" - ], - "target_field": "_id", - "ignore_missing": true - } - }, - { - "set": { - "copy_from": "json.result._raw", - "field": "message", - "ignore_empty_value": true - } - }, - { - "set": { - "copy_from": "json.result.host", - "field": "host.name", - "ignore_empty_value": true - } - }, - { - "set": { - "copy_from": "json.result.source", - "field": "file.path", - "ignore_empty_value": true - } - }, - { - "remove": { - "field": [ - "json" - ], - "ignore_missing": true - } + "description": "Pipeline for parsing Apache HTTP Server logs from third party api", + "processors": [ + { + "json": { + "field": "message", + "target_field": "json" + } + }, + { + "drop": { + "if": "ctx.json?.result == null" + } + }, + { + "fingerprint": { + "fields": [ + "json.result._cd", + "json.result._indextime", + "json.result._raw", + "json.result._time", + "json.result.host", + "json.result.source" + ], + "target_field": "_id", + "ignore_missing": true + } + }, + { + "set": { + "copy_from": "json.result._raw", + "field": "message", + "ignore_empty_value": true + } + }, + { + "set": { + "copy_from": "json.result.host", + "field": "host.name", + "ignore_empty_value": true + } + }, + { + "set": { + "copy_from": "json.result.source", + "field": "file.path", + "ignore_empty_value": true + } + }, + { + "remove": { + "field": [ + "json" + ], + "ignore_missing": true + } + } + ], + "on_failure": [ + { + "append": { + "field": "error.message", + "value": "error in third-party pipeline: error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}} with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}} {{ _ingest.on_failure_message }}" + } + } + ], + "_meta": { + "managed_by": "fleet", + "managed": true, + "package": { + "name": "apache" + } } - ], - "on_failure": [ - { - "append": { - "field": "error.message", - "value": "error in third-party pipeline: error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}} with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}} {{ _ingest.on_failure_message }}" - } - } - ], - "_meta": { - "managed_by": "fleet", - "managed": true, - "package": { - "name": "apache" - } - } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6.json index 4faa9950f..37cd308c7 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6.json @@ -1,209 +1,209 @@ { - "description": "Pipeline for parsing Apache HTTP Server access logs. Requires the geoip and user_agent plugins.", - "processors": [ - { - "pipeline": { - "if": "ctx.message.startsWith('{')", - "name": "logs-apache.access-1.3.6-third-party" - } - }, - { - "set": { - "field": "event.ingested", - "value": "{{_ingest.timestamp}}" - } - }, - { - "set": { - "field": "ecs.version", - "value": "1.12.0" - } - }, - { - "rename": { - "field": "message", - "target_field": "event.original" - } - }, - { - "grok": { - "field": "event.original", - "patterns": [ - "%{IPORHOST:destination.domain} %{IPORHOST:source.ip} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"(?:%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}|-)?\" %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)( \"%{DATA:http.request.referrer}\")?( \"%{DATA:user_agent.original}\")?", - "%{IPORHOST:source.address} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"(?:%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}|-)?\" %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)( \"%{DATA:http.request.referrer}\")?( \"%{DATA:user_agent.original}\")?", - "%{IPORHOST:source.address} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"-\" %{NUMBER:http.response.status_code:long} -", - "\\[%{HTTPDATE:apache.access.time}\\] %{IPORHOST:source.address} %{DATA:apache.access.ssl.protocol} %{DATA:apache.access.ssl.cipher} \"%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}\" (-|%{NUMBER:http.response.body.bytes:long})" - ], - "ignore_missing": true - } - }, - { - "uri_parts": { - "field": "_tmp.url_orig", - "ignore_failure": true - } - }, - { - "remove": { - "field": [ - "_tmp" - ], - "ignore_missing": true - } - }, - { - "set": { - "field": "url.domain", - "value": "{{destination.domain}}", - "if": "ctx.url?.domain == null && ctx.destination?.domain != null" - } - }, - { - "set": { - "field": "event.kind", - "value": "event" - } - }, - { - "set": { - "field": "event.category", - "value": "web" - } - }, - { - "set": { - "field": "event.outcome", - "value": "success", - "if": "ctx?.http?.response?.status_code != null && ctx.http.response.status_code < 400" - } - }, - { - "set": { - "field": "event.outcome", - "value": "failure", - "if": "ctx?.http?.response?.status_code != null && ctx.http.response.status_code > 399" - } - }, - { - "grok": { - "field": "source.address", - "ignore_missing": true, - "patterns": [ - "^(%{IP:source.ip}|%{HOSTNAME:source.domain})$" - ] - } - }, - { - "remove": { - "field": "event.created", - "ignore_missing": true, - "ignore_failure": true - } - }, - { - "rename": { - "field": "@timestamp", - "target_field": "event.created" - } - }, - { - "date": { - "field": "apache.access.time", - "target_field": "@timestamp", - "formats": [ - "dd/MMM/yyyy:H:m:s Z" - ], - "ignore_failure": true - } - }, - { - "remove": { - "field": "apache.access.time", - "ignore_failure": true - } - }, - { - "user_agent": { - "field": "user_agent.original", - "ignore_failure": true - } - }, - { - "geoip": { - "field": "source.ip", - "target_field": "source.geo", - "ignore_missing": true - } - }, - { - "geoip": { - "database_file": "GeoLite2-ASN.mmdb", - "field": "source.ip", - "target_field": "source.as", - "properties": [ - "asn", - "organization_name" - ], - "ignore_missing": true - } - }, - { - "rename": { - "field": "source.as.asn", - "target_field": "source.as.number", - "ignore_missing": true - } - }, - { - "rename": { - "field": "source.as.organization_name", - "target_field": "source.as.organization.name", - "ignore_missing": true - } - }, - { - "set": { - "field": "tls.cipher", - "value": "{{apache.access.ssl.cipher}}", - "if": "ctx?.apache?.access?.ssl?.cipher != null" - } - }, - { - "script": { - "lang": "painless", - "if": "ctx?.apache?.access?.ssl?.protocol != null", - "source": "def parts = ctx.apache.access.ssl.protocol.toLowerCase().splitOnToken(\"v\"); if (parts.length != 2) {\n return;\n} if (parts[1].contains(\".\")) {\n ctx.tls.version = parts[1];\n} else {\n ctx.tls.version = parts[1] + \".0\";\n} ctx.tls.version_protocol = parts[0];" - } - }, - { - "script": { - "lang": "painless", - "description": "This script processor iterates over the whole document to remove fields with null values.", - "source": "void handleMap(Map map) {\n for (def x : map.values()) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n map.values().removeIf(v -> v == null);\n}\nvoid handleList(List list) {\n for (def x : list) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n}\nhandleMap(ctx);\n" - } - }, - { - "remove": { - "field": "event.original", - "if": "ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))", - "ignore_failure": true, - "ignore_missing": true - } + "description": "Pipeline for parsing Apache HTTP Server access logs. Requires the geoip and user_agent plugins.", + "processors": [ + { + "pipeline": { + "if": "ctx.message.startsWith('{')", + "name": "logs-apache.access-1.3.6-third-party" + } + }, + { + "set": { + "field": "event.ingested", + "value": "{{_ingest.timestamp}}" + } + }, + { + "set": { + "field": "ecs.version", + "value": "1.12.0" + } + }, + { + "rename": { + "field": "message", + "target_field": "event.original" + } + }, + { + "grok": { + "field": "event.original", + "patterns": [ + "%{IPORHOST:destination.domain} %{IPORHOST:source.ip} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"(?:%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}|-)?\" %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)( \"%{DATA:http.request.referrer}\")?( \"%{DATA:user_agent.original}\")?", + "%{IPORHOST:source.address} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"(?:%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}|-)?\" %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)( \"%{DATA:http.request.referrer}\")?( \"%{DATA:user_agent.original}\")?", + "%{IPORHOST:source.address} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"-\" %{NUMBER:http.response.status_code:long} -", + "\\[%{HTTPDATE:apache.access.time}\\] %{IPORHOST:source.address} %{DATA:apache.access.ssl.protocol} %{DATA:apache.access.ssl.cipher} \"%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}\" (-|%{NUMBER:http.response.body.bytes:long})" + ], + "ignore_missing": true + } + }, + { + "uri_parts": { + "field": "_tmp.url_orig", + "ignore_failure": true + } + }, + { + "remove": { + "field": [ + "_tmp" + ], + "ignore_missing": true + } + }, + { + "set": { + "field": "url.domain", + "value": "{{destination.domain}}", + "if": "ctx.url?.domain == null \u0026\u0026 ctx.destination?.domain != null" + } + }, + { + "set": { + "field": "event.kind", + "value": "event" + } + }, + { + "set": { + "field": "event.category", + "value": "web" + } + }, + { + "set": { + "field": "event.outcome", + "value": "success", + "if": "ctx?.http?.response?.status_code != null \u0026\u0026 ctx.http.response.status_code \u003c 400" + } + }, + { + "set": { + "field": "event.outcome", + "value": "failure", + "if": "ctx?.http?.response?.status_code != null \u0026\u0026 ctx.http.response.status_code \u003e 399" + } + }, + { + "grok": { + "field": "source.address", + "ignore_missing": true, + "patterns": [ + "^(%{IP:source.ip}|%{HOSTNAME:source.domain})$" + ] + } + }, + { + "remove": { + "field": "event.created", + "ignore_missing": true, + "ignore_failure": true + } + }, + { + "rename": { + "field": "@timestamp", + "target_field": "event.created" + } + }, + { + "date": { + "field": "apache.access.time", + "target_field": "@timestamp", + "formats": [ + "dd/MMM/yyyy:H:m:s Z" + ], + "ignore_failure": true + } + }, + { + "remove": { + "field": "apache.access.time", + "ignore_failure": true + } + }, + { + "user_agent": { + "field": "user_agent.original", + "ignore_failure": true + } + }, + { + "geoip": { + "field": "source.ip", + "target_field": "source.geo", + "ignore_missing": true + } + }, + { + "geoip": { + "database_file": "GeoLite2-ASN.mmdb", + "field": "source.ip", + "target_field": "source.as", + "properties": [ + "asn", + "organization_name" + ], + "ignore_missing": true + } + }, + { + "rename": { + "field": "source.as.asn", + "target_field": "source.as.number", + "ignore_missing": true + } + }, + { + "rename": { + "field": "source.as.organization_name", + "target_field": "source.as.organization.name", + "ignore_missing": true + } + }, + { + "set": { + "field": "tls.cipher", + "value": "{{apache.access.ssl.cipher}}", + "if": "ctx?.apache?.access?.ssl?.cipher != null" + } + }, + { + "script": { + "lang": "painless", + "if": "ctx?.apache?.access?.ssl?.protocol != null", + "source": "def parts = ctx.apache.access.ssl.protocol.toLowerCase().splitOnToken(\"v\"); if (parts.length != 2) {\n return;\n} if (parts[1].contains(\".\")) {\n ctx.tls.version = parts[1];\n} else {\n ctx.tls.version = parts[1] + \".0\";\n} ctx.tls.version_protocol = parts[0];" + } + }, + { + "script": { + "lang": "painless", + "description": "This script processor iterates over the whole document to remove fields with null values.", + "source": "void handleMap(Map map) {\n for (def x : map.values()) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n map.values().removeIf(v -\u003e v == null);\n}\nvoid handleList(List list) {\n for (def x : list) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n}\nhandleMap(ctx);\n" + } + }, + { + "remove": { + "field": "event.original", + "if": "ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))", + "ignore_failure": true, + "ignore_missing": true + } + } + ], + "on_failure": [ + { + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ], + "_meta": { + "managed_by": "fleet", + "managed": true, + "package": { + "name": "apache" + } } - ], - "on_failure": [ - { - "set": { - "field": "error.message", - "value": "{{ _ingest.on_failure_message }}" - } - } - ], - "_meta": { - "managed_by": "fleet", - "managed": true, - "package": { - "name": "apache" - } - } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6-third-party.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6-third-party.json index 6e0001119..ff2578ba8 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6-third-party.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6-third-party.json @@ -1,74 +1,74 @@ { - "description": "Pipeline for parsing Apache HTTP Server logs from third party api", - "processors": [ - { - "json": { - "field": "message", - "target_field": "json" - } - }, - { - "drop": { - "if": "ctx.json?.result == null" - } - }, - { - "fingerprint": { - "fields": [ - "json.result._cd", - "json.result._indextime", - "json.result._raw", - "json.result._time", - "json.result.host", - "json.result.source" - ], - "target_field": "_id", - "ignore_missing": true - } - }, - { - "set": { - "copy_from": "json.result._raw", - "field": "message", - "ignore_empty_value": true - } - }, - { - "set": { - "copy_from": "json.result.host", - "field": "host.name", - "ignore_empty_value": true - } - }, - { - "set": { - "copy_from": "json.result.source", - "field": "file.path", - "ignore_empty_value": true - } - }, - { - "remove": { - "field": [ - "json" - ], - "ignore_missing": true - } + "description": "Pipeline for parsing Apache HTTP Server logs from third party api", + "processors": [ + { + "json": { + "field": "message", + "target_field": "json" + } + }, + { + "drop": { + "if": "ctx.json?.result == null" + } + }, + { + "fingerprint": { + "fields": [ + "json.result._cd", + "json.result._indextime", + "json.result._raw", + "json.result._time", + "json.result.host", + "json.result.source" + ], + "target_field": "_id", + "ignore_missing": true + } + }, + { + "set": { + "copy_from": "json.result._raw", + "field": "message", + "ignore_empty_value": true + } + }, + { + "set": { + "copy_from": "json.result.host", + "field": "host.name", + "ignore_empty_value": true + } + }, + { + "set": { + "copy_from": "json.result.source", + "field": "file.path", + "ignore_empty_value": true + } + }, + { + "remove": { + "field": [ + "json" + ], + "ignore_missing": true + } + } + ], + "on_failure": [ + { + "append": { + "field": "error.message", + "value": "error in third-party pipeline: error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}} with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}} {{ _ingest.on_failure_message }}" + } + } + ], + "_meta": { + "managed_by": "fleet", + "managed": true, + "package": { + "name": "apache" + } } - ], - "on_failure": [ - { - "append": { - "field": "error.message", - "value": "error in third-party pipeline: error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}} with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}} {{ _ingest.on_failure_message }}" - } - } - ], - "_meta": { - "managed_by": "fleet", - "managed": true, - "package": { - "name": "apache" - } - } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6.json index 979cb41ed..2a9e3a63f 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6.json @@ -1,197 +1,197 @@ { - "description": "Pipeline for parsing apache error logs", - "processors": [ - { - "pipeline": { - "if": "ctx.message.startsWith('{')", - "name": "logs-apache.error-1.3.6-third-party" - } - }, - { - "set": { - "field": "event.ingested", - "value": "{{_ingest.timestamp}}" - } - }, - { - "set": { - "field": "ecs.version", - "value": "1.12.0" - } - }, - { - "rename": { - "field": "message", - "target_field": "event.original" - } - }, - { - "grok": { - "field": "event.original", - "patterns": [ - "\\[%{APACHE_TIME:apache.error.timestamp}\\] \\[%{LOGLEVEL:log.level}\\]( \\[client %{IPORHOST:source.address}(:%{POSINT:source.port})?\\])? %{GREEDYDATA:message}", - "\\[%{APACHE_TIME:apache.error.timestamp}\\] \\[%{DATA:apache.error.module}:%{APACHE_LOGLEVEL:log.level}\\] \\[pid %{NUMBER:process.pid:long}(:tid %{NUMBER:process.thread.id:long})?\\]( \\[client %{IPORHOST:source.address}(:%{POSINT:source.port})?\\])? %{GREEDYDATA:message}" - ], - "pattern_definitions": { - "APACHE_LOGLEVEL": "%{LOGLEVEL}[0-9]*", - "APACHE_TIME": "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}" - }, - "ignore_missing": true - } - }, - { - "grok": { - "field": "message", - "patterns": [ - "File does not exist: %{URIPATH:file.path}, referer: %{URI:http.request.referrer}", - "File does not exist: %{URIPATH:file.path}" - ], - "ignore_missing": true, - "ignore_failure": true - } - }, - { - "date": { - "if": "ctx.event.timezone == null", - "field": "apache.error.timestamp", - "target_field": "@timestamp", - "formats": [ - "EEE MMM dd H:m:s yyyy", - "EEE MMM dd H:m:s.SSSSSS yyyy" - ], - "on_failure": [ - { - "append": { - "field": "error.message", - "value": "{{ _ingest.on_failure_message }}" - } - } - ] - } - }, - { - "date": { - "if": "ctx.event.timezone != null", - "field": "apache.error.timestamp", - "target_field": "@timestamp", - "formats": [ - "EEE MMM dd H:m:s yyyy", - "EEE MMM dd H:m:s.SSSSSS yyyy" - ], - "timezone": "{{ event.timezone }}", - "on_failure": [ - { - "append": { - "field": "error.message", - "value": "{{ _ingest.on_failure_message }}" - } - } - ] - } - }, - { - "remove": { - "field": "apache.error.timestamp", - "ignore_failure": true - } - }, - { - "set": { - "field": "event.kind", - "value": "event" - } - }, - { - "set": { - "field": "event.category", - "value": "web" - } - }, - { - "script": { - "if": "ctx?.log?.level != null", - "lang": "painless", - "source": "def err_levels = [\"emerg\", \"alert\", \"crit\", \"error\", \"warn\"]; if (err_levels.contains(ctx.log.level)) {\n ctx.event.type = \"error\";\n} else {\n ctx.event.type = \"info\";\n}" - } - }, - { - "grok": { - "field": "source.address", - "ignore_missing": true, - "patterns": [ - "^(%{IP:source.ip}|%{HOSTNAME:source.domain})$" - ] - } - }, - { - "geoip": { - "field": "source.ip", - "target_field": "source.geo", - "ignore_missing": true - } - }, - { - "geoip": { - "database_file": "GeoLite2-ASN.mmdb", - "field": "source.ip", - "target_field": "source.as", - "properties": [ - "asn", - "organization_name" - ], - "ignore_missing": true - } - }, - { - "rename": { - "field": "source.as.asn", - "target_field": "source.as.number", - "ignore_missing": true - } - }, - { - "rename": { - "field": "source.as.organization_name", - "target_field": "source.as.organization.name", - "ignore_missing": true - } - }, - { - "convert": { - "field": "source.port", - "type": "long", - "ignore_missing": true - } - }, - { - "script": { - "lang": "painless", - "description": "This script processor iterates over the whole document to remove fields with null values.", - "source": "void handleMap(Map map) {\n for (def x : map.values()) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n map.values().removeIf(v -> v == null);\n}\nvoid handleList(List list) {\n for (def x : list) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n}\nhandleMap(ctx);\n" - } - }, - { - "remove": { - "field": "event.original", - "if": "ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))", - "ignore_failure": true, - "ignore_missing": true - } - } - ], - "on_failure": [ - { - "set": { - "field": "error.message", - "value": "{{ _ingest.on_failure_message }}" - } - } - ], - "_meta": { - "managed_by": "fleet", - "managed": true, - "package": { - "name": "apache" + "description": "Pipeline for parsing apache error logs", + "processors": [ + { + "pipeline": { + "if": "ctx.message.startsWith('{')", + "name": "logs-apache.error-1.3.6-third-party" + } + }, + { + "set": { + "field": "event.ingested", + "value": "{{_ingest.timestamp}}" + } + }, + { + "set": { + "field": "ecs.version", + "value": "1.12.0" + } + }, + { + "rename": { + "field": "message", + "target_field": "event.original" + } + }, + { + "grok": { + "field": "event.original", + "patterns": [ + "\\[%{APACHE_TIME:apache.error.timestamp}\\] \\[%{LOGLEVEL:log.level}\\]( \\[client %{IPORHOST:source.address}(:%{POSINT:source.port})?\\])? %{GREEDYDATA:message}", + "\\[%{APACHE_TIME:apache.error.timestamp}\\] \\[%{DATA:apache.error.module}:%{APACHE_LOGLEVEL:log.level}\\] \\[pid %{NUMBER:process.pid:long}(:tid %{NUMBER:process.thread.id:long})?\\]( \\[client %{IPORHOST:source.address}(:%{POSINT:source.port})?\\])? %{GREEDYDATA:message}" + ], + "pattern_definitions": { + "APACHE_LOGLEVEL": "%{LOGLEVEL}[0-9]*", + "APACHE_TIME": "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}" + }, + "ignore_missing": true + } + }, + { + "grok": { + "field": "message", + "patterns": [ + "File does not exist: %{URIPATH:file.path}, referer: %{URI:http.request.referrer}", + "File does not exist: %{URIPATH:file.path}" + ], + "ignore_missing": true, + "ignore_failure": true + } + }, + { + "date": { + "if": "ctx.event.timezone == null", + "field": "apache.error.timestamp", + "target_field": "@timestamp", + "formats": [ + "EEE MMM dd H:m:s yyyy", + "EEE MMM dd H:m:s.SSSSSS yyyy" + ], + "on_failure": [ + { + "append": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] + } + }, + { + "date": { + "if": "ctx.event.timezone != null", + "field": "apache.error.timestamp", + "target_field": "@timestamp", + "formats": [ + "EEE MMM dd H:m:s yyyy", + "EEE MMM dd H:m:s.SSSSSS yyyy" + ], + "timezone": "{{ event.timezone }}", + "on_failure": [ + { + "append": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] + } + }, + { + "remove": { + "field": "apache.error.timestamp", + "ignore_failure": true + } + }, + { + "set": { + "field": "event.kind", + "value": "event" + } + }, + { + "set": { + "field": "event.category", + "value": "web" + } + }, + { + "script": { + "if": "ctx?.log?.level != null", + "lang": "painless", + "source": "def err_levels = [\"emerg\", \"alert\", \"crit\", \"error\", \"warn\"]; if (err_levels.contains(ctx.log.level)) {\n ctx.event.type = \"error\";\n} else {\n ctx.event.type = \"info\";\n}" + } + }, + { + "grok": { + "field": "source.address", + "ignore_missing": true, + "patterns": [ + "^(%{IP:source.ip}|%{HOSTNAME:source.domain})$" + ] + } + }, + { + "geoip": { + "field": "source.ip", + "target_field": "source.geo", + "ignore_missing": true + } + }, + { + "geoip": { + "database_file": "GeoLite2-ASN.mmdb", + "field": "source.ip", + "target_field": "source.as", + "properties": [ + "asn", + "organization_name" + ], + "ignore_missing": true + } + }, + { + "rename": { + "field": "source.as.asn", + "target_field": "source.as.number", + "ignore_missing": true + } + }, + { + "rename": { + "field": "source.as.organization_name", + "target_field": "source.as.organization.name", + "ignore_missing": true + } + }, + { + "convert": { + "field": "source.port", + "type": "long", + "ignore_missing": true + } + }, + { + "script": { + "lang": "painless", + "description": "This script processor iterates over the whole document to remove fields with null values.", + "source": "void handleMap(Map map) {\n for (def x : map.values()) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n map.values().removeIf(v -\u003e v == null);\n}\nvoid handleList(List list) {\n for (def x : list) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n}\nhandleMap(ctx);\n" + } + }, + { + "remove": { + "field": "event.original", + "if": "ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))", + "ignore_failure": true, + "ignore_missing": true + } + } + ], + "on_failure": [ + { + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ], + "_meta": { + "managed_by": "fleet", + "managed": true, + "package": { + "name": "apache" + } } - } } \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-dump/agentpolicy/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e.json b/internal/dump/testdata/fleet-7-dump/agentpolicy/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e.json index e76912f49..09dba2f7d 100644 --- a/internal/dump/testdata/fleet-7-dump/agentpolicy/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e.json +++ b/internal/dump/testdata/fleet-7-dump/agentpolicy/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e.json @@ -1,77 +1,77 @@ { - "id": "499b5aa7-d214-5b5d-838b-3cd76469844e", - "namespace": "default", - "monitoring_enabled": [ - "logs", - "metrics" - ], - "name": "Default Fleet Server policy", - "description": "Default Fleet Server agent policy created by Kibana", - "is_default": false, - "is_default_fleet_server": true, - "is_preconfigured": true, - "status": "active", - "is_managed": false, - "revision": 2, - "updated_at": "2022-06-27T19:19:42.793Z", - "updated_by": "system", - "package_policies": [ - { - "id": "default-fleet-server-agent-policy", - "version": "WzYxOSwxXQ==", - "name": "fleet_server-1", - "namespace": "default", - "package": { - "name": "fleet_server", - "title": "Fleet Server", - "version": "1.2.0" - }, - "enabled": true, - "policy_id": "499b5aa7-d214-5b5d-838b-3cd76469844e", - "output_id": "fleet-default-output", - "inputs": [ + "id": "499b5aa7-d214-5b5d-838b-3cd76469844e", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "name": "Default Fleet Server policy", + "description": "Default Fleet Server agent policy created by Kibana", + "is_default": false, + "is_default_fleet_server": true, + "is_preconfigured": true, + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T19:19:42.793Z", + "updated_by": "system", + "package_policies": [ { - "type": "fleet-server", - "policy_template": "fleet_server", - "enabled": true, - "streams": [], - "vars": { - "host": { - "value": [ - "0.0.0.0" - ], - "type": "text" + "id": "default-fleet-server-agent-policy", + "version": "WzYxOSwxXQ==", + "name": "fleet_server-1", + "namespace": "default", + "package": { + "name": "fleet_server", + "title": "Fleet Server", + "version": "1.2.0" }, - "port": { - "value": [ - 8220 - ], - "type": "integer" - }, - "max_agents": { - "type": "integer" - }, - "max_connections": { - "type": "integer" - }, - "custom": { - "value": "", - "type": "yaml" - } - }, - "compiled_input": { - "server": { - "port": 8220, - "host": "0.0.0.0" - } - } + "enabled": true, + "policy_id": "499b5aa7-d214-5b5d-838b-3cd76469844e", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "fleet-server", + "policy_template": "fleet_server", + "enabled": true, + "streams": [], + "vars": { + "host": { + "value": [ + "0.0.0.0" + ], + "type": "text" + }, + "port": { + "value": [ + 8220 + ], + "type": "integer" + }, + "max_agents": { + "type": "integer" + }, + "max_connections": { + "type": "integer" + }, + "custom": { + "value": "", + "type": "yaml" + } + }, + "compiled_input": { + "server": { + "port": 8220, + "host": "0.0.0.0" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T19:19:41.976Z", + "created_by": "system", + "updated_at": "2022-06-27T19:19:41.976Z", + "updated_by": "system" } - ], - "revision": 1, - "created_at": "2022-06-27T19:19:41.976Z", - "created_by": "system", - "updated_at": "2022-06-27T19:19:41.976Z", - "updated_by": "system" - } - ] + ] } \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-dump/all/agent_policies/2016d7cc-135e-5583-9758-3ba01f5a06e5.json b/internal/dump/testdata/fleet-7-dump/all/agent_policies/2016d7cc-135e-5583-9758-3ba01f5a06e5.json index 006683e24..c04f04d89 100644 --- a/internal/dump/testdata/fleet-7-dump/all/agent_policies/2016d7cc-135e-5583-9758-3ba01f5a06e5.json +++ b/internal/dump/testdata/fleet-7-dump/all/agent_policies/2016d7cc-135e-5583-9758-3ba01f5a06e5.json @@ -1,676 +1,676 @@ { - "id": "2016d7cc-135e-5583-9758-3ba01f5a06e5", - "namespace": "default", - "monitoring_enabled": [ - "logs", - "metrics" - ], - "name": "Default policy", - "description": "Default agent policy created by Kibana", - "is_default": true, - "is_preconfigured": true, - "status": "active", - "is_managed": false, - "revision": 2, - "updated_at": "2022-06-27T19:19:39.755Z", - "updated_by": "system", - "package_policies": [ - { - "id": "default-system-policy", - "version": "WzYxNywxXQ==", - "name": "system-1", - "namespace": "default", - "package": { - "name": "system", - "title": "System", - "version": "1.11.0" - }, - "enabled": true, - "policy_id": "2016d7cc-135e-5583-9758-3ba01f5a06e5", - "output_id": "fleet-default-output", - "inputs": [ + "id": "2016d7cc-135e-5583-9758-3ba01f5a06e5", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "name": "Default policy", + "description": "Default agent policy created by Kibana", + "is_default": true, + "is_preconfigured": true, + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T19:19:39.755Z", + "updated_by": "system", + "package_policies": [ { - "type": "logfile", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.auth" - }, - "vars": { - "paths": { - "value": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "type": "text" - } - }, - "id": "logfile-system.auth-default-system-policy", - "compiled_stream": { - "paths": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.syslog" - }, - "vars": { - "paths": { - "value": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "type": "text" - } - }, - "id": "logfile-system.syslog-default-system-policy", - "compiled_stream": { - "paths": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "winlog", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.application-default-system-policy", - "compiled_stream": { - "name": "Application", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.security-default-system-policy", - "compiled_stream": { - "name": "Security", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } + "id": "default-system-policy", + "version": "WzYxNywxXQ==", + "name": "system-1", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.11.0" }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.system-default-system-policy", - "compiled_stream": { - "name": "System", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - } - ] - }, - { - "type": "system/metrics", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "metrics", - "dataset": "system.core" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "core.metrics": { - "value": [ - "percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.core-default-system-policy" - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.cpu" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "cpu.metrics": { - "value": [ - "percentages", - "normalized_percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.cpu-default-system-policy", - "compiled_stream": { - "metricsets": [ - "cpu" - ], - "cpu.metrics": [ - "percentages", - "normalized_percentages" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.diskio" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "diskio.include_devices": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.diskio-default-system-policy", - "compiled_stream": { - "metricsets": [ - "diskio" - ], - "diskio.include_devices": null, - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.filesystem" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" - }, - "processors": { - "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - }, - "filesystem.ignore_types": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.filesystem-default-system-policy", - "compiled_stream": { - "metricsets": [ - "filesystem" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + "enabled": true, + "policy_id": "2016d7cc-135e-5583-9758-3ba01f5a06e5", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-default-system-policy", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-default-system-policy", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-default-system-policy", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-default-system-policy", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-default-system-policy", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-default-system-policy" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-default-system-policy", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-default-system-policy", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-default-system-policy", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-default-system-policy", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-default-system-policy", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-default-system-policy", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-default-system-policy", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-default-system-policy", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-default-system-policy", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-default-system-policy", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-default-system-policy", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.fsstat" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" }, - "processors": { - "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - } - }, - "id": "system/metrics-system.fsstat-default-system-policy", - "compiled_stream": { - "metricsets": [ - "fsstat" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-default-system-policy" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-default-system-policy" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-default-system-policy" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.load" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.load-default-system-policy", - "compiled_stream": { - "metricsets": [ - "load" - ], - "condition": "${host.platform} != 'windows'", - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.memory" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.memory-default-system-policy", - "compiled_stream": { - "metricsets": [ - "memory" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.network" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "network.interfaces": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.network-default-system-policy", - "compiled_stream": { - "metricsets": [ - "network" - ], - "period": "10s", - "network.interfaces": null - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "process.include_top_n.by_cpu": { - "value": 5, - "type": "integer" - }, - "process.include_top_n.by_memory": { - "value": 5, - "type": "integer" - }, - "process.cmdline.cache.enabled": { - "value": true, - "type": "bool" - }, - "process.cgroups.enabled": { - "value": false, - "type": "bool" - }, - "process.env.whitelist": { - "value": [], - "type": "text" - }, - "process.include_cpu_ticks": { - "value": false, - "type": "bool" - }, - "processes": { - "value": [ - ".*" - ], - "type": "text" - } - }, - "id": "system/metrics-system.process-default-system-policy", - "compiled_stream": { - "metricsets": [ - "process" - ], - "period": "10s", - "process.include_top_n.by_cpu": 5, - "process.include_top_n.by_memory": 5, - "process.cmdline.cache.enabled": true, - "process.cgroups.enabled": false, - "process.include_cpu_ticks": false, - "processes": [ - ".*" - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process.summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.process.summary-default-system-policy", - "compiled_stream": { - "metricsets": [ - "process_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.socket_summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" } - }, - "id": "system/metrics-system.socket_summary-default-system-policy", - "compiled_stream": { - "metricsets": [ - "socket_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.uptime" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.uptime-default-system-policy", - "compiled_stream": { - "metricsets": [ - "uptime" - ], - "period": "10s" - } - } - ], - "vars": { - "system.hostfs": { - "type": "text" - } - } - }, - { - "type": "httpjson", - "policy_template": "system", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Application\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.application-default-system-policy" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Security\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.security-default-system-policy" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:System\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.system-default-system-policy" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } - } + ], + "revision": 1, + "created_at": "2022-06-27T19:19:38.837Z", + "created_by": "system", + "updated_at": "2022-06-27T19:19:38.837Z", + "updated_by": "system" } - ], - "revision": 1, - "created_at": "2022-06-27T19:19:38.837Z", - "created_by": "system", - "updated_at": "2022-06-27T19:19:38.837Z", - "updated_by": "system" - } - ], - "agents": 1 + ], + "agents": 1 } \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-dump/all/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e.json b/internal/dump/testdata/fleet-7-dump/all/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e.json index 8a268d4b8..7554f3180 100644 --- a/internal/dump/testdata/fleet-7-dump/all/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e.json +++ b/internal/dump/testdata/fleet-7-dump/all/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e.json @@ -1,78 +1,78 @@ { - "id": "499b5aa7-d214-5b5d-838b-3cd76469844e", - "namespace": "default", - "monitoring_enabled": [ - "logs", - "metrics" - ], - "name": "Default Fleet Server policy", - "description": "Default Fleet Server agent policy created by Kibana", - "is_default": false, - "is_default_fleet_server": true, - "is_preconfigured": true, - "status": "active", - "is_managed": false, - "revision": 2, - "updated_at": "2022-06-27T19:19:42.793Z", - "updated_by": "system", - "package_policies": [ - { - "id": "default-fleet-server-agent-policy", - "version": "WzYxOSwxXQ==", - "name": "fleet_server-1", - "namespace": "default", - "package": { - "name": "fleet_server", - "title": "Fleet Server", - "version": "1.2.0" - }, - "enabled": true, - "policy_id": "499b5aa7-d214-5b5d-838b-3cd76469844e", - "output_id": "fleet-default-output", - "inputs": [ + "id": "499b5aa7-d214-5b5d-838b-3cd76469844e", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "name": "Default Fleet Server policy", + "description": "Default Fleet Server agent policy created by Kibana", + "is_default": false, + "is_default_fleet_server": true, + "is_preconfigured": true, + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T19:19:42.793Z", + "updated_by": "system", + "package_policies": [ { - "type": "fleet-server", - "policy_template": "fleet_server", - "enabled": true, - "streams": [], - "vars": { - "host": { - "value": [ - "0.0.0.0" - ], - "type": "text" + "id": "default-fleet-server-agent-policy", + "version": "WzYxOSwxXQ==", + "name": "fleet_server-1", + "namespace": "default", + "package": { + "name": "fleet_server", + "title": "Fleet Server", + "version": "1.2.0" }, - "port": { - "value": [ - 8220 - ], - "type": "integer" - }, - "max_agents": { - "type": "integer" - }, - "max_connections": { - "type": "integer" - }, - "custom": { - "value": "", - "type": "yaml" - } - }, - "compiled_input": { - "server": { - "port": 8220, - "host": "0.0.0.0" - } - } + "enabled": true, + "policy_id": "499b5aa7-d214-5b5d-838b-3cd76469844e", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "fleet-server", + "policy_template": "fleet_server", + "enabled": true, + "streams": [], + "vars": { + "host": { + "value": [ + "0.0.0.0" + ], + "type": "text" + }, + "port": { + "value": [ + 8220 + ], + "type": "integer" + }, + "max_agents": { + "type": "integer" + }, + "max_connections": { + "type": "integer" + }, + "custom": { + "value": "", + "type": "yaml" + } + }, + "compiled_input": { + "server": { + "port": 8220, + "host": "0.0.0.0" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T19:19:41.976Z", + "created_by": "system", + "updated_at": "2022-06-27T19:19:41.976Z", + "updated_by": "system" } - ], - "revision": 1, - "created_at": "2022-06-27T19:19:41.976Z", - "created_by": "system", - "updated_at": "2022-06-27T19:19:41.976Z", - "updated_by": "system" - } - ], - "agents": 1 + ], + "agents": 1 } \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-dump/all/agent_policies/b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json b/internal/dump/testdata/fleet-7-dump/all/agent_policies/b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json index 9dfdad45e..8aff8089b 100644 --- a/internal/dump/testdata/fleet-7-dump/all/agent_policies/b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json +++ b/internal/dump/testdata/fleet-7-dump/all/agent_policies/b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json @@ -1,931 +1,931 @@ { - "id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", - "name": "HTTP servers", - "description": "", - "namespace": "default", - "monitoring_enabled": [ - "logs", - "metrics" - ], - "status": "active", - "is_managed": false, - "revision": 2, - "updated_at": "2022-06-27T19:24:39.501Z", - "updated_by": "elastic", - "package_policies": [ - { - "id": "7a0e17cf-e39e-4846-911d-c1e4322ff358", - "version": "Wzg4OSwxXQ==", - "name": "system-2", - "namespace": "default", - "package": { - "name": "system", - "title": "System", - "version": "1.11.0" - }, - "enabled": true, - "policy_id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", - "output_id": "fleet-default-output", - "inputs": [ + "id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", + "name": "HTTP servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T19:24:39.501Z", + "updated_by": "elastic", + "package_policies": [ { - "type": "logfile", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.auth" - }, - "vars": { - "paths": { - "value": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "type": "text" - } - }, - "id": "logfile-system.auth-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "paths": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.syslog" - }, - "vars": { - "paths": { - "value": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "type": "text" - } - }, - "id": "logfile-system.syslog-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "paths": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "winlog", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "name": "Application", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "name": "Security", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "name": "System", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - } - ] - }, - { - "type": "system/metrics", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "metrics", - "dataset": "system.core" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "core.metrics": { - "value": [ - "percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.core-7a0e17cf-e39e-4846-911d-c1e4322ff358" - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.cpu" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "cpu.metrics": { - "value": [ - "percentages", - "normalized_percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.cpu-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "cpu" - ], - "cpu.metrics": [ - "percentages", - "normalized_percentages" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.diskio" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "diskio.include_devices": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.diskio-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "diskio" - ], - "diskio.include_devices": null, - "period": "10s" - } + "id": "7a0e17cf-e39e-4846-911d-c1e4322ff358", + "version": "Wzg4OSwxXQ==", + "name": "system-2", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.11.0" }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.filesystem" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" - }, - "processors": { - "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - }, - "filesystem.ignore_types": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.filesystem-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "filesystem" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + "enabled": true, + "policy_id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-7a0e17cf-e39e-4846-911d-c1e4322ff358" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.fsstat" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" }, - "processors": { - "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - } - }, - "id": "system/metrics-system.fsstat-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "fsstat" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.load" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.load-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "load" - ], - "condition": "${host.platform} != 'windows'", - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.memory" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" } - }, - "id": "system/metrics-system.memory-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "memory" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.network" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "network.interfaces": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.network-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "network" - ], - "period": "10s", - "network.interfaces": null - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "process.include_top_n.by_cpu": { - "value": 5, - "type": "integer" - }, - "process.include_top_n.by_memory": { - "value": 5, - "type": "integer" - }, - "process.cmdline.cache.enabled": { - "value": true, - "type": "bool" - }, - "process.cgroups.enabled": { - "value": false, - "type": "bool" - }, - "process.env.whitelist": { - "value": [], - "type": "text" - }, - "process.include_cpu_ticks": { - "value": false, - "type": "bool" - }, - "processes": { - "value": [ - ".*" - ], - "type": "text" - } - }, - "id": "system/metrics-system.process-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "process" - ], - "period": "10s", - "process.include_top_n.by_cpu": 5, - "process.include_top_n.by_memory": 5, - "process.cmdline.cache.enabled": true, - "process.cgroups.enabled": false, - "process.include_cpu_ticks": false, - "processes": [ - ".*" - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process.summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.process.summary-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "process_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.socket_summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.socket_summary-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "socket_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.uptime" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.uptime-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "uptime" - ], - "period": "10s" - } - } - ], - "vars": { - "system.hostfs": { - "type": "text" - } - } + ], + "revision": 1, + "created_at": "2022-06-27T19:24:09.017Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:24:09.017Z", + "updated_by": "elastic" }, { - "type": "httpjson", - "policy_template": "system", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Application\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Security\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:System\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } - } - } - ], - "revision": 1, - "created_at": "2022-06-27T19:24:09.017Z", - "created_by": "elastic", - "updated_at": "2022-06-27T19:24:09.017Z", - "updated_by": "elastic" - }, - { - "id": "95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", - "version": "Wzk5NSwxXQ==", - "name": "nginx-http-servers-test", - "description": "", - "namespace": "default", - "policy_id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", - "enabled": true, - "output_id": "", - "inputs": [ - { - "type": "logfile", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/access.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", - "compiled_stream": { - "paths": [ - "/var/log/nginx/access.log*" - ], - "tags": [ - "nginx-access" - ], - "exclude_files": [ - ".gz$" - ], - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/error.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", - "compiled_stream": { - "paths": [ - "/var/log/nginx/error.log*" - ], - "tags": [ - "nginx-error" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", - "negate": true, - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "httpjson", - "policy_template": "nginx", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:access", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "httpjson-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:error", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" + "id": "95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "version": "Wzk5NSwxXQ==", + "name": "nginx-http-servers-test", + "description": "", + "namespace": "default", + "policy_id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", + "enabled": true, + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } }, - "processors": { - "type": "yaml" + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" + } + }, + "id": "nginx/metrics-nginx.stubstatus-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } } - }, - "id": "httpjson-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" + ], + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.3.2" }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } - } - }, - { - "type": "nginx/metrics", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "nginx.stubstatus" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "server_status_path": { - "value": "/nginx_status", - "type": "text" - } - }, - "id": "nginx/metrics-nginx.stubstatus-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", - "compiled_stream": { - "metricsets": [ - "stubstatus" - ], - "hosts": [ - "http://127.0.0.1:80" - ], - "period": "10s", - "server_status_path": "/nginx_status" - } - } - ], - "vars": { - "hosts": { - "value": [ - "http://127.0.0.1:80" - ], - "type": "text" - } - } + "revision": 1, + "created_at": "2022-06-27T19:24:38.498Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:24:38.498Z", + "updated_by": "elastic" } - ], - "package": { - "name": "nginx", - "title": "Nginx", - "version": "1.3.2" - }, - "revision": 1, - "created_at": "2022-06-27T19:24:38.498Z", - "created_by": "elastic", - "updated_at": "2022-06-27T19:24:38.498Z", - "updated_by": "elastic" - } - ], - "agents": 0 + ], + "agents": 0 } \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-dump/all/agent_policies/edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json b/internal/dump/testdata/fleet-7-dump/all/agent_policies/edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json index 3accc582b..0e77a8d21 100644 --- a/internal/dump/testdata/fleet-7-dump/all/agent_policies/edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json +++ b/internal/dump/testdata/fleet-7-dump/all/agent_policies/edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json @@ -1,931 +1,931 @@ { - "id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", - "name": "Load Balancers Servers", - "description": "", - "namespace": "default", - "monitoring_enabled": [ - "logs", - "metrics" - ], - "status": "active", - "is_managed": false, - "revision": 2, - "updated_at": "2022-06-27T19:26:16.891Z", - "updated_by": "elastic", - "package_policies": [ - { - "id": "0483a039-2f91-4d47-b43c-4623cadd5f27", - "version": "WzEyNTcsMV0=", - "name": "system-3", - "namespace": "default", - "package": { - "name": "system", - "title": "System", - "version": "1.11.0" - }, - "enabled": true, - "policy_id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", - "output_id": "fleet-default-output", - "inputs": [ + "id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", + "name": "Load Balancers Servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T19:26:16.891Z", + "updated_by": "elastic", + "package_policies": [ { - "type": "logfile", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.auth" - }, - "vars": { - "paths": { - "value": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "type": "text" - } - }, - "id": "logfile-system.auth-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "paths": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.syslog" - }, - "vars": { - "paths": { - "value": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "type": "text" - } - }, - "id": "logfile-system.syslog-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "paths": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "winlog", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "name": "Application", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "name": "Security", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "name": "System", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - } - ] - }, - { - "type": "system/metrics", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "metrics", - "dataset": "system.core" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "core.metrics": { - "value": [ - "percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.core-0483a039-2f91-4d47-b43c-4623cadd5f27" - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.cpu" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "cpu.metrics": { - "value": [ - "percentages", - "normalized_percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.cpu-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "cpu" - ], - "cpu.metrics": [ - "percentages", - "normalized_percentages" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.diskio" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "diskio.include_devices": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.diskio-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "diskio" - ], - "diskio.include_devices": null, - "period": "10s" - } + "id": "0483a039-2f91-4d47-b43c-4623cadd5f27", + "version": "WzEyNTcsMV0=", + "name": "system-3", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.11.0" }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.filesystem" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" - }, - "processors": { - "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - }, - "filesystem.ignore_types": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.filesystem-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "filesystem" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + "enabled": true, + "policy_id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-0483a039-2f91-4d47-b43c-4623cadd5f27" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.fsstat" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" }, - "processors": { - "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - } - }, - "id": "system/metrics-system.fsstat-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "fsstat" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.load" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.load-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "load" - ], - "condition": "${host.platform} != 'windows'", - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.memory" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" } - }, - "id": "system/metrics-system.memory-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "memory" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.network" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "network.interfaces": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.network-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "network" - ], - "period": "10s", - "network.interfaces": null - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "process.include_top_n.by_cpu": { - "value": 5, - "type": "integer" - }, - "process.include_top_n.by_memory": { - "value": 5, - "type": "integer" - }, - "process.cmdline.cache.enabled": { - "value": true, - "type": "bool" - }, - "process.cgroups.enabled": { - "value": false, - "type": "bool" - }, - "process.env.whitelist": { - "value": [], - "type": "text" - }, - "process.include_cpu_ticks": { - "value": false, - "type": "bool" - }, - "processes": { - "value": [ - ".*" - ], - "type": "text" - } - }, - "id": "system/metrics-system.process-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "process" - ], - "period": "10s", - "process.include_top_n.by_cpu": 5, - "process.include_top_n.by_memory": 5, - "process.cmdline.cache.enabled": true, - "process.cgroups.enabled": false, - "process.include_cpu_ticks": false, - "processes": [ - ".*" - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process.summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.process.summary-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "process_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.socket_summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.socket_summary-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "socket_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.uptime" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.uptime-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "uptime" - ], - "period": "10s" - } - } - ], - "vars": { - "system.hostfs": { - "type": "text" - } - } + ], + "revision": 1, + "created_at": "2022-06-27T19:25:42.095Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:25:42.095Z", + "updated_by": "elastic" }, { - "type": "httpjson", - "policy_template": "system", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Application\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Security\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:System\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } - } - } - ], - "revision": 1, - "created_at": "2022-06-27T19:25:42.095Z", - "created_by": "elastic", - "updated_at": "2022-06-27T19:25:42.095Z", - "updated_by": "elastic" - }, - { - "id": "c864461b-b8d3-48e0-b477-7954434078b5", - "version": "WzE1MTgsMV0=", - "name": "nginx-load-balancers-testt", - "description": "", - "namespace": "default", - "policy_id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", - "enabled": true, - "output_id": "", - "inputs": [ - { - "type": "logfile", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/access.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5", - "compiled_stream": { - "paths": [ - "/var/log/nginx/access.log*" - ], - "tags": [ - "nginx-access" - ], - "exclude_files": [ - ".gz$" - ], - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/error.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5", - "compiled_stream": { - "paths": [ - "/var/log/nginx/error.log*" - ], - "tags": [ - "nginx-error" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", - "negate": true, - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "httpjson", - "policy_template": "nginx", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:access", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "httpjson-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:error", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" + "id": "c864461b-b8d3-48e0-b477-7954434078b5", + "version": "WzE1MTgsMV0=", + "name": "nginx-load-balancers-testt", + "description": "", + "namespace": "default", + "policy_id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", + "enabled": true, + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } }, - "processors": { - "type": "yaml" + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" + } + }, + "id": "nginx/metrics-nginx.stubstatus-c864461b-b8d3-48e0-b477-7954434078b5", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } } - }, - "id": "httpjson-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" + ], + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.3.2" }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } - } - }, - { - "type": "nginx/metrics", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "nginx.stubstatus" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "server_status_path": { - "value": "/nginx_status", - "type": "text" - } - }, - "id": "nginx/metrics-nginx.stubstatus-c864461b-b8d3-48e0-b477-7954434078b5", - "compiled_stream": { - "metricsets": [ - "stubstatus" - ], - "hosts": [ - "http://127.0.0.1:80" - ], - "period": "10s", - "server_status_path": "/nginx_status" - } - } - ], - "vars": { - "hosts": { - "value": [ - "http://127.0.0.1:80" - ], - "type": "text" - } - } + "revision": 1, + "created_at": "2022-06-27T19:26:16.169Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:26:16.169Z", + "updated_by": "elastic" } - ], - "package": { - "name": "nginx", - "title": "Nginx", - "version": "1.3.2" - }, - "revision": 1, - "created_at": "2022-06-27T19:26:16.169Z", - "created_by": "elastic", - "updated_at": "2022-06-27T19:26:16.169Z", - "updated_by": "elastic" - } - ], - "agents": 0 + ], + "agents": 0 } \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-dump/package/agent_policies/b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json b/internal/dump/testdata/fleet-7-dump/package/agent_policies/b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json index 9dfdad45e..8aff8089b 100644 --- a/internal/dump/testdata/fleet-7-dump/package/agent_policies/b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json +++ b/internal/dump/testdata/fleet-7-dump/package/agent_policies/b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json @@ -1,931 +1,931 @@ { - "id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", - "name": "HTTP servers", - "description": "", - "namespace": "default", - "monitoring_enabled": [ - "logs", - "metrics" - ], - "status": "active", - "is_managed": false, - "revision": 2, - "updated_at": "2022-06-27T19:24:39.501Z", - "updated_by": "elastic", - "package_policies": [ - { - "id": "7a0e17cf-e39e-4846-911d-c1e4322ff358", - "version": "Wzg4OSwxXQ==", - "name": "system-2", - "namespace": "default", - "package": { - "name": "system", - "title": "System", - "version": "1.11.0" - }, - "enabled": true, - "policy_id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", - "output_id": "fleet-default-output", - "inputs": [ + "id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", + "name": "HTTP servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T19:24:39.501Z", + "updated_by": "elastic", + "package_policies": [ { - "type": "logfile", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.auth" - }, - "vars": { - "paths": { - "value": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "type": "text" - } - }, - "id": "logfile-system.auth-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "paths": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.syslog" - }, - "vars": { - "paths": { - "value": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "type": "text" - } - }, - "id": "logfile-system.syslog-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "paths": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "winlog", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "name": "Application", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "name": "Security", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "name": "System", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - } - ] - }, - { - "type": "system/metrics", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "metrics", - "dataset": "system.core" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "core.metrics": { - "value": [ - "percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.core-7a0e17cf-e39e-4846-911d-c1e4322ff358" - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.cpu" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "cpu.metrics": { - "value": [ - "percentages", - "normalized_percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.cpu-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "cpu" - ], - "cpu.metrics": [ - "percentages", - "normalized_percentages" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.diskio" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "diskio.include_devices": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.diskio-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "diskio" - ], - "diskio.include_devices": null, - "period": "10s" - } + "id": "7a0e17cf-e39e-4846-911d-c1e4322ff358", + "version": "Wzg4OSwxXQ==", + "name": "system-2", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.11.0" }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.filesystem" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" - }, - "processors": { - "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - }, - "filesystem.ignore_types": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.filesystem-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "filesystem" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + "enabled": true, + "policy_id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-7a0e17cf-e39e-4846-911d-c1e4322ff358" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.fsstat" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" }, - "processors": { - "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - } - }, - "id": "system/metrics-system.fsstat-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "fsstat" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.load" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.load-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "load" - ], - "condition": "${host.platform} != 'windows'", - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.memory" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" } - }, - "id": "system/metrics-system.memory-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "memory" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.network" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "network.interfaces": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.network-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "network" - ], - "period": "10s", - "network.interfaces": null - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "process.include_top_n.by_cpu": { - "value": 5, - "type": "integer" - }, - "process.include_top_n.by_memory": { - "value": 5, - "type": "integer" - }, - "process.cmdline.cache.enabled": { - "value": true, - "type": "bool" - }, - "process.cgroups.enabled": { - "value": false, - "type": "bool" - }, - "process.env.whitelist": { - "value": [], - "type": "text" - }, - "process.include_cpu_ticks": { - "value": false, - "type": "bool" - }, - "processes": { - "value": [ - ".*" - ], - "type": "text" - } - }, - "id": "system/metrics-system.process-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "process" - ], - "period": "10s", - "process.include_top_n.by_cpu": 5, - "process.include_top_n.by_memory": 5, - "process.cmdline.cache.enabled": true, - "process.cgroups.enabled": false, - "process.include_cpu_ticks": false, - "processes": [ - ".*" - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process.summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.process.summary-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "process_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.socket_summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.socket_summary-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "socket_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.uptime" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.uptime-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "uptime" - ], - "period": "10s" - } - } - ], - "vars": { - "system.hostfs": { - "type": "text" - } - } + ], + "revision": 1, + "created_at": "2022-06-27T19:24:09.017Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:24:09.017Z", + "updated_by": "elastic" }, { - "type": "httpjson", - "policy_template": "system", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Application\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Security\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:System\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } - } - } - ], - "revision": 1, - "created_at": "2022-06-27T19:24:09.017Z", - "created_by": "elastic", - "updated_at": "2022-06-27T19:24:09.017Z", - "updated_by": "elastic" - }, - { - "id": "95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", - "version": "Wzk5NSwxXQ==", - "name": "nginx-http-servers-test", - "description": "", - "namespace": "default", - "policy_id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", - "enabled": true, - "output_id": "", - "inputs": [ - { - "type": "logfile", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/access.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", - "compiled_stream": { - "paths": [ - "/var/log/nginx/access.log*" - ], - "tags": [ - "nginx-access" - ], - "exclude_files": [ - ".gz$" - ], - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/error.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", - "compiled_stream": { - "paths": [ - "/var/log/nginx/error.log*" - ], - "tags": [ - "nginx-error" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", - "negate": true, - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "httpjson", - "policy_template": "nginx", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:access", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "httpjson-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:error", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" + "id": "95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "version": "Wzk5NSwxXQ==", + "name": "nginx-http-servers-test", + "description": "", + "namespace": "default", + "policy_id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", + "enabled": true, + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } }, - "processors": { - "type": "yaml" + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" + } + }, + "id": "nginx/metrics-nginx.stubstatus-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } } - }, - "id": "httpjson-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" + ], + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.3.2" }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } - } - }, - { - "type": "nginx/metrics", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "nginx.stubstatus" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "server_status_path": { - "value": "/nginx_status", - "type": "text" - } - }, - "id": "nginx/metrics-nginx.stubstatus-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", - "compiled_stream": { - "metricsets": [ - "stubstatus" - ], - "hosts": [ - "http://127.0.0.1:80" - ], - "period": "10s", - "server_status_path": "/nginx_status" - } - } - ], - "vars": { - "hosts": { - "value": [ - "http://127.0.0.1:80" - ], - "type": "text" - } - } + "revision": 1, + "created_at": "2022-06-27T19:24:38.498Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:24:38.498Z", + "updated_by": "elastic" } - ], - "package": { - "name": "nginx", - "title": "Nginx", - "version": "1.3.2" - }, - "revision": 1, - "created_at": "2022-06-27T19:24:38.498Z", - "created_by": "elastic", - "updated_at": "2022-06-27T19:24:38.498Z", - "updated_by": "elastic" - } - ], - "agents": 0 + ], + "agents": 0 } \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-dump/package/agent_policies/edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json b/internal/dump/testdata/fleet-7-dump/package/agent_policies/edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json index 3accc582b..0e77a8d21 100644 --- a/internal/dump/testdata/fleet-7-dump/package/agent_policies/edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json +++ b/internal/dump/testdata/fleet-7-dump/package/agent_policies/edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json @@ -1,931 +1,931 @@ { - "id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", - "name": "Load Balancers Servers", - "description": "", - "namespace": "default", - "monitoring_enabled": [ - "logs", - "metrics" - ], - "status": "active", - "is_managed": false, - "revision": 2, - "updated_at": "2022-06-27T19:26:16.891Z", - "updated_by": "elastic", - "package_policies": [ - { - "id": "0483a039-2f91-4d47-b43c-4623cadd5f27", - "version": "WzEyNTcsMV0=", - "name": "system-3", - "namespace": "default", - "package": { - "name": "system", - "title": "System", - "version": "1.11.0" - }, - "enabled": true, - "policy_id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", - "output_id": "fleet-default-output", - "inputs": [ + "id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", + "name": "Load Balancers Servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T19:26:16.891Z", + "updated_by": "elastic", + "package_policies": [ { - "type": "logfile", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.auth" - }, - "vars": { - "paths": { - "value": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "type": "text" - } - }, - "id": "logfile-system.auth-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "paths": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.syslog" - }, - "vars": { - "paths": { - "value": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "type": "text" - } - }, - "id": "logfile-system.syslog-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "paths": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "winlog", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "name": "Application", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "name": "Security", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "name": "System", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - } - ] - }, - { - "type": "system/metrics", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "metrics", - "dataset": "system.core" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "core.metrics": { - "value": [ - "percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.core-0483a039-2f91-4d47-b43c-4623cadd5f27" - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.cpu" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "cpu.metrics": { - "value": [ - "percentages", - "normalized_percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.cpu-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "cpu" - ], - "cpu.metrics": [ - "percentages", - "normalized_percentages" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.diskio" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "diskio.include_devices": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.diskio-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "diskio" - ], - "diskio.include_devices": null, - "period": "10s" - } + "id": "0483a039-2f91-4d47-b43c-4623cadd5f27", + "version": "WzEyNTcsMV0=", + "name": "system-3", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.11.0" }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.filesystem" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" - }, - "processors": { - "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - }, - "filesystem.ignore_types": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.filesystem-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "filesystem" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + "enabled": true, + "policy_id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-0483a039-2f91-4d47-b43c-4623cadd5f27" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.fsstat" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" }, - "processors": { - "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - } - }, - "id": "system/metrics-system.fsstat-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "fsstat" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.load" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.load-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "load" - ], - "condition": "${host.platform} != 'windows'", - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.memory" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" } - }, - "id": "system/metrics-system.memory-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "memory" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.network" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "network.interfaces": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.network-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "network" - ], - "period": "10s", - "network.interfaces": null - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "process.include_top_n.by_cpu": { - "value": 5, - "type": "integer" - }, - "process.include_top_n.by_memory": { - "value": 5, - "type": "integer" - }, - "process.cmdline.cache.enabled": { - "value": true, - "type": "bool" - }, - "process.cgroups.enabled": { - "value": false, - "type": "bool" - }, - "process.env.whitelist": { - "value": [], - "type": "text" - }, - "process.include_cpu_ticks": { - "value": false, - "type": "bool" - }, - "processes": { - "value": [ - ".*" - ], - "type": "text" - } - }, - "id": "system/metrics-system.process-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "process" - ], - "period": "10s", - "process.include_top_n.by_cpu": 5, - "process.include_top_n.by_memory": 5, - "process.cmdline.cache.enabled": true, - "process.cgroups.enabled": false, - "process.include_cpu_ticks": false, - "processes": [ - ".*" - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process.summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.process.summary-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "process_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.socket_summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.socket_summary-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "socket_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.uptime" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.uptime-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "uptime" - ], - "period": "10s" - } - } - ], - "vars": { - "system.hostfs": { - "type": "text" - } - } + ], + "revision": 1, + "created_at": "2022-06-27T19:25:42.095Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:25:42.095Z", + "updated_by": "elastic" }, { - "type": "httpjson", - "policy_template": "system", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Application\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Security\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:System\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } - } - } - ], - "revision": 1, - "created_at": "2022-06-27T19:25:42.095Z", - "created_by": "elastic", - "updated_at": "2022-06-27T19:25:42.095Z", - "updated_by": "elastic" - }, - { - "id": "c864461b-b8d3-48e0-b477-7954434078b5", - "version": "WzE1MTgsMV0=", - "name": "nginx-load-balancers-testt", - "description": "", - "namespace": "default", - "policy_id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", - "enabled": true, - "output_id": "", - "inputs": [ - { - "type": "logfile", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/access.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5", - "compiled_stream": { - "paths": [ - "/var/log/nginx/access.log*" - ], - "tags": [ - "nginx-access" - ], - "exclude_files": [ - ".gz$" - ], - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/error.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5", - "compiled_stream": { - "paths": [ - "/var/log/nginx/error.log*" - ], - "tags": [ - "nginx-error" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", - "negate": true, - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "httpjson", - "policy_template": "nginx", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:access", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "httpjson-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:error", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" + "id": "c864461b-b8d3-48e0-b477-7954434078b5", + "version": "WzE1MTgsMV0=", + "name": "nginx-load-balancers-testt", + "description": "", + "namespace": "default", + "policy_id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", + "enabled": true, + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } }, - "processors": { - "type": "yaml" + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" + } + }, + "id": "nginx/metrics-nginx.stubstatus-c864461b-b8d3-48e0-b477-7954434078b5", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } } - }, - "id": "httpjson-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" + ], + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.3.2" }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } - } - }, - { - "type": "nginx/metrics", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "nginx.stubstatus" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "server_status_path": { - "value": "/nginx_status", - "type": "text" - } - }, - "id": "nginx/metrics-nginx.stubstatus-c864461b-b8d3-48e0-b477-7954434078b5", - "compiled_stream": { - "metricsets": [ - "stubstatus" - ], - "hosts": [ - "http://127.0.0.1:80" - ], - "period": "10s", - "server_status_path": "/nginx_status" - } - } - ], - "vars": { - "hosts": { - "value": [ - "http://127.0.0.1:80" - ], - "type": "text" - } - } + "revision": 1, + "created_at": "2022-06-27T19:26:16.169Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:26:16.169Z", + "updated_by": "elastic" } - ], - "package": { - "name": "nginx", - "title": "Nginx", - "version": "1.3.2" - }, - "revision": 1, - "created_at": "2022-06-27T19:26:16.169Z", - "created_by": "elastic", - "updated_at": "2022-06-27T19:26:16.169Z", - "updated_by": "elastic" - } - ], - "agents": 0 + ], + "agents": 0 } \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-dump/agentpolicy/agent_policies/fleet-server-policy.json b/internal/dump/testdata/fleet-8-dump/agentpolicy/agent_policies/fleet-server-policy.json index 3f56889e7..8898d1740 100644 --- a/internal/dump/testdata/fleet-8-dump/agentpolicy/agent_policies/fleet-server-policy.json +++ b/internal/dump/testdata/fleet-8-dump/agentpolicy/agent_policies/fleet-server-policy.json @@ -1,75 +1,75 @@ { - "id": "fleet-server-policy", - "namespace": "default", - "monitoring_enabled": [ - "logs", - "metrics" - ], - "name": "Fleet Server (elastic-package)", - "is_default_fleet_server": true, - "is_preconfigured": true, - "status": "active", - "is_managed": false, - "revision": 2, - "updated_at": "2022-06-27T15:31:03.382Z", - "updated_by": "system", - "package_policies": [ - { - "id": "default-fleet-server", - "version": "WzYyNCwxXQ==", - "name": "fleet_server-1", - "namespace": "default", - "package": { - "name": "fleet_server", - "title": "Fleet Server", - "version": "1.2.0" - }, - "enabled": true, - "policy_id": "fleet-server-policy", - "output_id": "fleet-default-output", - "inputs": [ + "id": "fleet-server-policy", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "name": "Fleet Server (elastic-package)", + "is_default_fleet_server": true, + "is_preconfigured": true, + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T15:31:03.382Z", + "updated_by": "system", + "package_policies": [ { - "type": "fleet-server", - "policy_template": "fleet_server", - "enabled": true, - "streams": [], - "vars": { - "host": { - "value": [ - "0.0.0.0" - ], - "type": "text" + "id": "default-fleet-server", + "version": "WzYyNCwxXQ==", + "name": "fleet_server-1", + "namespace": "default", + "package": { + "name": "fleet_server", + "title": "Fleet Server", + "version": "1.2.0" }, - "port": { - "value": [ - 8220 - ], - "type": "integer" - }, - "max_agents": { - "type": "integer" - }, - "max_connections": { - "type": "integer" - }, - "custom": { - "value": "", - "type": "yaml" - } - }, - "compiled_input": { - "server": { - "port": 8220, - "host": "0.0.0.0" - } - } + "enabled": true, + "policy_id": "fleet-server-policy", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "fleet-server", + "policy_template": "fleet_server", + "enabled": true, + "streams": [], + "vars": { + "host": { + "value": [ + "0.0.0.0" + ], + "type": "text" + }, + "port": { + "value": [ + 8220 + ], + "type": "integer" + }, + "max_agents": { + "type": "integer" + }, + "max_connections": { + "type": "integer" + }, + "custom": { + "value": "", + "type": "yaml" + } + }, + "compiled_input": { + "server": { + "port": 8220, + "host": "0.0.0.0" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T15:31:03.351Z", + "created_by": "system", + "updated_at": "2022-06-27T15:31:03.351Z", + "updated_by": "system" } - ], - "revision": 1, - "created_at": "2022-06-27T15:31:03.351Z", - "created_by": "system", - "updated_at": "2022-06-27T15:31:03.351Z", - "updated_by": "system" - } - ] + ] } \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-dump/all/agent_policies/67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json b/internal/dump/testdata/fleet-8-dump/all/agent_policies/67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json index d2d31e1da..a0da2715c 100644 --- a/internal/dump/testdata/fleet-8-dump/all/agent_policies/67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json +++ b/internal/dump/testdata/fleet-8-dump/all/agent_policies/67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json @@ -1,931 +1,931 @@ { - "id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", - "name": "HTTP servers", - "description": "", - "namespace": "default", - "monitoring_enabled": [ - "logs", - "metrics" - ], - "status": "active", - "is_managed": false, - "revision": 2, - "updated_at": "2022-06-27T15:33:05.252Z", - "updated_by": "elastic", - "package_policies": [ - { - "id": "863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "version": "WzkyMywxXQ==", - "name": "system-2", - "namespace": "default", - "package": { - "name": "system", - "title": "System", - "version": "1.16.2" - }, - "enabled": true, - "policy_id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", - "output_id": "fleet-default-output", - "inputs": [ + "id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", + "name": "HTTP servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T15:33:05.252Z", + "updated_by": "elastic", + "package_policies": [ { - "type": "logfile", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.auth" - }, - "vars": { - "paths": { - "value": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "type": "text" - } - }, - "id": "logfile-system.auth-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "paths": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.syslog" - }, - "vars": { - "paths": { - "value": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "type": "text" - } - }, - "id": "logfile-system.syslog-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "paths": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "winlog", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "name": "Application", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "name": "Security", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "name": "System", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - } - ] - }, - { - "type": "system/metrics", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "metrics", - "dataset": "system.core" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "core.metrics": { - "value": [ - "percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.core-863e86ed-8d12-466c-a6b9-b5c3769f4f80" - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.cpu" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "cpu.metrics": { - "value": [ - "percentages", - "normalized_percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.cpu-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "cpu" - ], - "cpu.metrics": [ - "percentages", - "normalized_percentages" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.diskio" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "diskio.include_devices": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.diskio-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "diskio" - ], - "diskio.include_devices": null, - "period": "10s" - } + "id": "863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "version": "WzkyMywxXQ==", + "name": "system-2", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.16.2" }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.filesystem" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" - }, - "processors": { - "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - }, - "filesystem.ignore_types": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.filesystem-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "filesystem" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + "enabled": true, + "policy_id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.fsstat" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" }, - "processors": { - "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - } - }, - "id": "system/metrics-system.fsstat-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "fsstat" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.load" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.load-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "load" - ], - "condition": "${host.platform} != 'windows'", - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.memory" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" } - }, - "id": "system/metrics-system.memory-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "memory" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.network" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "network.interfaces": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.network-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "network" - ], - "period": "10s", - "network.interfaces": null - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "process.include_top_n.by_cpu": { - "value": 5, - "type": "integer" - }, - "process.include_top_n.by_memory": { - "value": 5, - "type": "integer" - }, - "process.cmdline.cache.enabled": { - "value": true, - "type": "bool" - }, - "process.cgroups.enabled": { - "value": false, - "type": "bool" - }, - "process.env.whitelist": { - "value": [], - "type": "text" - }, - "process.include_cpu_ticks": { - "value": false, - "type": "bool" - }, - "processes": { - "value": [ - ".*" - ], - "type": "text" - } - }, - "id": "system/metrics-system.process-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "process" - ], - "period": "10s", - "process.include_top_n.by_cpu": 5, - "process.include_top_n.by_memory": 5, - "process.cmdline.cache.enabled": true, - "process.cgroups.enabled": false, - "process.include_cpu_ticks": false, - "processes": [ - ".*" - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process.summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.process.summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "process_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.socket_summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.socket_summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "socket_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.uptime" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.uptime-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "uptime" - ], - "period": "10s" - } - } - ], - "vars": { - "system.hostfs": { - "type": "text" - } - } + ], + "revision": 1, + "created_at": "2022-06-27T15:32:53.484Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:32:53.484Z", + "updated_by": "elastic" }, { - "type": "httpjson", - "policy_template": "system", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Application\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Security\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + "id": "9be915b0-9b9b-45e2-adfc-37f18b64d468", + "version": "WzEwMjIsMV0=", + "name": "nginx-http-servers-test", + "namespace": "default", + "description": "", + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.4.0" }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:System\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } - } - } - ], - "revision": 1, - "created_at": "2022-06-27T15:32:53.484Z", - "created_by": "elastic", - "updated_at": "2022-06-27T15:32:53.484Z", - "updated_by": "elastic" - }, - { - "id": "9be915b0-9b9b-45e2-adfc-37f18b64d468", - "version": "WzEwMjIsMV0=", - "name": "nginx-http-servers-test", - "namespace": "default", - "description": "", - "package": { - "name": "nginx", - "title": "Nginx", - "version": "1.4.0" - }, - "enabled": true, - "policy_id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", - "output_id": "", - "inputs": [ - { - "type": "logfile", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/access.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468", - "compiled_stream": { - "paths": [ - "/var/log/nginx/access.log*" - ], - "tags": [ - "nginx-access" - ], - "exclude_files": [ - ".gz$" - ], - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/error.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468", - "compiled_stream": { - "paths": [ - "/var/log/nginx/error.log*" - ], - "tags": [ - "nginx-error" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", - "negate": true, - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "httpjson", - "policy_template": "nginx", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:access", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "httpjson-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:error", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "httpjson-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } - } - }, - { - "type": "nginx/metrics", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "nginx.stubstatus" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" + "enabled": true, + "policy_id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } }, - "server_status_path": { - "value": "/nginx_status", - "type": "text" + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" + } + }, + "id": "nginx/metrics-nginx.stubstatus-9be915b0-9b9b-45e2-adfc-37f18b64d468", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } } - }, - "id": "nginx/metrics-nginx.stubstatus-9be915b0-9b9b-45e2-adfc-37f18b64d468", - "compiled_stream": { - "metricsets": [ - "stubstatus" - ], - "hosts": [ - "http://127.0.0.1:80" - ], - "period": "10s", - "server_status_path": "/nginx_status" - } - } - ], - "vars": { - "hosts": { - "value": [ - "http://127.0.0.1:80" - ], - "type": "text" - } - } + ], + "revision": 1, + "created_at": "2022-06-27T15:33:04.248Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:33:04.248Z", + "updated_by": "elastic" } - ], - "revision": 1, - "created_at": "2022-06-27T15:33:04.248Z", - "created_by": "elastic", - "updated_at": "2022-06-27T15:33:04.248Z", - "updated_by": "elastic" - } - ], - "agents": 0 + ], + "agents": 0 } \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-dump/all/agent_policies/8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json b/internal/dump/testdata/fleet-8-dump/all/agent_policies/8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json index 60cbdaa91..77939ff53 100644 --- a/internal/dump/testdata/fleet-8-dump/all/agent_policies/8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json +++ b/internal/dump/testdata/fleet-8-dump/all/agent_policies/8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json @@ -1,931 +1,931 @@ { - "id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", - "name": "Load Balancers Servers", - "description": "", - "namespace": "default", - "monitoring_enabled": [ - "logs", - "metrics" - ], - "status": "active", - "is_managed": false, - "revision": 2, - "updated_at": "2022-06-27T15:33:59.587Z", - "updated_by": "elastic", - "package_policies": [ - { - "id": "a09f2609-9e8b-4b48-998f-ce99340da027", - "version": "WzEzMjAsMV0=", - "name": "system-3", - "namespace": "default", - "package": { - "name": "system", - "title": "System", - "version": "1.16.2" - }, - "enabled": true, - "policy_id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", - "output_id": "fleet-default-output", - "inputs": [ + "id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", + "name": "Load Balancers Servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T15:33:59.587Z", + "updated_by": "elastic", + "package_policies": [ { - "type": "logfile", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.auth" - }, - "vars": { - "paths": { - "value": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "type": "text" - } - }, - "id": "logfile-system.auth-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "paths": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.syslog" - }, - "vars": { - "paths": { - "value": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "type": "text" - } - }, - "id": "logfile-system.syslog-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "paths": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "winlog", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.application-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "name": "Application", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.security-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "name": "Security", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.system-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "name": "System", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - } - ] - }, - { - "type": "system/metrics", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "metrics", - "dataset": "system.core" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "core.metrics": { - "value": [ - "percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.core-a09f2609-9e8b-4b48-998f-ce99340da027" - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.cpu" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "cpu.metrics": { - "value": [ - "percentages", - "normalized_percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.cpu-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "cpu" - ], - "cpu.metrics": [ - "percentages", - "normalized_percentages" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.diskio" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "diskio.include_devices": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.diskio-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "diskio" - ], - "diskio.include_devices": null, - "period": "10s" - } + "id": "a09f2609-9e8b-4b48-998f-ce99340da027", + "version": "WzEzMjAsMV0=", + "name": "system-3", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.16.2" }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.filesystem" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" - }, - "processors": { - "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - }, - "filesystem.ignore_types": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.filesystem-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "filesystem" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + "enabled": true, + "policy_id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-a09f2609-9e8b-4b48-998f-ce99340da027" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.fsstat" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" }, - "processors": { - "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - } - }, - "id": "system/metrics-system.fsstat-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "fsstat" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-a09f2609-9e8b-4b48-998f-ce99340da027" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-a09f2609-9e8b-4b48-998f-ce99340da027" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-a09f2609-9e8b-4b48-998f-ce99340da027" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.load" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.load-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "load" - ], - "condition": "${host.platform} != 'windows'", - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.memory" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" } - }, - "id": "system/metrics-system.memory-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "memory" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.network" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "network.interfaces": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.network-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "network" - ], - "period": "10s", - "network.interfaces": null - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "process.include_top_n.by_cpu": { - "value": 5, - "type": "integer" - }, - "process.include_top_n.by_memory": { - "value": 5, - "type": "integer" - }, - "process.cmdline.cache.enabled": { - "value": true, - "type": "bool" - }, - "process.cgroups.enabled": { - "value": false, - "type": "bool" - }, - "process.env.whitelist": { - "value": [], - "type": "text" - }, - "process.include_cpu_ticks": { - "value": false, - "type": "bool" - }, - "processes": { - "value": [ - ".*" - ], - "type": "text" - } - }, - "id": "system/metrics-system.process-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "process" - ], - "period": "10s", - "process.include_top_n.by_cpu": 5, - "process.include_top_n.by_memory": 5, - "process.cmdline.cache.enabled": true, - "process.cgroups.enabled": false, - "process.include_cpu_ticks": false, - "processes": [ - ".*" - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process.summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.process.summary-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "process_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.socket_summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.socket_summary-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "socket_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.uptime" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.uptime-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "uptime" - ], - "period": "10s" - } - } - ], - "vars": { - "system.hostfs": { - "type": "text" - } - } + ], + "revision": 1, + "created_at": "2022-06-27T15:33:55.519Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:33:55.519Z", + "updated_by": "elastic" }, { - "type": "httpjson", - "policy_template": "system", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Application\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.application-a09f2609-9e8b-4b48-998f-ce99340da027" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Security\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.security-a09f2609-9e8b-4b48-998f-ce99340da027" + "id": "46331ee9-90a9-4b1f-b568-98641e9bafc9", + "version": "WzEzMjIsMV0=", + "name": "nginx-load-balancers-test", + "namespace": "default", + "description": "", + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.4.0" }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:System\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.system-a09f2609-9e8b-4b48-998f-ce99340da027" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } - } - } - ], - "revision": 1, - "created_at": "2022-06-27T15:33:55.519Z", - "created_by": "elastic", - "updated_at": "2022-06-27T15:33:55.519Z", - "updated_by": "elastic" - }, - { - "id": "46331ee9-90a9-4b1f-b568-98641e9bafc9", - "version": "WzEzMjIsMV0=", - "name": "nginx-load-balancers-test", - "namespace": "default", - "description": "", - "package": { - "name": "nginx", - "title": "Nginx", - "version": "1.4.0" - }, - "enabled": true, - "policy_id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", - "output_id": "", - "inputs": [ - { - "type": "logfile", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/access.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9", - "compiled_stream": { - "paths": [ - "/var/log/nginx/access.log*" - ], - "tags": [ - "nginx-access" - ], - "exclude_files": [ - ".gz$" - ], - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/error.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9", - "compiled_stream": { - "paths": [ - "/var/log/nginx/error.log*" - ], - "tags": [ - "nginx-error" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", - "negate": true, - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "httpjson", - "policy_template": "nginx", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:access", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "httpjson-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:error", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "httpjson-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } - } - }, - { - "type": "nginx/metrics", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "nginx.stubstatus" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" + "enabled": true, + "policy_id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } }, - "server_status_path": { - "value": "/nginx_status", - "type": "text" + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" + } + }, + "id": "nginx/metrics-nginx.stubstatus-46331ee9-90a9-4b1f-b568-98641e9bafc9", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } } - }, - "id": "nginx/metrics-nginx.stubstatus-46331ee9-90a9-4b1f-b568-98641e9bafc9", - "compiled_stream": { - "metricsets": [ - "stubstatus" - ], - "hosts": [ - "http://127.0.0.1:80" - ], - "period": "10s", - "server_status_path": "/nginx_status" - } - } - ], - "vars": { - "hosts": { - "value": [ - "http://127.0.0.1:80" - ], - "type": "text" - } - } + ], + "revision": 1, + "created_at": "2022-06-27T15:33:58.606Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:33:58.606Z", + "updated_by": "elastic" } - ], - "revision": 1, - "created_at": "2022-06-27T15:33:58.606Z", - "created_by": "elastic", - "updated_at": "2022-06-27T15:33:58.606Z", - "updated_by": "elastic" - } - ], - "agents": 0 + ], + "agents": 0 } \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-dump/all/agent_policies/elastic-agent-managed-ep.json b/internal/dump/testdata/fleet-8-dump/all/agent_policies/elastic-agent-managed-ep.json index ca549c5ee..ea538c51c 100644 --- a/internal/dump/testdata/fleet-8-dump/all/agent_policies/elastic-agent-managed-ep.json +++ b/internal/dump/testdata/fleet-8-dump/all/agent_policies/elastic-agent-managed-ep.json @@ -1,675 +1,675 @@ { - "id": "elastic-agent-managed-ep", - "namespace": "default", - "monitoring_enabled": [ - "logs", - "metrics" - ], - "name": "Elastic-Agent (elastic-package)", - "is_default": true, - "is_preconfigured": true, - "status": "active", - "is_managed": false, - "revision": 2, - "updated_at": "2022-06-27T15:31:01.360Z", - "updated_by": "system", - "package_policies": [ - { - "id": "default-system", - "version": "WzYyMiwxXQ==", - "name": "system-1", - "namespace": "default", - "package": { - "name": "system", - "title": "System", - "version": "1.16.2" - }, - "enabled": true, - "policy_id": "elastic-agent-managed-ep", - "output_id": "fleet-default-output", - "inputs": [ + "id": "elastic-agent-managed-ep", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "name": "Elastic-Agent (elastic-package)", + "is_default": true, + "is_preconfigured": true, + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T15:31:01.360Z", + "updated_by": "system", + "package_policies": [ { - "type": "logfile", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.auth" - }, - "vars": { - "paths": { - "value": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "type": "text" - } - }, - "id": "logfile-system.auth-default-system", - "compiled_stream": { - "paths": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.syslog" - }, - "vars": { - "paths": { - "value": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "type": "text" - } - }, - "id": "logfile-system.syslog-default-system", - "compiled_stream": { - "paths": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "winlog", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.application-default-system", - "compiled_stream": { - "name": "Application", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.security-default-system", - "compiled_stream": { - "name": "Security", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } + "id": "default-system", + "version": "WzYyMiwxXQ==", + "name": "system-1", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.16.2" }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.system-default-system", - "compiled_stream": { - "name": "System", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - } - ] - }, - { - "type": "system/metrics", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "metrics", - "dataset": "system.core" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "core.metrics": { - "value": [ - "percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.core-default-system" - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.cpu" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "cpu.metrics": { - "value": [ - "percentages", - "normalized_percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.cpu-default-system", - "compiled_stream": { - "metricsets": [ - "cpu" - ], - "cpu.metrics": [ - "percentages", - "normalized_percentages" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.diskio" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "diskio.include_devices": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.diskio-default-system", - "compiled_stream": { - "metricsets": [ - "diskio" - ], - "diskio.include_devices": null, - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.filesystem" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" - }, - "processors": { - "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - }, - "filesystem.ignore_types": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.filesystem-default-system", - "compiled_stream": { - "metricsets": [ - "filesystem" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + "enabled": true, + "policy_id": "elastic-agent-managed-ep", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-default-system", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-default-system", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-default-system", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-default-system", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-default-system", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-default-system" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-default-system", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-default-system", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-default-system", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-default-system", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-default-system", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-default-system", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-default-system", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-default-system", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-default-system", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-default-system", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-default-system", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.fsstat" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" }, - "processors": { - "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - } - }, - "id": "system/metrics-system.fsstat-default-system", - "compiled_stream": { - "metricsets": [ - "fsstat" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-default-system" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-default-system" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-default-system" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.load" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.load-default-system", - "compiled_stream": { - "metricsets": [ - "load" - ], - "condition": "${host.platform} != 'windows'", - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.memory" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.memory-default-system", - "compiled_stream": { - "metricsets": [ - "memory" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.network" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "network.interfaces": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.network-default-system", - "compiled_stream": { - "metricsets": [ - "network" - ], - "period": "10s", - "network.interfaces": null - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "process.include_top_n.by_cpu": { - "value": 5, - "type": "integer" - }, - "process.include_top_n.by_memory": { - "value": 5, - "type": "integer" - }, - "process.cmdline.cache.enabled": { - "value": true, - "type": "bool" - }, - "process.cgroups.enabled": { - "value": false, - "type": "bool" - }, - "process.env.whitelist": { - "value": [], - "type": "text" - }, - "process.include_cpu_ticks": { - "value": false, - "type": "bool" - }, - "processes": { - "value": [ - ".*" - ], - "type": "text" - } - }, - "id": "system/metrics-system.process-default-system", - "compiled_stream": { - "metricsets": [ - "process" - ], - "period": "10s", - "process.include_top_n.by_cpu": 5, - "process.include_top_n.by_memory": 5, - "process.cmdline.cache.enabled": true, - "process.cgroups.enabled": false, - "process.include_cpu_ticks": false, - "processes": [ - ".*" - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process.summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.process.summary-default-system", - "compiled_stream": { - "metricsets": [ - "process_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.socket_summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" } - }, - "id": "system/metrics-system.socket_summary-default-system", - "compiled_stream": { - "metricsets": [ - "socket_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.uptime" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.uptime-default-system", - "compiled_stream": { - "metricsets": [ - "uptime" - ], - "period": "10s" - } - } - ], - "vars": { - "system.hostfs": { - "type": "text" - } - } - }, - { - "type": "httpjson", - "policy_template": "system", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Application\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.application-default-system" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Security\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.security-default-system" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:System\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.system-default-system" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } - } + ], + "revision": 1, + "created_at": "2022-06-27T15:31:00.403Z", + "created_by": "system", + "updated_at": "2022-06-27T15:31:00.403Z", + "updated_by": "system" } - ], - "revision": 1, - "created_at": "2022-06-27T15:31:00.403Z", - "created_by": "system", - "updated_at": "2022-06-27T15:31:00.403Z", - "updated_by": "system" - } - ], - "agents": 1 + ], + "agents": 1 } \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-dump/all/agent_policies/fleet-server-policy.json b/internal/dump/testdata/fleet-8-dump/all/agent_policies/fleet-server-policy.json index c9dcf5bcd..8194f81c2 100644 --- a/internal/dump/testdata/fleet-8-dump/all/agent_policies/fleet-server-policy.json +++ b/internal/dump/testdata/fleet-8-dump/all/agent_policies/fleet-server-policy.json @@ -1,76 +1,76 @@ { - "id": "fleet-server-policy", - "namespace": "default", - "monitoring_enabled": [ - "logs", - "metrics" - ], - "name": "Fleet Server (elastic-package)", - "is_default_fleet_server": true, - "is_preconfigured": true, - "status": "active", - "is_managed": false, - "revision": 2, - "updated_at": "2022-06-27T15:31:03.382Z", - "updated_by": "system", - "package_policies": [ - { - "id": "default-fleet-server", - "version": "WzYyNCwxXQ==", - "name": "fleet_server-1", - "namespace": "default", - "package": { - "name": "fleet_server", - "title": "Fleet Server", - "version": "1.2.0" - }, - "enabled": true, - "policy_id": "fleet-server-policy", - "output_id": "fleet-default-output", - "inputs": [ + "id": "fleet-server-policy", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "name": "Fleet Server (elastic-package)", + "is_default_fleet_server": true, + "is_preconfigured": true, + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T15:31:03.382Z", + "updated_by": "system", + "package_policies": [ { - "type": "fleet-server", - "policy_template": "fleet_server", - "enabled": true, - "streams": [], - "vars": { - "host": { - "value": [ - "0.0.0.0" - ], - "type": "text" + "id": "default-fleet-server", + "version": "WzYyNCwxXQ==", + "name": "fleet_server-1", + "namespace": "default", + "package": { + "name": "fleet_server", + "title": "Fleet Server", + "version": "1.2.0" }, - "port": { - "value": [ - 8220 - ], - "type": "integer" - }, - "max_agents": { - "type": "integer" - }, - "max_connections": { - "type": "integer" - }, - "custom": { - "value": "", - "type": "yaml" - } - }, - "compiled_input": { - "server": { - "port": 8220, - "host": "0.0.0.0" - } - } + "enabled": true, + "policy_id": "fleet-server-policy", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "fleet-server", + "policy_template": "fleet_server", + "enabled": true, + "streams": [], + "vars": { + "host": { + "value": [ + "0.0.0.0" + ], + "type": "text" + }, + "port": { + "value": [ + 8220 + ], + "type": "integer" + }, + "max_agents": { + "type": "integer" + }, + "max_connections": { + "type": "integer" + }, + "custom": { + "value": "", + "type": "yaml" + } + }, + "compiled_input": { + "server": { + "port": 8220, + "host": "0.0.0.0" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T15:31:03.351Z", + "created_by": "system", + "updated_at": "2022-06-27T15:31:03.351Z", + "updated_by": "system" } - ], - "revision": 1, - "created_at": "2022-06-27T15:31:03.351Z", - "created_by": "system", - "updated_at": "2022-06-27T15:31:03.351Z", - "updated_by": "system" - } - ], - "agents": 1 + ], + "agents": 1 } \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-dump/package/agent_policies/67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json b/internal/dump/testdata/fleet-8-dump/package/agent_policies/67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json index d2d31e1da..a0da2715c 100644 --- a/internal/dump/testdata/fleet-8-dump/package/agent_policies/67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json +++ b/internal/dump/testdata/fleet-8-dump/package/agent_policies/67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json @@ -1,931 +1,931 @@ { - "id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", - "name": "HTTP servers", - "description": "", - "namespace": "default", - "monitoring_enabled": [ - "logs", - "metrics" - ], - "status": "active", - "is_managed": false, - "revision": 2, - "updated_at": "2022-06-27T15:33:05.252Z", - "updated_by": "elastic", - "package_policies": [ - { - "id": "863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "version": "WzkyMywxXQ==", - "name": "system-2", - "namespace": "default", - "package": { - "name": "system", - "title": "System", - "version": "1.16.2" - }, - "enabled": true, - "policy_id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", - "output_id": "fleet-default-output", - "inputs": [ + "id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", + "name": "HTTP servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T15:33:05.252Z", + "updated_by": "elastic", + "package_policies": [ { - "type": "logfile", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.auth" - }, - "vars": { - "paths": { - "value": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "type": "text" - } - }, - "id": "logfile-system.auth-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "paths": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.syslog" - }, - "vars": { - "paths": { - "value": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "type": "text" - } - }, - "id": "logfile-system.syslog-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "paths": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "winlog", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "name": "Application", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "name": "Security", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "name": "System", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - } - ] - }, - { - "type": "system/metrics", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "metrics", - "dataset": "system.core" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "core.metrics": { - "value": [ - "percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.core-863e86ed-8d12-466c-a6b9-b5c3769f4f80" - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.cpu" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "cpu.metrics": { - "value": [ - "percentages", - "normalized_percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.cpu-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "cpu" - ], - "cpu.metrics": [ - "percentages", - "normalized_percentages" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.diskio" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "diskio.include_devices": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.diskio-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "diskio" - ], - "diskio.include_devices": null, - "period": "10s" - } + "id": "863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "version": "WzkyMywxXQ==", + "name": "system-2", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.16.2" }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.filesystem" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" - }, - "processors": { - "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - }, - "filesystem.ignore_types": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.filesystem-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "filesystem" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + "enabled": true, + "policy_id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.fsstat" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" }, - "processors": { - "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - } - }, - "id": "system/metrics-system.fsstat-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "fsstat" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.load" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.load-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "load" - ], - "condition": "${host.platform} != 'windows'", - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.memory" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" } - }, - "id": "system/metrics-system.memory-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "memory" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.network" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "network.interfaces": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.network-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "network" - ], - "period": "10s", - "network.interfaces": null - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "process.include_top_n.by_cpu": { - "value": 5, - "type": "integer" - }, - "process.include_top_n.by_memory": { - "value": 5, - "type": "integer" - }, - "process.cmdline.cache.enabled": { - "value": true, - "type": "bool" - }, - "process.cgroups.enabled": { - "value": false, - "type": "bool" - }, - "process.env.whitelist": { - "value": [], - "type": "text" - }, - "process.include_cpu_ticks": { - "value": false, - "type": "bool" - }, - "processes": { - "value": [ - ".*" - ], - "type": "text" - } - }, - "id": "system/metrics-system.process-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "process" - ], - "period": "10s", - "process.include_top_n.by_cpu": 5, - "process.include_top_n.by_memory": 5, - "process.cmdline.cache.enabled": true, - "process.cgroups.enabled": false, - "process.include_cpu_ticks": false, - "processes": [ - ".*" - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process.summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.process.summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "process_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.socket_summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.socket_summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "socket_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.uptime" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.uptime-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "uptime" - ], - "period": "10s" - } - } - ], - "vars": { - "system.hostfs": { - "type": "text" - } - } + ], + "revision": 1, + "created_at": "2022-06-27T15:32:53.484Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:32:53.484Z", + "updated_by": "elastic" }, { - "type": "httpjson", - "policy_template": "system", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Application\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Security\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + "id": "9be915b0-9b9b-45e2-adfc-37f18b64d468", + "version": "WzEwMjIsMV0=", + "name": "nginx-http-servers-test", + "namespace": "default", + "description": "", + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.4.0" }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:System\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } - } - } - ], - "revision": 1, - "created_at": "2022-06-27T15:32:53.484Z", - "created_by": "elastic", - "updated_at": "2022-06-27T15:32:53.484Z", - "updated_by": "elastic" - }, - { - "id": "9be915b0-9b9b-45e2-adfc-37f18b64d468", - "version": "WzEwMjIsMV0=", - "name": "nginx-http-servers-test", - "namespace": "default", - "description": "", - "package": { - "name": "nginx", - "title": "Nginx", - "version": "1.4.0" - }, - "enabled": true, - "policy_id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", - "output_id": "", - "inputs": [ - { - "type": "logfile", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/access.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468", - "compiled_stream": { - "paths": [ - "/var/log/nginx/access.log*" - ], - "tags": [ - "nginx-access" - ], - "exclude_files": [ - ".gz$" - ], - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/error.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468", - "compiled_stream": { - "paths": [ - "/var/log/nginx/error.log*" - ], - "tags": [ - "nginx-error" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", - "negate": true, - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "httpjson", - "policy_template": "nginx", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:access", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "httpjson-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:error", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "httpjson-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } - } - }, - { - "type": "nginx/metrics", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "nginx.stubstatus" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" + "enabled": true, + "policy_id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } }, - "server_status_path": { - "value": "/nginx_status", - "type": "text" + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" + } + }, + "id": "nginx/metrics-nginx.stubstatus-9be915b0-9b9b-45e2-adfc-37f18b64d468", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } } - }, - "id": "nginx/metrics-nginx.stubstatus-9be915b0-9b9b-45e2-adfc-37f18b64d468", - "compiled_stream": { - "metricsets": [ - "stubstatus" - ], - "hosts": [ - "http://127.0.0.1:80" - ], - "period": "10s", - "server_status_path": "/nginx_status" - } - } - ], - "vars": { - "hosts": { - "value": [ - "http://127.0.0.1:80" - ], - "type": "text" - } - } + ], + "revision": 1, + "created_at": "2022-06-27T15:33:04.248Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:33:04.248Z", + "updated_by": "elastic" } - ], - "revision": 1, - "created_at": "2022-06-27T15:33:04.248Z", - "created_by": "elastic", - "updated_at": "2022-06-27T15:33:04.248Z", - "updated_by": "elastic" - } - ], - "agents": 0 + ], + "agents": 0 } \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-dump/package/agent_policies/8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json b/internal/dump/testdata/fleet-8-dump/package/agent_policies/8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json index 60cbdaa91..77939ff53 100644 --- a/internal/dump/testdata/fleet-8-dump/package/agent_policies/8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json +++ b/internal/dump/testdata/fleet-8-dump/package/agent_policies/8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json @@ -1,931 +1,931 @@ { - "id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", - "name": "Load Balancers Servers", - "description": "", - "namespace": "default", - "monitoring_enabled": [ - "logs", - "metrics" - ], - "status": "active", - "is_managed": false, - "revision": 2, - "updated_at": "2022-06-27T15:33:59.587Z", - "updated_by": "elastic", - "package_policies": [ - { - "id": "a09f2609-9e8b-4b48-998f-ce99340da027", - "version": "WzEzMjAsMV0=", - "name": "system-3", - "namespace": "default", - "package": { - "name": "system", - "title": "System", - "version": "1.16.2" - }, - "enabled": true, - "policy_id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", - "output_id": "fleet-default-output", - "inputs": [ + "id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", + "name": "Load Balancers Servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T15:33:59.587Z", + "updated_by": "elastic", + "package_policies": [ { - "type": "logfile", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.auth" - }, - "vars": { - "paths": { - "value": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "type": "text" - } - }, - "id": "logfile-system.auth-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "paths": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.syslog" - }, - "vars": { - "paths": { - "value": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "type": "text" - } - }, - "id": "logfile-system.syslog-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "paths": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "winlog", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.application-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "name": "Application", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.security-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "name": "Security", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.system-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "name": "System", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - } - ] - }, - { - "type": "system/metrics", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "metrics", - "dataset": "system.core" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "core.metrics": { - "value": [ - "percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.core-a09f2609-9e8b-4b48-998f-ce99340da027" - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.cpu" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "cpu.metrics": { - "value": [ - "percentages", - "normalized_percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.cpu-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "cpu" - ], - "cpu.metrics": [ - "percentages", - "normalized_percentages" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.diskio" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "diskio.include_devices": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.diskio-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "diskio" - ], - "diskio.include_devices": null, - "period": "10s" - } + "id": "a09f2609-9e8b-4b48-998f-ce99340da027", + "version": "WzEzMjAsMV0=", + "name": "system-3", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.16.2" }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.filesystem" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" - }, - "processors": { - "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - }, - "filesystem.ignore_types": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.filesystem-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "filesystem" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + "enabled": true, + "policy_id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "fleet-default-output", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-a09f2609-9e8b-4b48-998f-ce99340da027" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.fsstat" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" }, - "processors": { - "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - } - }, - "id": "system/metrics-system.fsstat-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "fsstat" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-a09f2609-9e8b-4b48-998f-ce99340da027" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-a09f2609-9e8b-4b48-998f-ce99340da027" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-a09f2609-9e8b-4b48-998f-ce99340da027" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.load" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.load-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "load" - ], - "condition": "${host.platform} != 'windows'", - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.memory" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" } - }, - "id": "system/metrics-system.memory-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "memory" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.network" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "network.interfaces": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.network-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "network" - ], - "period": "10s", - "network.interfaces": null - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "process.include_top_n.by_cpu": { - "value": 5, - "type": "integer" - }, - "process.include_top_n.by_memory": { - "value": 5, - "type": "integer" - }, - "process.cmdline.cache.enabled": { - "value": true, - "type": "bool" - }, - "process.cgroups.enabled": { - "value": false, - "type": "bool" - }, - "process.env.whitelist": { - "value": [], - "type": "text" - }, - "process.include_cpu_ticks": { - "value": false, - "type": "bool" - }, - "processes": { - "value": [ - ".*" - ], - "type": "text" - } - }, - "id": "system/metrics-system.process-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "process" - ], - "period": "10s", - "process.include_top_n.by_cpu": 5, - "process.include_top_n.by_memory": 5, - "process.cmdline.cache.enabled": true, - "process.cgroups.enabled": false, - "process.include_cpu_ticks": false, - "processes": [ - ".*" - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process.summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.process.summary-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "process_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.socket_summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.socket_summary-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "socket_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.uptime" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.uptime-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "uptime" - ], - "period": "10s" - } - } - ], - "vars": { - "system.hostfs": { - "type": "text" - } - } + ], + "revision": 1, + "created_at": "2022-06-27T15:33:55.519Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:33:55.519Z", + "updated_by": "elastic" }, { - "type": "httpjson", - "policy_template": "system", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Application\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.application-a09f2609-9e8b-4b48-998f-ce99340da027" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Security\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.security-a09f2609-9e8b-4b48-998f-ce99340da027" + "id": "46331ee9-90a9-4b1f-b568-98641e9bafc9", + "version": "WzEzMjIsMV0=", + "name": "nginx-load-balancers-test", + "namespace": "default", + "description": "", + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.4.0" }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:System\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.system-a09f2609-9e8b-4b48-998f-ce99340da027" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } - } - } - ], - "revision": 1, - "created_at": "2022-06-27T15:33:55.519Z", - "created_by": "elastic", - "updated_at": "2022-06-27T15:33:55.519Z", - "updated_by": "elastic" - }, - { - "id": "46331ee9-90a9-4b1f-b568-98641e9bafc9", - "version": "WzEzMjIsMV0=", - "name": "nginx-load-balancers-test", - "namespace": "default", - "description": "", - "package": { - "name": "nginx", - "title": "Nginx", - "version": "1.4.0" - }, - "enabled": true, - "policy_id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", - "output_id": "", - "inputs": [ - { - "type": "logfile", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/access.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9", - "compiled_stream": { - "paths": [ - "/var/log/nginx/access.log*" - ], - "tags": [ - "nginx-access" - ], - "exclude_files": [ - ".gz$" - ], - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/error.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9", - "compiled_stream": { - "paths": [ - "/var/log/nginx/error.log*" - ], - "tags": [ - "nginx-error" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", - "negate": true, - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "httpjson", - "policy_template": "nginx", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:access", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "httpjson-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:error", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "httpjson-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } - } - }, - { - "type": "nginx/metrics", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "nginx.stubstatus" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" + "enabled": true, + "policy_id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } }, - "server_status_path": { - "value": "/nginx_status", - "type": "text" + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" + } + }, + "id": "nginx/metrics-nginx.stubstatus-46331ee9-90a9-4b1f-b568-98641e9bafc9", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } } - }, - "id": "nginx/metrics-nginx.stubstatus-46331ee9-90a9-4b1f-b568-98641e9bafc9", - "compiled_stream": { - "metricsets": [ - "stubstatus" - ], - "hosts": [ - "http://127.0.0.1:80" - ], - "period": "10s", - "server_status_path": "/nginx_status" - } - } - ], - "vars": { - "hosts": { - "value": [ - "http://127.0.0.1:80" - ], - "type": "text" - } - } + ], + "revision": 1, + "created_at": "2022-06-27T15:33:58.606Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:33:58.606Z", + "updated_by": "elastic" } - ], - "revision": 1, - "created_at": "2022-06-27T15:33:58.606Z", - "created_by": "elastic", - "updated_at": "2022-06-27T15:33:58.606Z", - "updated_by": "elastic" - } - ], - "agents": 0 + ], + "agents": 0 } \ No newline at end of file From 7251ad6de9d304242ed1e782e4a81236b88ce37e Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Date: Tue, 28 Jun 2022 12:49:54 +0200 Subject: [PATCH 25/27] Set again get,post,put,delete methods as private Move test client into the same kibana package to allow use private methods of the package. --- internal/dump/agentpolicies_test.go | 7 +++---- internal/kibana/agents.go | 6 +++--- internal/kibana/client.go | 8 ++++---- internal/kibana/dashboards.go | 2 +- internal/kibana/{test => }/httptest.go | 14 ++++++-------- internal/kibana/injected_metadata.go | 2 +- internal/kibana/packages.go | 4 ++-- internal/kibana/policies.go | 12 ++++++------ internal/kibana/saved_objects.go | 2 +- 9 files changed, 27 insertions(+), 30 deletions(-) rename internal/kibana/{test => }/httptest.go (86%) diff --git a/internal/dump/agentpolicies_test.go b/internal/dump/agentpolicies_test.go index 418d77b46..d60f105ab 100644 --- a/internal/dump/agentpolicies_test.go +++ b/internal/dump/agentpolicies_test.go @@ -13,7 +13,6 @@ import ( "github.com/stretchr/testify/suite" "github.com/elastic/elastic-package/internal/kibana" - kibtest "github.com/elastic/elastic-package/internal/kibana/test" ) func TestDumpAgentPolicies(t *testing.T) { @@ -111,7 +110,7 @@ func (s *agentPoliciesDumpSuite) SetupTest() { } func (s *agentPoliciesDumpSuite) TestDumpAll() { - client := kibtest.KibanaClient(s.T(), s.RecordDir) + client := kibana.NewTestClient(s.T(), s.RecordDir) outputDir := s.T().TempDir() dumper := NewAgentPoliciesDumper(client) @@ -128,7 +127,7 @@ func (s *agentPoliciesDumpSuite) TestDumpAll() { } func (s *agentPoliciesDumpSuite) TestDumpByPackage() { - client := kibtest.KibanaClient(s.T(), s.RecordDir) + client := kibana.NewTestClient(s.T(), s.RecordDir) outputDir := s.T().TempDir() dumper := NewAgentPoliciesDumper(client) @@ -145,7 +144,7 @@ func (s *agentPoliciesDumpSuite) TestDumpByPackage() { } func (s *agentPoliciesDumpSuite) TestDumpByName() { - client := kibtest.KibanaClient(s.T(), s.RecordDir) + client := kibana.NewTestClient(s.T(), s.RecordDir) outputDir := s.T().TempDir() dumper := NewAgentPoliciesDumper(client) diff --git a/internal/kibana/agents.go b/internal/kibana/agents.go index 9b8e9bceb..b60588186 100644 --- a/internal/kibana/agents.go +++ b/internal/kibana/agents.go @@ -41,7 +41,7 @@ func (a *Agent) String() string { // ListAgents returns the list of agents enrolled with Fleet. func (c *Client) ListAgents() ([]Agent, error) { - statusCode, respBody, err := c.Get(fmt.Sprintf("%s/agents", FleetAPI)) + statusCode, respBody, err := c.get(fmt.Sprintf("%s/agents", FleetAPI)) if err != nil { return nil, errors.Wrap(err, "could not list agents") } @@ -66,7 +66,7 @@ func (c *Client) AssignPolicyToAgent(a Agent, p Policy) error { reqBody := `{ "policy_id": "` + p.ID + `" }` path := fmt.Sprintf("%s/agents/%s/reassign", FleetAPI, a.ID) - statusCode, respBody, err := c.Put(path, []byte(reqBody)) + statusCode, respBody, err := c.put(path, []byte(reqBody)) if err != nil { return errors.Wrap(err, "could not assign policy to agent") } @@ -111,7 +111,7 @@ func (c *Client) waitUntilPolicyAssigned(a Agent, p Policy) error { } func (c *Client) getAgent(agentID string) (*Agent, error) { - statusCode, respBody, err := c.Get(fmt.Sprintf("%s/agents/%s", FleetAPI, agentID)) + statusCode, respBody, err := c.get(fmt.Sprintf("%s/agents/%s", FleetAPI, agentID)) if err != nil { return nil, errors.Wrap(err, "could not list agents") } diff --git a/internal/kibana/client.go b/internal/kibana/client.go index 29018b75c..7550dbb06 100644 --- a/internal/kibana/client.go +++ b/internal/kibana/client.go @@ -80,19 +80,19 @@ func CertificateAuthority(certificateAuthority string) ClientOption { } } -func (c *Client) Get(resourcePath string) (int, []byte, error) { +func (c *Client) get(resourcePath string) (int, []byte, error) { return c.sendRequest(http.MethodGet, resourcePath, nil) } -func (c *Client) Post(resourcePath string, body []byte) (int, []byte, error) { +func (c *Client) post(resourcePath string, body []byte) (int, []byte, error) { return c.sendRequest(http.MethodPost, resourcePath, body) } -func (c *Client) Put(resourcePath string, body []byte) (int, []byte, error) { +func (c *Client) put(resourcePath string, body []byte) (int, []byte, error) { return c.sendRequest(http.MethodPut, resourcePath, body) } -func (c *Client) Delete(resourcePath string) (int, []byte, error) { +func (c *Client) delete(resourcePath string) (int, []byte, error) { return c.sendRequest(http.MethodDelete, resourcePath, nil) } diff --git a/internal/kibana/dashboards.go b/internal/kibana/dashboards.go index b0c00c29e..d1e9313ad 100644 --- a/internal/kibana/dashboards.go +++ b/internal/kibana/dashboards.go @@ -33,7 +33,7 @@ func (c *Client) Export(dashboardIDs []string) ([]common.MapStr, error) { } path := fmt.Sprintf("%s/dashboards/export%s", CoreAPI, query.String()) - statusCode, respBody, err := c.Get(path) + statusCode, respBody, err := c.get(path) if err != nil { return nil, errors.Wrapf(err, "could not export dashboards; API status code = %d; response body = %s", statusCode, respBody) } diff --git a/internal/kibana/test/httptest.go b/internal/kibana/httptest.go similarity index 86% rename from internal/kibana/test/httptest.go rename to internal/kibana/httptest.go index 56f962e78..428af8487 100644 --- a/internal/kibana/test/httptest.go +++ b/internal/kibana/httptest.go @@ -2,7 +2,7 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -package test +package kibana import ( "net/http" @@ -13,20 +13,18 @@ import ( "testing" "github.com/stretchr/testify/require" - - "github.com/elastic/elastic-package/internal/kibana" ) // KibanaClient returns a client for a testing http server that uses prerecorded // responses. If responses are not found, it forwards the query to the server started by // elastic-package stack, and records the response. // Responses are recorded in the directory indicated by serverDataDir. -func KibanaClient(t *testing.T, serverDataDir string) *kibana.Client { +func NewTestClient(t *testing.T, serverDataDir string) *Client { server := testKibanaServer(t, serverDataDir) t.Cleanup(func() { server.Close() }) - client, err := kibana.NewClient( - kibana.Address(server.URL), + client, err := NewClient( + Address(server.URL), ) require.NoError(t, err) @@ -56,11 +54,11 @@ func pathForURL(url string) string { } func recordRequest(t *testing.T, r *http.Request, path string) { - client, err := kibana.NewClient() + client, err := NewClient() require.NoError(t, err) t.Logf("Recording %s in %s", r.URL.RequestURI(), path) - status, respBody, err := client.Get(r.URL.RequestURI()) + status, respBody, err := client.get(r.URL.RequestURI()) require.Equal(t, 200, status) require.NoError(t, err) diff --git a/internal/kibana/injected_metadata.go b/internal/kibana/injected_metadata.go index 67597fd77..3b3f6e99a 100644 --- a/internal/kibana/injected_metadata.go +++ b/internal/kibana/injected_metadata.go @@ -24,7 +24,7 @@ type injectedMetadata struct { // Version method returns the Kibana version. func (c *Client) Version() (string, error) { - statusCode, respBody, err := c.Get("/login") + statusCode, respBody, err := c.get("/login") if err != nil { return "", errors.Wrap(err, "could not reach login endpoint") } diff --git a/internal/kibana/packages.go b/internal/kibana/packages.go index af463bcc9..c0669a5e9 100644 --- a/internal/kibana/packages.go +++ b/internal/kibana/packages.go @@ -19,7 +19,7 @@ func (c *Client) InstallPackage(pkg packages.PackageManifest) ([]packages.Asset, path := fmt.Sprintf("%s/epm/packages/%s-%s", FleetAPI, pkg.Name, pkg.Version) reqBody := []byte(`{"force":true}`) // allows installing older versions of the package being tested - statusCode, respBody, err := c.Post(path, reqBody) + statusCode, respBody, err := c.post(path, reqBody) if err != nil { return nil, errors.Wrap(err, "could not install package") } @@ -30,7 +30,7 @@ func (c *Client) InstallPackage(pkg packages.PackageManifest) ([]packages.Asset, // RemovePackage removes the given package from Fleet. func (c *Client) RemovePackage(pkg packages.PackageManifest) ([]packages.Asset, error) { path := fmt.Sprintf("%s/epm/packages/%s-%s", FleetAPI, pkg.Name, pkg.Version) - statusCode, respBody, err := c.Delete(path) + statusCode, respBody, err := c.delete(path) if err != nil { return nil, errors.Wrap(err, "could not delete package") } diff --git a/internal/kibana/policies.go b/internal/kibana/policies.go index 366e957a7..11df8543a 100644 --- a/internal/kibana/policies.go +++ b/internal/kibana/policies.go @@ -30,7 +30,7 @@ func (c *Client) CreatePolicy(p Policy) (*Policy, error) { return nil, errors.Wrap(err, "could not convert policy (request) to JSON") } - statusCode, respBody, err := c.Post(fmt.Sprintf("%s/agent_policies", FleetAPI), reqBody) + statusCode, respBody, err := c.post(fmt.Sprintf("%s/agent_policies", FleetAPI), reqBody) if err != nil { return nil, errors.Wrap(err, "could not create policy") } @@ -52,7 +52,7 @@ func (c *Client) CreatePolicy(p Policy) (*Policy, error) { // GetPolicy fetches the given Policy in Fleet. func (c *Client) GetPolicy(policyID string) (*Policy, error) { - statusCode, respBody, err := c.Get(fmt.Sprintf("%s/agent_policies/%s", FleetAPI, policyID)) + statusCode, respBody, err := c.get(fmt.Sprintf("%s/agent_policies/%s", FleetAPI, policyID)) if err != nil { return nil, errors.Wrap(err, "could not get policy") } @@ -74,7 +74,7 @@ func (c *Client) GetPolicy(policyID string) (*Policy, error) { // GetRawPolicy fetches the given Policy with all the fields in Fleet. func (c *Client) GetRawPolicy(policyID string) (json.RawMessage, error) { - statusCode, respBody, err := c.Get(fmt.Sprintf("%s/agent_policies/%s", FleetAPI, policyID)) + statusCode, respBody, err := c.get(fmt.Sprintf("%s/agent_policies/%s", FleetAPI, policyID)) if err != nil { return nil, errors.Wrap(err, "could not get policy") } @@ -107,7 +107,7 @@ func (c *Client) ListRawPolicies() ([]json.RawMessage, error) { } for finished := false; !finished; finished = itemsRetrieved == resp.Total { - statusCode, respBody, err := c.Get(fmt.Sprintf("%s/agent_policies?full=true&page=%d", FleetAPI, currentPage)) + statusCode, respBody, err := c.get(fmt.Sprintf("%s/agent_policies?full=true&page=%d", FleetAPI, currentPage)) if err != nil { return nil, errors.Wrap(err, "could not get policies") } @@ -132,7 +132,7 @@ func (c *Client) ListRawPolicies() ([]json.RawMessage, error) { func (c *Client) DeletePolicy(p Policy) error { reqBody := `{ "agentPolicyId": "` + p.ID + `" }` - statusCode, respBody, err := c.Post(fmt.Sprintf("%s/agent_policies/delete", FleetAPI), []byte(reqBody)) + statusCode, respBody, err := c.post(fmt.Sprintf("%s/agent_policies/delete", FleetAPI), []byte(reqBody)) if err != nil { return errors.Wrap(err, "could not delete policy") } @@ -202,7 +202,7 @@ func (c *Client) AddPackageDataStreamToPolicy(r PackageDataStream) error { return errors.Wrap(err, "could not convert policy-package (request) to JSON") } - statusCode, respBody, err := c.Post(fmt.Sprintf("%s/package_policies", FleetAPI), reqBody) + statusCode, respBody, err := c.post(fmt.Sprintf("%s/package_policies", FleetAPI), reqBody) if err != nil { return errors.Wrap(err, "could not add package to policy") } diff --git a/internal/kibana/saved_objects.go b/internal/kibana/saved_objects.go index d448a5a43..c1a35ba9b 100644 --- a/internal/kibana/saved_objects.go +++ b/internal/kibana/saved_objects.go @@ -92,7 +92,7 @@ func (c *Client) FindDashboards() (DashboardSavedObjects, error) { func (c *Client) findDashboardsNextPage(page int) (*savedObjectsResponse, error) { path := fmt.Sprintf("%s/_find?type=dashboard&fields=title&per_page=%d&page=%d", SavedObjectsAPI, findDashboardsPerPage, page) - statusCode, respBody, err := c.Get(path) + statusCode, respBody, err := c.get(path) if err != nil { return nil, errors.Wrapf(err, "could not find dashboards; API status code = %d; response body = %s", statusCode, respBody) } From cc1a24547e251de2fdc078ff4e5f7b83565e2e45 Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Date: Tue, 28 Jun 2022 13:21:48 +0200 Subject: [PATCH 26/27] Fix --- internal/kibana/client_test.go | 6 +++--- internal/kibana/httptest.go | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/internal/kibana/client_test.go b/internal/kibana/client_test.go index 51c749eb0..eb0402152 100644 --- a/internal/kibana/client_test.go +++ b/internal/kibana/client_test.go @@ -30,7 +30,7 @@ func TestClientWithTLS(t *testing.T) { client, err := NewClient(Address(server.URL)) require.NoError(t, err) - _, _, err = client.Get("/") + _, _, err = client.get("/") assert.Error(t, err) }) @@ -38,7 +38,7 @@ func TestClientWithTLS(t *testing.T) { client, err := NewClient(Address(server.URL), CertificateAuthority(caCertFile)) require.NoError(t, err) - _, _, err = client.Get("/") + _, _, err = client.get("/") assert.NoError(t, err) }) @@ -46,7 +46,7 @@ func TestClientWithTLS(t *testing.T) { client, err := NewClient(Address(server.URL), TLSSkipVerify()) require.NoError(t, err) - _, _, err = client.Get("/") + _, _, err = client.get("/") assert.NoError(t, err) }) } diff --git a/internal/kibana/httptest.go b/internal/kibana/httptest.go index 428af8487..4830292e8 100644 --- a/internal/kibana/httptest.go +++ b/internal/kibana/httptest.go @@ -15,7 +15,7 @@ import ( "github.com/stretchr/testify/require" ) -// KibanaClient returns a client for a testing http server that uses prerecorded +// NewTestClient returns a client for a testing http server that uses prerecorded // responses. If responses are not found, it forwards the query to the server started by // elastic-package stack, and records the response. // Responses are recorded in the directory indicated by serverDataDir. From eb1fe46e5d610cfe444374aad7355348eb8500dd Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Date: Tue, 28 Jun 2022 16:22:25 +0200 Subject: [PATCH 27/27] Revert "Use formatter package to dump JSONs - rewritten all dumped files" This reverts commit ac2b8cafb75c39e9e4a0959b28d321b4232a243e. --- internal/dump/json.go | 15 +- .../.fleet_component_template-1.json | 52 +- .../logs-apache.access@custom.json | 20 +- .../logs-apache.access@settings.json | 184 +- .../logs-apache.error@custom.json | 20 +- .../logs-apache.error@settings.json | 162 +- .../metrics-apache.status@custom.json | 20 +- .../metrics-apache.status@settings.json | 106 +- .../ilm_policies/logs.json | 100 +- .../ilm_policies/metrics.json | 156 +- .../index_templates/logs-apache.access.json | 1044 +++++----- .../index_templates/logs-apache.error.json | 958 ++++----- .../metrics-apache.status.json | 980 ++++----- .../.fleet_final_pipeline-1.json | 168 +- .../logs-apache.access-1.3.4-third-party.json | 130 +- .../logs-apache.access-1.3.4.json | 400 ++-- .../logs-apache.error-1.3.4-third-party.json | 130 +- .../logs-apache.error-1.3.4.json | 376 ++-- .../.fleet_component_template-1.json | 54 +- .../logs-apache.access@custom.json | 24 +- .../logs-apache.access@settings.json | 188 +- .../logs-apache.error@custom.json | 24 +- .../logs-apache.error@settings.json | 166 +- .../metrics-apache.status@custom.json | 24 +- .../metrics-apache.status@settings.json | 110 +- .../ilm_policies/logs.json | 80 +- .../ilm_policies/metrics.json | 92 +- .../index_templates/logs-apache.access.json | 1064 +++++----- .../index_templates/logs-apache.error.json | 978 ++++----- .../metrics-apache.status.json | 982 ++++----- .../.fleet_final_pipeline-1.json | 174 +- .../logs-apache.access-1.3.6-third-party.json | 142 +- .../logs-apache.access-1.3.6.json | 412 ++-- .../logs-apache.error-1.3.6-third-party.json | 142 +- .../logs-apache.error-1.3.6.json | 388 ++-- .../499b5aa7-d214-5b5d-838b-3cd76469844e.json | 144 +- .../2016d7cc-135e-5583-9758-3ba01f5a06e5.json | 1334 ++++++------ .../499b5aa7-d214-5b5d-838b-3cd76469844e.json | 146 +- .../b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json | 1834 ++++++++--------- .../edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json | 1834 ++++++++--------- .../b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json | 1834 ++++++++--------- .../edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json | 1834 ++++++++--------- .../agent_policies/fleet-server-policy.json | 140 +- .../67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json | 1834 ++++++++--------- .../8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json | 1834 ++++++++--------- .../elastic-agent-managed-ep.json | 1332 ++++++------ .../agent_policies/fleet-server-policy.json | 142 +- .../67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json | 1834 ++++++++--------- .../8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json | 1834 ++++++++--------- 49 files changed, 13992 insertions(+), 13983 deletions(-) diff --git a/internal/dump/json.go b/internal/dump/json.go index 7c6fcb83c..c655a2b19 100644 --- a/internal/dump/json.go +++ b/internal/dump/json.go @@ -5,12 +5,12 @@ package dump import ( + "bytes" + "encoding/json" "fmt" "io/ioutil" "os" "path/filepath" - - "github.com/elastic/elastic-package/internal/formatter" ) type DumpableJSONResource interface { @@ -22,7 +22,7 @@ func dumpJSONResource(dir string, object DumpableJSONResource) error { if err := os.MkdirAll(dir, 0755); err != nil { return fmt.Errorf("failed to create dump directory: %w", err) } - formatted, _, err := formatter.JSONFormatter(object.JSON()) + formatted, err := formatJSON(object.JSON()) if err != nil { return fmt.Errorf("failed to format JSON object: %w", err) } @@ -33,3 +33,12 @@ func dumpJSONResource(dir string, object DumpableJSONResource) error { } return nil } + +func formatJSON(in []byte) ([]byte, error) { + var buf bytes.Buffer + err := json.Indent(&buf, in, "", " ") + if err != nil { + return nil, err + } + return buf.Bytes(), nil +} diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/.fleet_component_template-1.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/.fleet_component_template-1.json index ca0b9621e..e5371a1d2 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/.fleet_component_template-1.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/.fleet_component_template-1.json @@ -1,29 +1,29 @@ { - "name": ".fleet_component_template-1", - "component_template": { - "template": { - "settings": { - "index": { - "final_pipeline": ".fleet_final_pipeline-1" - } - }, - "mappings": { - "properties": { - "event": { - "properties": { - "agent_id_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "ingested": { - "format": "strict_date_time_no_millis||strict_date_optional_time||epoch_millis", - "type": "date" - } - } - } - } + "name": ".fleet_component_template-1", + "component_template": { + "template": { + "settings": { + "index": { + "final_pipeline": ".fleet_final_pipeline-1" + } + }, + "mappings": { + "properties": { + "event": { + "properties": { + "agent_id_status": { + "ignore_above": 1024, + "type": "keyword" + }, + "ingested": { + "format": "strict_date_time_no_millis||strict_date_optional_time||epoch_millis", + "type": "date" + } } - }, - "_meta": {} - } + } + } + } + }, + "_meta": {} + } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.access@custom.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.access@custom.json index 5d6265cfd..e61071082 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.access@custom.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.access@custom.json @@ -1,13 +1,13 @@ { - "name": "logs-apache.access@custom", - "component_template": { - "template": { - "settings": {} - }, - "_meta": { - "package": { - "name": "apache" - } - } + "name": "logs-apache.access@custom", + "component_template": { + "template": { + "settings": {} + }, + "_meta": { + "package": { + "name": "apache" + } } + } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.access@settings.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.access@settings.json index 63e917301..37ee561bd 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.access@settings.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.access@settings.json @@ -1,97 +1,97 @@ { - "name": "logs-apache.access@settings", - "component_template": { - "template": { - "settings": { - "index": { - "lifecycle": { - "name": "logs" - }, - "codec": "best_compression", - "mapping": { - "total_fields": { - "limit": "10000" - } - }, - "query": { - "default_field": [ - "cloud.account.id", - "cloud.availability_zone", - "cloud.instance.id", - "cloud.instance.name", - "cloud.machine.type", - "cloud.provider", - "cloud.region", - "cloud.project.id", - "cloud.image.id", - "container.id", - "container.image.name", - "container.name", - "host.architecture", - "host.domain", - "host.hostname", - "host.id", - "host.mac", - "host.name", - "host.os.family", - "host.os.kernel", - "host.os.name", - "host.os.platform", - "host.os.version", - "host.type", - "host.os.build", - "host.os.codename", - "input.type", - "destination.domain", - "ecs.version", - "event.category", - "event.kind", - "event.outcome", - "file.path", - "http.request.method", - "http.request.referrer", - "http.version", - "log.file.path", - "log.level", - "source.address", - "source.as.organization.name", - "source.domain", - "source.geo.city_name", - "source.geo.continent_name", - "source.geo.country_iso_code", - "source.geo.country_name", - "source.geo.region_iso_code", - "source.geo.region_name", - "tags", - "tls.cipher", - "tls.version", - "tls.version_protocol", - "url.domain", - "url.extension", - "url.query", - "user.name", - "user_agent.device.name", - "user_agent.device.name", - "user_agent.name", - "user_agent.name", - "user_agent.original", - "user_agent.original", - "user_agent.os.full", - "user_agent.os.name", - "user_agent.os.name", - "user_agent.os.version", - "user_agent.version", - "apache.access.ssl.protocol", - "apache.access.ssl.cipher" - ] - } - } - } - }, - "_meta": { - "package": { - "name": "apache" + "name": "logs-apache.access@settings", + "component_template": { + "template": { + "settings": { + "index": { + "lifecycle": { + "name": "logs" + }, + "codec": "best_compression", + "mapping": { + "total_fields": { + "limit": "10000" } + }, + "query": { + "default_field": [ + "cloud.account.id", + "cloud.availability_zone", + "cloud.instance.id", + "cloud.instance.name", + "cloud.machine.type", + "cloud.provider", + "cloud.region", + "cloud.project.id", + "cloud.image.id", + "container.id", + "container.image.name", + "container.name", + "host.architecture", + "host.domain", + "host.hostname", + "host.id", + "host.mac", + "host.name", + "host.os.family", + "host.os.kernel", + "host.os.name", + "host.os.platform", + "host.os.version", + "host.type", + "host.os.build", + "host.os.codename", + "input.type", + "destination.domain", + "ecs.version", + "event.category", + "event.kind", + "event.outcome", + "file.path", + "http.request.method", + "http.request.referrer", + "http.version", + "log.file.path", + "log.level", + "source.address", + "source.as.organization.name", + "source.domain", + "source.geo.city_name", + "source.geo.continent_name", + "source.geo.country_iso_code", + "source.geo.country_name", + "source.geo.region_iso_code", + "source.geo.region_name", + "tags", + "tls.cipher", + "tls.version", + "tls.version_protocol", + "url.domain", + "url.extension", + "url.query", + "user.name", + "user_agent.device.name", + "user_agent.device.name", + "user_agent.name", + "user_agent.name", + "user_agent.original", + "user_agent.original", + "user_agent.os.full", + "user_agent.os.name", + "user_agent.os.name", + "user_agent.os.version", + "user_agent.version", + "apache.access.ssl.protocol", + "apache.access.ssl.cipher" + ] + } } + } + }, + "_meta": { + "package": { + "name": "apache" + } } + } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.error@custom.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.error@custom.json index 341be8997..41cfc9eac 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.error@custom.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.error@custom.json @@ -1,13 +1,13 @@ { - "name": "logs-apache.error@custom", - "component_template": { - "template": { - "settings": {} - }, - "_meta": { - "package": { - "name": "apache" - } - } + "name": "logs-apache.error@custom", + "component_template": { + "template": { + "settings": {} + }, + "_meta": { + "package": { + "name": "apache" + } } + } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.error@settings.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.error@settings.json index 08e8e9a83..65cbdba8b 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.error@settings.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/logs-apache.error@settings.json @@ -1,86 +1,86 @@ { - "name": "logs-apache.error@settings", - "component_template": { - "template": { - "settings": { - "index": { - "lifecycle": { - "name": "logs" - }, - "codec": "best_compression", - "mapping": { - "total_fields": { - "limit": "10000" - } - }, - "query": { - "default_field": [ - "cloud.account.id", - "cloud.availability_zone", - "cloud.instance.id", - "cloud.instance.name", - "cloud.machine.type", - "cloud.provider", - "cloud.region", - "cloud.project.id", - "cloud.image.id", - "container.id", - "container.image.name", - "container.name", - "host.architecture", - "host.domain", - "host.hostname", - "host.id", - "host.mac", - "host.name", - "host.os.family", - "host.os.kernel", - "host.os.name", - "host.os.platform", - "host.os.version", - "host.type", - "host.os.build", - "host.os.codename", - "input.type", - "tags", - "ecs.version", - "event.category", - "event.kind", - "event.timezone", - "event.type", - "file.path", - "http.request.method", - "http.request.referrer", - "http.version", - "log.file.path", - "log.level", - "source.address", - "source.as.organization.name", - "source.geo.city_name", - "source.geo.continent_name", - "source.geo.country_iso_code", - "source.geo.country_name", - "source.geo.region_iso_code", - "source.geo.region_name", - "tags", - "url.domain", - "url.extension", - "url.query", - "user.name", - "user_agent.device.name", - "user_agent.name", - "user_agent.original", - "user_agent.os.name", - "apache.error.module" - ] - } - } - } - }, - "_meta": { - "package": { - "name": "apache" + "name": "logs-apache.error@settings", + "component_template": { + "template": { + "settings": { + "index": { + "lifecycle": { + "name": "logs" + }, + "codec": "best_compression", + "mapping": { + "total_fields": { + "limit": "10000" } + }, + "query": { + "default_field": [ + "cloud.account.id", + "cloud.availability_zone", + "cloud.instance.id", + "cloud.instance.name", + "cloud.machine.type", + "cloud.provider", + "cloud.region", + "cloud.project.id", + "cloud.image.id", + "container.id", + "container.image.name", + "container.name", + "host.architecture", + "host.domain", + "host.hostname", + "host.id", + "host.mac", + "host.name", + "host.os.family", + "host.os.kernel", + "host.os.name", + "host.os.platform", + "host.os.version", + "host.type", + "host.os.build", + "host.os.codename", + "input.type", + "tags", + "ecs.version", + "event.category", + "event.kind", + "event.timezone", + "event.type", + "file.path", + "http.request.method", + "http.request.referrer", + "http.version", + "log.file.path", + "log.level", + "source.address", + "source.as.organization.name", + "source.geo.city_name", + "source.geo.continent_name", + "source.geo.country_iso_code", + "source.geo.country_name", + "source.geo.region_iso_code", + "source.geo.region_name", + "tags", + "url.domain", + "url.extension", + "url.query", + "user.name", + "user_agent.device.name", + "user_agent.name", + "user_agent.original", + "user_agent.os.name", + "apache.error.module" + ] + } } + } + }, + "_meta": { + "package": { + "name": "apache" + } } + } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/metrics-apache.status@custom.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/metrics-apache.status@custom.json index 80e702519..fbcf3cfe3 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/metrics-apache.status@custom.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/metrics-apache.status@custom.json @@ -1,13 +1,13 @@ { - "name": "metrics-apache.status@custom", - "component_template": { - "template": { - "settings": {} - }, - "_meta": { - "package": { - "name": "apache" - } - } + "name": "metrics-apache.status@custom", + "component_template": { + "template": { + "settings": {} + }, + "_meta": { + "package": { + "name": "apache" + } } + } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/metrics-apache.status@settings.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/metrics-apache.status@settings.json index 17c627e9a..cbc410751 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/metrics-apache.status@settings.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/component_templates/metrics-apache.status@settings.json @@ -1,58 +1,58 @@ { - "name": "metrics-apache.status@settings", - "component_template": { - "template": { - "settings": { - "index": { - "lifecycle": { - "name": "metrics" - }, - "codec": "best_compression", - "mapping": { - "total_fields": { - "limit": "10000" - } - }, - "query": { - "default_field": [ - "cloud.account.id", - "cloud.availability_zone", - "cloud.instance.id", - "cloud.instance.name", - "cloud.machine.type", - "cloud.provider", - "cloud.region", - "cloud.project.id", - "cloud.image.id", - "container.id", - "container.image.name", - "container.name", - "host.architecture", - "host.domain", - "host.hostname", - "host.id", - "host.mac", - "host.name", - "host.os.family", - "host.os.kernel", - "host.os.name", - "host.os.platform", - "host.os.version", - "host.type", - "host.os.build", - "host.os.codename", - "ecs.version", - "service.address", - "service.type" - ] - } - } - } - }, - "_meta": { - "package": { - "name": "apache" + "name": "metrics-apache.status@settings", + "component_template": { + "template": { + "settings": { + "index": { + "lifecycle": { + "name": "metrics" + }, + "codec": "best_compression", + "mapping": { + "total_fields": { + "limit": "10000" } + }, + "query": { + "default_field": [ + "cloud.account.id", + "cloud.availability_zone", + "cloud.instance.id", + "cloud.instance.name", + "cloud.machine.type", + "cloud.provider", + "cloud.region", + "cloud.project.id", + "cloud.image.id", + "container.id", + "container.image.name", + "container.name", + "host.architecture", + "host.domain", + "host.hostname", + "host.id", + "host.mac", + "host.name", + "host.os.family", + "host.os.kernel", + "host.os.name", + "host.os.platform", + "host.os.version", + "host.type", + "host.os.build", + "host.os.codename", + "ecs.version", + "service.address", + "service.type" + ] + } } + } + }, + "_meta": { + "package": { + "name": "apache" + } } + } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ilm_policies/logs.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ilm_policies/logs.json index 539190ee4..65680aca2 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ilm_policies/logs.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ilm_policies/logs.json @@ -1,55 +1,55 @@ { - "version": 1, - "modified_date": "2022-01-25T18:01:46.058Z", - "policy": { - "phases": { - "hot": { - "min_age": "0ms", - "actions": { - "rollover": { - "max_primary_shard_size": "50gb", - "max_age": "30d" - } - } - } - }, - "_meta": { - "managed": true, - "description": "default policy for the logs index template installed by x-pack" + "version": 1, + "modified_date": "2022-01-25T18:01:46.058Z", + "policy": { + "phases": { + "hot": { + "min_age": "0ms", + "actions": { + "rollover": { + "max_primary_shard_size": "50gb", + "max_age": "30d" + } } + } }, - "in_use_by": { - "indices": [ - ".ds-logs-elastic_agent-default-2022.01.25-000001", - ".ds-logs-elastic_agent.metricbeat-default-2022.01.25-000001", - ".ds-logs-elastic_agent.filebeat-default-2022.01.25-000001", - ".ds-logs-elastic_agent.fleet_server-default-2022.01.25-000001" - ], - "data_streams": [ - "logs-elastic_agent-default", - "logs-elastic_agent.metricbeat-default", - "logs-elastic_agent.filebeat-default", - "logs-elastic_agent.fleet_server-default" - ], - "composable_templates": [ - "logs-apache.access", - "logs-elastic_agent.apm_server", - "logs-system.security", - "logs-system.auth", - "logs-elastic_agent.metricbeat", - "logs-elastic_agent.filebeat", - "logs-elastic_agent.packetbeat", - "logs-elastic_agent.endpoint_security", - "logs-elastic_agent.fleet_server", - "logs-apache.error", - "logs-system.system", - "logs-system.application", - "logs-elastic_agent.osquerybeat", - "logs-elastic_agent.heartbeat", - "logs-system.syslog", - "logs-elastic_agent.auditbeat", - "logs", - "logs-elastic_agent" - ] + "_meta": { + "managed": true, + "description": "default policy for the logs index template installed by x-pack" } + }, + "in_use_by": { + "indices": [ + ".ds-logs-elastic_agent-default-2022.01.25-000001", + ".ds-logs-elastic_agent.metricbeat-default-2022.01.25-000001", + ".ds-logs-elastic_agent.filebeat-default-2022.01.25-000001", + ".ds-logs-elastic_agent.fleet_server-default-2022.01.25-000001" + ], + "data_streams": [ + "logs-elastic_agent-default", + "logs-elastic_agent.metricbeat-default", + "logs-elastic_agent.filebeat-default", + "logs-elastic_agent.fleet_server-default" + ], + "composable_templates": [ + "logs-apache.access", + "logs-elastic_agent.apm_server", + "logs-system.security", + "logs-system.auth", + "logs-elastic_agent.metricbeat", + "logs-elastic_agent.filebeat", + "logs-elastic_agent.packetbeat", + "logs-elastic_agent.endpoint_security", + "logs-elastic_agent.fleet_server", + "logs-apache.error", + "logs-system.system", + "logs-system.application", + "logs-elastic_agent.osquerybeat", + "logs-elastic_agent.heartbeat", + "logs-system.syslog", + "logs-elastic_agent.auditbeat", + "logs", + "logs-elastic_agent" + ] + } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ilm_policies/metrics.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ilm_policies/metrics.json index ea1fc7545..ef39cae8a 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ilm_policies/metrics.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ilm_policies/metrics.json @@ -1,83 +1,83 @@ { - "version": 1, - "modified_date": "2022-01-25T18:01:48.410Z", - "policy": { - "phases": { - "hot": { - "min_age": "0ms", - "actions": { - "rollover": { - "max_primary_shard_size": "50gb", - "max_age": "30d" - } - } - } - }, - "_meta": { - "managed": true, - "description": "default policy for the metrics index template installed by x-pack" + "version": 1, + "modified_date": "2022-01-25T18:01:48.410Z", + "policy": { + "phases": { + "hot": { + "min_age": "0ms", + "actions": { + "rollover": { + "max_primary_shard_size": "50gb", + "max_age": "30d" + } } + } }, - "in_use_by": { - "indices": [ - ".ds-metrics-system.socket_summary-default-2022.01.25-000001", - ".ds-metrics-system.cpu-default-2022.01.25-000001", - ".ds-metrics-elastic_agent.metricbeat-default-2022.01.25-000001", - ".ds-metrics-system.uptime-default-2022.01.25-000001", - ".ds-metrics-system.process-default-2022.01.25-000001", - ".ds-metrics-system.memory-default-2022.01.25-000001", - ".ds-metrics-system.diskio-default-2022.01.25-000001", - ".ds-metrics-elastic_agent.fleet_server-default-2022.01.25-000001", - ".ds-metrics-elastic_agent.filebeat-default-2022.01.25-000001", - ".ds-metrics-system.load-default-2022.01.25-000001", - ".ds-metrics-system.process.summary-default-2022.01.25-000001", - ".ds-metrics-elastic_agent.elastic_agent-default-2022.01.25-000001", - ".ds-metrics-system.filesystem-default-2022.01.25-000001", - ".ds-metrics-system.network-default-2022.01.25-000001", - ".ds-metrics-system.fsstat-default-2022.01.25-000001" - ], - "data_streams": [ - "metrics-system.filesystem-default", - "metrics-system.cpu-default", - "metrics-system.process.summary-default", - "metrics-system.memory-default", - "metrics-elastic_agent.fleet_server-default", - "metrics-system.uptime-default", - "metrics-elastic_agent.elastic_agent-default", - "metrics-elastic_agent.metricbeat-default", - "metrics-system.fsstat-default", - "metrics-system.process-default", - "metrics-elastic_agent.filebeat-default", - "metrics-system.network-default", - "metrics-system.diskio-default", - "metrics-system.load-default", - "metrics-system.socket_summary-default" - ], - "composable_templates": [ - "metrics-system.process", - "metrics-elastic_agent.packetbeat", - "metrics-system.fsstat", - "metrics-elastic_agent.osquerybeat", - "metrics-elastic_agent.endpoint_security", - "metrics-elastic_agent.apm_server", - "metrics-system.memory", - "metrics-system.socket_summary", - "metrics-apache.status", - "metrics-elastic_agent.elastic_agent", - "metrics-elastic_agent.fleet_server", - "metrics-system.load", - "metrics-system.core", - "metrics-elastic_agent.filebeat", - "metrics-system.uptime", - "metrics-system.process.summary", - "metrics-system.cpu", - "metrics-elastic_agent.heartbeat", - "metrics-system.diskio", - "metrics-elastic_agent.metricbeat", - "metrics-elastic_agent.auditbeat", - "metrics-system.network", - "metrics-system.filesystem", - "metrics" - ] + "_meta": { + "managed": true, + "description": "default policy for the metrics index template installed by x-pack" } + }, + "in_use_by": { + "indices": [ + ".ds-metrics-system.socket_summary-default-2022.01.25-000001", + ".ds-metrics-system.cpu-default-2022.01.25-000001", + ".ds-metrics-elastic_agent.metricbeat-default-2022.01.25-000001", + ".ds-metrics-system.uptime-default-2022.01.25-000001", + ".ds-metrics-system.process-default-2022.01.25-000001", + ".ds-metrics-system.memory-default-2022.01.25-000001", + ".ds-metrics-system.diskio-default-2022.01.25-000001", + ".ds-metrics-elastic_agent.fleet_server-default-2022.01.25-000001", + ".ds-metrics-elastic_agent.filebeat-default-2022.01.25-000001", + ".ds-metrics-system.load-default-2022.01.25-000001", + ".ds-metrics-system.process.summary-default-2022.01.25-000001", + ".ds-metrics-elastic_agent.elastic_agent-default-2022.01.25-000001", + ".ds-metrics-system.filesystem-default-2022.01.25-000001", + ".ds-metrics-system.network-default-2022.01.25-000001", + ".ds-metrics-system.fsstat-default-2022.01.25-000001" + ], + "data_streams": [ + "metrics-system.filesystem-default", + "metrics-system.cpu-default", + "metrics-system.process.summary-default", + "metrics-system.memory-default", + "metrics-elastic_agent.fleet_server-default", + "metrics-system.uptime-default", + "metrics-elastic_agent.elastic_agent-default", + "metrics-elastic_agent.metricbeat-default", + "metrics-system.fsstat-default", + "metrics-system.process-default", + "metrics-elastic_agent.filebeat-default", + "metrics-system.network-default", + "metrics-system.diskio-default", + "metrics-system.load-default", + "metrics-system.socket_summary-default" + ], + "composable_templates": [ + "metrics-system.process", + "metrics-elastic_agent.packetbeat", + "metrics-system.fsstat", + "metrics-elastic_agent.osquerybeat", + "metrics-elastic_agent.endpoint_security", + "metrics-elastic_agent.apm_server", + "metrics-system.memory", + "metrics-system.socket_summary", + "metrics-apache.status", + "metrics-elastic_agent.elastic_agent", + "metrics-elastic_agent.fleet_server", + "metrics-system.load", + "metrics-system.core", + "metrics-elastic_agent.filebeat", + "metrics-system.uptime", + "metrics-system.process.summary", + "metrics-system.cpu", + "metrics-elastic_agent.heartbeat", + "metrics-system.diskio", + "metrics-elastic_agent.metricbeat", + "metrics-elastic_agent.auditbeat", + "metrics-system.network", + "metrics-system.filesystem", + "metrics" + ] + } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/logs-apache.access.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/logs-apache.access.json index 29ac4b907..476280409 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/logs-apache.access.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/logs-apache.access.json @@ -1,535 +1,535 @@ { - "name": "logs-apache.access", - "index_template": { - "index_patterns": [ - "logs-apache.access-*" + "name": "logs-apache.access", + "index_template": { + "index_patterns": [ + "logs-apache.access-*" + ], + "template": { + "settings": { + "index": { + "default_pipeline": "logs-apache.access-1.3.4" + } + }, + "mappings": { + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "ingest-manager", + "managed": true + }, + "dynamic_templates": [ + { + "strings_as_keyword": { + "mapping": { + "ignore_above": 1024, + "type": "keyword" + }, + "match_mapping_type": "string" + } + } ], - "template": { - "settings": { - "index": { - "default_pipeline": "logs-apache.access-1.3.4" + "date_detection": false, + "properties": { + "container": { + "properties": { + "image": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "labels": { + "type": "object" + } + } + }, + "process": { + "properties": { + "pid": { + "type": "long" + }, + "thread": { + "properties": { + "id": { + "type": "long" + } } - }, - "mappings": { - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "ingest-manager", - "managed": true - }, - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } + } + } + }, + "log": { + "properties": { + "file": { + "properties": { + "path": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "offset": { + "type": "long" + }, + "level": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "destination": { + "properties": { + "domain": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "source": { + "properties": { + "geo": { + "properties": { + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "as": { + "properties": { + "number": { + "type": "long" + }, + "organization": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } } - ], - "date_detection": false, + } + } + }, + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + } + } + }, + "error": { + "properties": { + "message": { + "type": "match_only_text" + } + } + }, + "message": { + "type": "match_only_text" + }, + "url": { + "properties": { + "path": { + "type": "wildcard" + }, + "extension": { + "ignore_above": 1024, + "type": "keyword" + }, + "original": { + "type": "wildcard" + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "query": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "tags": { + "ignore_above": 1024, + "type": "keyword" + }, + "cloud": { + "properties": { + "availability_zone": { + "ignore_above": 1024, + "type": "keyword" + }, + "image": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "instance": { "properties": { - "container": { - "properties": { - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "labels": { - "type": "object" - } - } - }, - "process": { - "properties": { - "pid": { - "type": "long" - }, - "thread": { - "properties": { - "id": { - "type": "long" - } - } - } - } - }, - "log": { - "properties": { - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "offset": { - "type": "long" - }, - "level": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "destination": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "source": { - "properties": { - "geo": { - "properties": { - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - } - } - }, - "error": { - "properties": { - "message": { - "type": "match_only_text" - } - } - }, - "message": { - "type": "match_only_text" - }, - "url": { - "properties": { - "path": { - "type": "wildcard" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "type": "wildcard" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "tags": { + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "provider": { + "ignore_above": 1024, + "type": "keyword" + }, + "machine": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "project": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "region": { + "ignore_above": 1024, + "type": "keyword" + }, + "account": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "input": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "@timestamp": { + "type": "date" + }, + "file": { + "properties": { + "path": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "apache": { + "properties": { + "access": { + "properties": { + "ssl": { + "properties": { + "cipher": { "ignore_above": 1024, "type": "keyword" - }, - "cloud": { - "properties": { - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "instance": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - }, - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "input": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "@timestamp": { - "type": "date" - }, - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "apache": { - "properties": { - "access": { - "properties": { - "ssl": { - "properties": { - "cipher": { - "ignore_above": 1024, - "type": "keyword" - }, - "protocol": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } - }, - "host": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "text" - } - } - }, - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "containerized": { - "type": "boolean" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "architecture": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "http": { - "properties": { - "request": { - "properties": { - "referrer": { - "ignore_above": 1024, - "type": "keyword" - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "response": { - "properties": { - "status_code": { - "type": "long" - }, - "body": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "tls": { - "properties": { - "cipher": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "version_protocol": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event": { - "properties": { - "created": { - "type": "date" - }, - "kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "module": { - "type": "constant_keyword", - "value": "apache" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "dataset": { - "type": "constant_keyword", - "value": "apache.access" - }, - "outcome": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user_agent": { - "properties": { - "original": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "device": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } + }, + "protocol": { + "ignore_above": 1024, + "type": "keyword" + } } + } } + } } - }, - "composed_of": [ - "logs-apache.access@settings", - "logs-apache.access@custom", - ".fleet_component_template-1" - ], - "priority": 200, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "ingest-manager", - "managed": true - }, - "data_stream": { - "hidden": false + }, + "ecs": { + "properties": { + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "data_stream": { + "properties": { + "namespace": { + "type": "constant_keyword" + }, + "type": { + "type": "constant_keyword" + }, + "dataset": { + "type": "constant_keyword" + } + } + }, + "host": { + "properties": { + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "build": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "codename": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "text": { + "type": "text" + } + } + }, + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + }, + "containerized": { + "type": "boolean" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "architecture": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "http": { + "properties": { + "request": { + "properties": { + "referrer": { + "ignore_above": 1024, + "type": "keyword" + }, + "method": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "response": { + "properties": { + "status_code": { + "type": "long" + }, + "body": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "tls": { + "properties": { + "cipher": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + }, + "version_protocol": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "event": { + "properties": { + "created": { + "type": "date" + }, + "kind": { + "ignore_above": 1024, + "type": "keyword" + }, + "module": { + "type": "constant_keyword", + "value": "apache" + }, + "category": { + "ignore_above": 1024, + "type": "keyword" + }, + "dataset": { + "type": "constant_keyword", + "value": "apache.access" + }, + "outcome": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "user": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "user_agent": { + "properties": { + "original": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + }, + "full": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "device": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + } } + } + }, + "composed_of": [ + "logs-apache.access@settings", + "logs-apache.access@custom", + ".fleet_component_template-1" + ], + "priority": 200, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "ingest-manager", + "managed": true + }, + "data_stream": { + "hidden": false } + } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/logs-apache.error.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/logs-apache.error.json index 5c1e14319..779b5d8ee 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/logs-apache.error.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/logs-apache.error.json @@ -1,491 +1,491 @@ { - "name": "logs-apache.error", - "index_template": { - "index_patterns": [ - "logs-apache.error-*" + "name": "logs-apache.error", + "index_template": { + "index_patterns": [ + "logs-apache.error-*" + ], + "template": { + "settings": { + "index": { + "default_pipeline": "logs-apache.error-1.3.4" + } + }, + "mappings": { + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "ingest-manager", + "managed": true + }, + "dynamic_templates": [ + { + "strings_as_keyword": { + "mapping": { + "ignore_above": 1024, + "type": "keyword" + }, + "match_mapping_type": "string" + } + } ], - "template": { - "settings": { - "index": { - "default_pipeline": "logs-apache.error-1.3.4" + "date_detection": false, + "properties": { + "container": { + "properties": { + "image": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } } - }, - "mappings": { - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "ingest-manager", - "managed": true - }, - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false, + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "labels": { + "type": "object" + } + } + }, + "process": { + "properties": { + "pid": { + "type": "long" + }, + "thread": { + "properties": { + "id": { + "type": "long" + } + } + } + } + }, + "log": { + "properties": { + "file": { + "properties": { + "path": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "offset": { + "type": "long" + }, + "level": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "source": { + "properties": { + "geo": { + "properties": { + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "as": { "properties": { - "container": { - "properties": { - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "labels": { - "type": "object" - } - } - }, - "process": { - "properties": { - "pid": { - "type": "long" - }, - "thread": { - "properties": { - "id": { - "type": "long" - } - } - } - } - }, - "log": { - "properties": { - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "offset": { - "type": "long" - }, - "level": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "source": { - "properties": { - "geo": { - "properties": { - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "port": { - "type": "long" - }, - "ip": { - "type": "ip" - } - } - }, - "error": { - "properties": { - "message": { - "type": "match_only_text" - } - } - }, - "message": { - "type": "match_only_text" - }, - "url": { - "properties": { - "path": { - "type": "wildcard" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "type": "wildcard" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "tags": { + "number": { + "type": "long" + }, + "organization": { + "properties": { + "name": { "ignore_above": 1024, "type": "keyword" - }, - "cloud": { - "properties": { - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "instance": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - }, - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "input": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "@timestamp": { - "type": "date" - }, - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "apache": { - "properties": { - "error": { - "properties": { - "module": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } - }, - "host": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "text" - } - } - }, - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "containerized": { - "type": "boolean" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "architecture": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "http": { - "properties": { - "request": { - "properties": { - "referrer": { - "ignore_above": 1024, - "type": "keyword" - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "response": { - "properties": { - "status_code": { - "type": "long" - }, - "body": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event": { - "properties": { - "kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - }, - "module": { - "type": "constant_keyword", - "value": "apache" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "dataset": { - "type": "constant_keyword", - "value": "apache.error" - } - } - }, - "user": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user_agent": { - "properties": { - "original": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "device": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } + } } + } } + }, + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "port": { + "type": "long" + }, + "ip": { + "type": "ip" + } } - }, - "composed_of": [ - "logs-apache.error@settings", - "logs-apache.error@custom", - ".fleet_component_template-1" - ], - "priority": 200, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "ingest-manager", - "managed": true - }, - "data_stream": { - "hidden": false + }, + "error": { + "properties": { + "message": { + "type": "match_only_text" + } + } + }, + "message": { + "type": "match_only_text" + }, + "url": { + "properties": { + "path": { + "type": "wildcard" + }, + "extension": { + "ignore_above": 1024, + "type": "keyword" + }, + "original": { + "type": "wildcard" + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "query": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "tags": { + "ignore_above": 1024, + "type": "keyword" + }, + "cloud": { + "properties": { + "availability_zone": { + "ignore_above": 1024, + "type": "keyword" + }, + "image": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "instance": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "provider": { + "ignore_above": 1024, + "type": "keyword" + }, + "machine": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "project": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "region": { + "ignore_above": 1024, + "type": "keyword" + }, + "account": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "input": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "@timestamp": { + "type": "date" + }, + "file": { + "properties": { + "path": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "apache": { + "properties": { + "error": { + "properties": { + "module": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "ecs": { + "properties": { + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "data_stream": { + "properties": { + "namespace": { + "type": "constant_keyword" + }, + "type": { + "type": "constant_keyword" + }, + "dataset": { + "type": "constant_keyword" + } + } + }, + "host": { + "properties": { + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "build": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "codename": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "text": { + "type": "text" + } + } + }, + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + }, + "containerized": { + "type": "boolean" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "architecture": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "http": { + "properties": { + "request": { + "properties": { + "referrer": { + "ignore_above": 1024, + "type": "keyword" + }, + "method": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "response": { + "properties": { + "status_code": { + "type": "long" + }, + "body": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "event": { + "properties": { + "kind": { + "ignore_above": 1024, + "type": "keyword" + }, + "timezone": { + "ignore_above": 1024, + "type": "keyword" + }, + "module": { + "type": "constant_keyword", + "value": "apache" + }, + "category": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "dataset": { + "type": "constant_keyword", + "value": "apache.error" + } + } + }, + "user": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "user_agent": { + "properties": { + "original": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "device": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + } } + } + }, + "composed_of": [ + "logs-apache.error@settings", + "logs-apache.error@custom", + ".fleet_component_template-1" + ], + "priority": 200, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "ingest-manager", + "managed": true + }, + "data_stream": { + "hidden": false } + } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/metrics-apache.status.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/metrics-apache.status.json index 6aefaa654..6ee90f181 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/metrics-apache.status.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/index_templates/metrics-apache.status.json @@ -1,509 +1,509 @@ { - "name": "metrics-apache.status", - "index_template": { - "index_patterns": [ - "metrics-apache.status-*" + "name": "metrics-apache.status", + "index_template": { + "index_patterns": [ + "metrics-apache.status-*" + ], + "template": { + "settings": {}, + "mappings": { + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "ingest-manager", + "managed": true + }, + "dynamic_templates": [ + { + "strings_as_keyword": { + "mapping": { + "ignore_above": 1024, + "type": "keyword" + }, + "match_mapping_type": "string" + } + } ], - "template": { - "settings": {}, - "mappings": { - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "ingest-manager", - "managed": true - }, - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false, + "date_detection": false, + "properties": { + "cloud": { + "properties": { + "availability_zone": { + "ignore_above": 1024, + "type": "keyword" + }, + "image": { "properties": { - "cloud": { - "properties": { - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "instance": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - }, - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "container": { - "properties": { - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "labels": { - "type": "object" - } - } - }, - "@timestamp": { - "type": "date" - }, - "apache": { - "properties": { - "status": { - "properties": { - "bytes_per_request": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "load": { - "properties": { - "1": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "15": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "5": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "bytes_per_sec": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "total_bytes": { - "meta": { - "unit": "byte", - "metric_type": "counter" - }, - "type": "long" - }, - "cpu": { - "properties": { - "system": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "load": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "children_system": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "children_user": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "user": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "total_accesses": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - }, - "scoreboard": { - "properties": { - "total": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "keepalive": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "idle_cleanup": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "waiting_for_connection": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "logging": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "gracefully_finishing": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "open_slot": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "dns_lookup": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "sending_reply": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "closing_connection": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "starting_up": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "reading_request": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - } - } - }, - "workers": { - "properties": { - "idle": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "busy": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - } - } - }, - "connections": { - "properties": { - "async": { - "properties": { - "closing": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "writing": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "keep_alive": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - } - } - }, - "total": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - } - } - }, - "requests_per_sec": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "uptime": { - "properties": { - "server_uptime": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - }, - "uptime": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - } - } - } - } - } - } + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "instance": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "provider": { + "ignore_above": 1024, + "type": "keyword" + }, + "machine": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "project": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "region": { + "ignore_above": 1024, + "type": "keyword" + }, + "account": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "container": { + "properties": { + "image": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "labels": { + "type": "object" + } + } + }, + "@timestamp": { + "type": "date" + }, + "apache": { + "properties": { + "status": { + "properties": { + "bytes_per_request": { + "meta": { + "metric_type": "gauge" }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } + "scaling_factor": 1000, + "type": "scaled_float" + }, + "load": { + "properties": { + "1": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "15": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "5": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + } + } + }, + "bytes_per_sec": { + "meta": { + "metric_type": "gauge" }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } + "scaling_factor": 1000, + "type": "scaled_float" + }, + "total_bytes": { + "meta": { + "unit": "byte", + "metric_type": "counter" }, - "service": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } + "type": "long" + }, + "cpu": { + "properties": { + "system": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "load": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "children_system": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "children_user": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "user": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + } + } + }, + "total_accesses": { + "meta": { + "metric_type": "counter" }, - "host": { + "type": "long" + }, + "scoreboard": { + "properties": { + "total": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "keepalive": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "idle_cleanup": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "waiting_for_connection": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "logging": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "gracefully_finishing": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "open_slot": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "dns_lookup": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "sending_reply": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "closing_connection": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "starting_up": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "reading_request": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + } + } + }, + "workers": { + "properties": { + "idle": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "busy": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + } + } + }, + "connections": { + "properties": { + "async": { "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "text" - } - } - }, - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" + "closing": { + "meta": { + "metric_type": "gauge" }, - "ip": { - "type": "ip" + "type": "long" + }, + "writing": { + "meta": { + "metric_type": "gauge" }, - "containerized": { - "type": "boolean" + "type": "long" + }, + "keep_alive": { + "meta": { + "metric_type": "gauge" }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "architecture": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event": { - "properties": { - "module": { - "type": "constant_keyword", - "value": "apache" - }, - "dataset": { - "type": "constant_keyword", - "value": "apache.status" - } + "type": "long" + } } + }, + "total": { + "meta": { + "metric_type": "counter" + }, + "type": "long" + } + } + }, + "requests_per_sec": { + "meta": { + "metric_type": "gauge" }, - "error": { - "properties": { - "message": { - "type": "match_only_text" - } - } + "scaling_factor": 1000, + "type": "scaled_float" + }, + "uptime": { + "properties": { + "server_uptime": { + "meta": { + "metric_type": "counter" + }, + "type": "long" + }, + "uptime": { + "meta": { + "metric_type": "counter" + }, + "type": "long" + } } + } } + } } - }, - "composed_of": [ - "metrics-apache.status@settings", - "metrics-apache.status@custom", - ".fleet_component_template-1" - ], - "priority": 200, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "ingest-manager", - "managed": true - }, - "data_stream": { - "hidden": false + }, + "ecs": { + "properties": { + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "data_stream": { + "properties": { + "namespace": { + "type": "constant_keyword" + }, + "type": { + "type": "constant_keyword" + }, + "dataset": { + "type": "constant_keyword" + } + } + }, + "service": { + "properties": { + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "host": { + "properties": { + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "build": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "codename": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "text": { + "type": "text" + } + } + }, + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + }, + "containerized": { + "type": "boolean" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "architecture": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "event": { + "properties": { + "module": { + "type": "constant_keyword", + "value": "apache" + }, + "dataset": { + "type": "constant_keyword", + "value": "apache.status" + } + } + }, + "error": { + "properties": { + "message": { + "type": "match_only_text" + } + } + } } + } + }, + "composed_of": [ + "metrics-apache.status@settings", + "metrics-apache.status@custom", + ".fleet_component_template-1" + ], + "priority": 200, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "ingest-manager", + "managed": true + }, + "data_stream": { + "hidden": false } + } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/.fleet_final_pipeline-1.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/.fleet_final_pipeline-1.json index 73d074234..4fe60d4b4 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/.fleet_final_pipeline-1.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/.fleet_final_pipeline-1.json @@ -1,88 +1,88 @@ { - "version": 1, - "description": "Final pipeline for processing all incoming Fleet Agent documents.\n", - "processors": [ - { - "set": { - "description": "Add time when event was ingested.", - "field": "event.ingested", - "copy_from": "_ingest.timestamp" - } - }, - { - "script": { - "description": "Remove sub-seconds from event.ingested to improve storage efficiency.", - "tag": "truncate-subseconds-event-ingested", - "source": "ctx.event.ingested = ctx.event.ingested.withNano(0).format(DateTimeFormatter.ISO_OFFSET_DATE_TIME);", - "ignore_failure": true - } - }, - { - "remove": { - "description": "Remove any pre-existing untrusted values.", - "field": [ - "event.agent_id_status", - "_security" - ], - "ignore_missing": true - } - }, - { - "set_security_user": { - "field": "_security", - "properties": [ - "authentication_type", - "username", - "realm", - "api_key" - ] - } - }, - { - "script": { - "description": "Add event.agent_id_status based on the API key metadata and the agent.id contained in the event.\n", - "tag": "agent-id-status", - "source": "boolean is_user_trusted(def ctx, def users) {\n if (ctx?._security?.username == null) {\n return false;\n }\n\n def user = null;\n for (def item : users) {\n if (item?.username == ctx._security.username) {\n user = item;\n break;\n }\n }\n\n if (user == null || user?.realm == null || ctx?._security?.realm?.name == null) {\n return false;\n }\n\n if (ctx._security.realm.name != user.realm) {\n return false;\n }\n\n return true;\n}\n\nString verified(def ctx, def params) {\n // No agent.id field to validate.\n if (ctx?.agent?.id == null) {\n return \"missing\";\n }\n\n // Check auth metadata from API key.\n if (ctx?._security?.authentication_type == null\n // Agents only use API keys.\n || ctx._security.authentication_type != 'API_KEY'\n // Verify the API key owner before trusting any metadata it contains.\n || !is_user_trusted(ctx, params.trusted_users)\n // Verify the API key has metadata indicating the assigned agent ID.\n || ctx?._security?.api_key?.metadata?.agent_id == null) {\n return \"auth_metadata_missing\";\n }\n\n // The API key can only be used represent the agent.id it was issued to.\n if (ctx._security.api_key.metadata.agent_id != ctx.agent.id) {\n // Potential masquerade attempt.\n return \"mismatch\";\n }\n\n return \"verified\";\n}\n\nif (ctx?.event == null) {\n ctx.event = [:];\n}\n\nctx.event.agent_id_status = verified(ctx, params);", - "params": { - "trusted_users": [ - { - "username": "elastic/fleet-server", - "realm": "_service_account" - }, - { - "username": "cloud-internal-agent-server", - "realm": "found" - }, - { - "username": "elastic", - "realm": "reserved" - } - ] - } - } - }, - { - "remove": { - "field": "_security", - "ignore_missing": true - } - } - ], - "on_failure": [ - { - "remove": { - "field": "_security", - "ignore_missing": true, - "ignore_failure": true - } - }, - { - "append": { - "field": "error.message", - "value": [ - "failed in Fleet agent final_pipeline: {{ _ingest.on_failure_message }}" - ] + "version": 1, + "description": "Final pipeline for processing all incoming Fleet Agent documents.\n", + "processors": [ + { + "set": { + "description": "Add time when event was ingested.", + "field": "event.ingested", + "copy_from": "_ingest.timestamp" + } + }, + { + "script": { + "description": "Remove sub-seconds from event.ingested to improve storage efficiency.", + "tag": "truncate-subseconds-event-ingested", + "source": "ctx.event.ingested = ctx.event.ingested.withNano(0).format(DateTimeFormatter.ISO_OFFSET_DATE_TIME);", + "ignore_failure": true + } + }, + { + "remove": { + "description": "Remove any pre-existing untrusted values.", + "field": [ + "event.agent_id_status", + "_security" + ], + "ignore_missing": true + } + }, + { + "set_security_user": { + "field": "_security", + "properties": [ + "authentication_type", + "username", + "realm", + "api_key" + ] + } + }, + { + "script": { + "description": "Add event.agent_id_status based on the API key metadata and the agent.id contained in the event.\n", + "tag": "agent-id-status", + "source": "boolean is_user_trusted(def ctx, def users) {\n if (ctx?._security?.username == null) {\n return false;\n }\n\n def user = null;\n for (def item : users) {\n if (item?.username == ctx._security.username) {\n user = item;\n break;\n }\n }\n\n if (user == null || user?.realm == null || ctx?._security?.realm?.name == null) {\n return false;\n }\n\n if (ctx._security.realm.name != user.realm) {\n return false;\n }\n\n return true;\n}\n\nString verified(def ctx, def params) {\n // No agent.id field to validate.\n if (ctx?.agent?.id == null) {\n return \"missing\";\n }\n\n // Check auth metadata from API key.\n if (ctx?._security?.authentication_type == null\n // Agents only use API keys.\n || ctx._security.authentication_type != 'API_KEY'\n // Verify the API key owner before trusting any metadata it contains.\n || !is_user_trusted(ctx, params.trusted_users)\n // Verify the API key has metadata indicating the assigned agent ID.\n || ctx?._security?.api_key?.metadata?.agent_id == null) {\n return \"auth_metadata_missing\";\n }\n\n // The API key can only be used represent the agent.id it was issued to.\n if (ctx._security.api_key.metadata.agent_id != ctx.agent.id) {\n // Potential masquerade attempt.\n return \"mismatch\";\n }\n\n return \"verified\";\n}\n\nif (ctx?.event == null) {\n ctx.event = [:];\n}\n\nctx.event.agent_id_status = verified(ctx, params);", + "params": { + "trusted_users": [ + { + "username": "elastic/fleet-server", + "realm": "_service_account" + }, + { + "username": "cloud-internal-agent-server", + "realm": "found" + }, + { + "username": "elastic", + "realm": "reserved" } + ] } - ] + } + }, + { + "remove": { + "field": "_security", + "ignore_missing": true + } + } + ], + "on_failure": [ + { + "remove": { + "field": "_security", + "ignore_missing": true, + "ignore_failure": true + } + }, + { + "append": { + "field": "error.message", + "value": [ + "failed in Fleet agent final_pipeline: {{ _ingest.on_failure_message }}" + ] + } + } + ] } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.4-third-party.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.4-third-party.json index 09cc15794..4f71b9360 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.4-third-party.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.4-third-party.json @@ -1,67 +1,67 @@ { - "description": "Pipeline for parsing Apache HTTP Server logs from third party api", - "processors": [ - { - "json": { - "field": "message", - "target_field": "json" - } - }, - { - "drop": { - "if": "ctx.json?.result == null" - } - }, - { - "fingerprint": { - "fields": [ - "json.result._cd", - "json.result._indextime", - "json.result._raw", - "json.result._time", - "json.result.host", - "json.result.source" - ], - "target_field": "_id", - "ignore_missing": true - } - }, - { - "set": { - "copy_from": "json.result._raw", - "field": "message", - "ignore_empty_value": true - } - }, - { - "set": { - "copy_from": "json.result.host", - "field": "host.name", - "ignore_empty_value": true - } - }, - { - "set": { - "copy_from": "json.result.source", - "field": "file.path", - "ignore_empty_value": true - } - }, - { - "remove": { - "field": [ - "json" - ], - "ignore_missing": true - } - } - ], - "on_failure": [ - { - "append": { - "field": "error.message", - "value": "error in third-party pipeline: error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}} with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}} {{ _ingest.on_failure_message }}" - } - } - ] + "description": "Pipeline for parsing Apache HTTP Server logs from third party api", + "processors": [ + { + "json": { + "field": "message", + "target_field": "json" + } + }, + { + "drop": { + "if": "ctx.json?.result == null" + } + }, + { + "fingerprint": { + "fields": [ + "json.result._cd", + "json.result._indextime", + "json.result._raw", + "json.result._time", + "json.result.host", + "json.result.source" + ], + "target_field": "_id", + "ignore_missing": true + } + }, + { + "set": { + "copy_from": "json.result._raw", + "field": "message", + "ignore_empty_value": true + } + }, + { + "set": { + "copy_from": "json.result.host", + "field": "host.name", + "ignore_empty_value": true + } + }, + { + "set": { + "copy_from": "json.result.source", + "field": "file.path", + "ignore_empty_value": true + } + }, + { + "remove": { + "field": [ + "json" + ], + "ignore_missing": true + } + } + ], + "on_failure": [ + { + "append": { + "field": "error.message", + "value": "error in third-party pipeline: error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}} with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}} {{ _ingest.on_failure_message }}" + } + } + ] } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.4.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.4.json index ca802e200..e2e3a3816 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.4.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.4.json @@ -1,202 +1,202 @@ { - "description": "Pipeline for parsing Apache HTTP Server access logs. Requires the geoip and user_agent plugins.", - "processors": [ - { - "pipeline": { - "if": "ctx.message.startsWith('{')", - "name": "logs-apache.access-1.3.4-third-party" - } - }, - { - "set": { - "field": "event.ingested", - "value": "{{_ingest.timestamp}}" - } - }, - { - "set": { - "field": "ecs.version", - "value": "1.12.0" - } - }, - { - "rename": { - "field": "message", - "target_field": "event.original" - } - }, - { - "grok": { - "field": "event.original", - "patterns": [ - "%{IPORHOST:destination.domain} %{IPORHOST:source.ip} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"(?:%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}|-)?\" %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)( \"%{DATA:http.request.referrer}\")?( \"%{DATA:user_agent.original}\")?", - "%{IPORHOST:source.address} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"(?:%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}|-)?\" %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)( \"%{DATA:http.request.referrer}\")?( \"%{DATA:user_agent.original}\")?", - "%{IPORHOST:source.address} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"-\" %{NUMBER:http.response.status_code:long} -", - "\\[%{HTTPDATE:apache.access.time}\\] %{IPORHOST:source.address} %{DATA:apache.access.ssl.protocol} %{DATA:apache.access.ssl.cipher} \"%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}\" (-|%{NUMBER:http.response.body.bytes:long})" - ], - "ignore_missing": true - } - }, - { - "uri_parts": { - "field": "_tmp.url_orig", - "ignore_failure": true - } - }, - { - "remove": { - "field": [ - "_tmp" - ], - "ignore_missing": true - } - }, - { - "set": { - "field": "url.domain", - "value": "{{destination.domain}}", - "if": "ctx.url?.domain == null \u0026\u0026 ctx.destination?.domain != null" - } - }, - { - "set": { - "field": "event.kind", - "value": "event" - } - }, - { - "set": { - "field": "event.category", - "value": "web" - } - }, - { - "set": { - "field": "event.outcome", - "value": "success", - "if": "ctx?.http?.response?.status_code != null \u0026\u0026 ctx.http.response.status_code \u003c 400" - } - }, - { - "set": { - "field": "event.outcome", - "value": "failure", - "if": "ctx?.http?.response?.status_code != null \u0026\u0026 ctx.http.response.status_code \u003e 399" - } - }, - { - "grok": { - "field": "source.address", - "ignore_missing": true, - "patterns": [ - "^(%{IP:source.ip}|%{HOSTNAME:source.domain})$" - ] - } - }, - { - "remove": { - "field": "event.created", - "ignore_missing": true, - "ignore_failure": true - } - }, - { - "rename": { - "field": "@timestamp", - "target_field": "event.created" - } - }, - { - "date": { - "field": "apache.access.time", - "target_field": "@timestamp", - "formats": [ - "dd/MMM/yyyy:H:m:s Z" - ], - "ignore_failure": true - } - }, - { - "remove": { - "field": "apache.access.time", - "ignore_failure": true - } - }, - { - "user_agent": { - "field": "user_agent.original", - "ignore_failure": true - } - }, - { - "geoip": { - "field": "source.ip", - "target_field": "source.geo", - "ignore_missing": true - } - }, - { - "geoip": { - "database_file": "GeoLite2-ASN.mmdb", - "field": "source.ip", - "target_field": "source.as", - "properties": [ - "asn", - "organization_name" - ], - "ignore_missing": true - } - }, - { - "rename": { - "field": "source.as.asn", - "target_field": "source.as.number", - "ignore_missing": true - } - }, - { - "rename": { - "field": "source.as.organization_name", - "target_field": "source.as.organization.name", - "ignore_missing": true - } - }, - { - "set": { - "field": "tls.cipher", - "value": "{{apache.access.ssl.cipher}}", - "if": "ctx?.apache?.access?.ssl?.cipher != null" - } - }, - { - "script": { - "lang": "painless", - "if": "ctx?.apache?.access?.ssl?.protocol != null", - "source": "def parts = ctx.apache.access.ssl.protocol.toLowerCase().splitOnToken(\"v\"); if (parts.length != 2) {\n return;\n} if (parts[1].contains(\".\")) {\n ctx.tls.version = parts[1];\n} else {\n ctx.tls.version = parts[1] + \".0\";\n} ctx.tls.version_protocol = parts[0];" - } - }, - { - "script": { - "lang": "painless", - "description": "This script processor iterates over the whole document to remove fields with null values.", - "source": "void handleMap(Map map) {\n for (def x : map.values()) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n map.values().removeIf(v -\u003e v == null);\n}\nvoid handleList(List list) {\n for (def x : list) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n}\nhandleMap(ctx);\n" - } - }, - { - "remove": { - "field": "event.original", - "if": "ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))", - "ignore_failure": true, - "ignore_missing": true - } - } - ], - "on_failure": [ - { - "set": { - "field": "error.message", - "value": "{{ _ingest.on_failure_message }}" - } - } - ] + "description": "Pipeline for parsing Apache HTTP Server access logs. Requires the geoip and user_agent plugins.", + "processors": [ + { + "pipeline": { + "if": "ctx.message.startsWith('{')", + "name": "logs-apache.access-1.3.4-third-party" + } + }, + { + "set": { + "field": "event.ingested", + "value": "{{_ingest.timestamp}}" + } + }, + { + "set": { + "field": "ecs.version", + "value": "1.12.0" + } + }, + { + "rename": { + "field": "message", + "target_field": "event.original" + } + }, + { + "grok": { + "field": "event.original", + "patterns": [ + "%{IPORHOST:destination.domain} %{IPORHOST:source.ip} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"(?:%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}|-)?\" %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)( \"%{DATA:http.request.referrer}\")?( \"%{DATA:user_agent.original}\")?", + "%{IPORHOST:source.address} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"(?:%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}|-)?\" %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)( \"%{DATA:http.request.referrer}\")?( \"%{DATA:user_agent.original}\")?", + "%{IPORHOST:source.address} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"-\" %{NUMBER:http.response.status_code:long} -", + "\\[%{HTTPDATE:apache.access.time}\\] %{IPORHOST:source.address} %{DATA:apache.access.ssl.protocol} %{DATA:apache.access.ssl.cipher} \"%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}\" (-|%{NUMBER:http.response.body.bytes:long})" + ], + "ignore_missing": true + } + }, + { + "uri_parts": { + "field": "_tmp.url_orig", + "ignore_failure": true + } + }, + { + "remove": { + "field": [ + "_tmp" + ], + "ignore_missing": true + } + }, + { + "set": { + "field": "url.domain", + "value": "{{destination.domain}}", + "if": "ctx.url?.domain == null && ctx.destination?.domain != null" + } + }, + { + "set": { + "field": "event.kind", + "value": "event" + } + }, + { + "set": { + "field": "event.category", + "value": "web" + } + }, + { + "set": { + "field": "event.outcome", + "value": "success", + "if": "ctx?.http?.response?.status_code != null && ctx.http.response.status_code < 400" + } + }, + { + "set": { + "field": "event.outcome", + "value": "failure", + "if": "ctx?.http?.response?.status_code != null && ctx.http.response.status_code > 399" + } + }, + { + "grok": { + "field": "source.address", + "ignore_missing": true, + "patterns": [ + "^(%{IP:source.ip}|%{HOSTNAME:source.domain})$" + ] + } + }, + { + "remove": { + "field": "event.created", + "ignore_missing": true, + "ignore_failure": true + } + }, + { + "rename": { + "field": "@timestamp", + "target_field": "event.created" + } + }, + { + "date": { + "field": "apache.access.time", + "target_field": "@timestamp", + "formats": [ + "dd/MMM/yyyy:H:m:s Z" + ], + "ignore_failure": true + } + }, + { + "remove": { + "field": "apache.access.time", + "ignore_failure": true + } + }, + { + "user_agent": { + "field": "user_agent.original", + "ignore_failure": true + } + }, + { + "geoip": { + "field": "source.ip", + "target_field": "source.geo", + "ignore_missing": true + } + }, + { + "geoip": { + "database_file": "GeoLite2-ASN.mmdb", + "field": "source.ip", + "target_field": "source.as", + "properties": [ + "asn", + "organization_name" + ], + "ignore_missing": true + } + }, + { + "rename": { + "field": "source.as.asn", + "target_field": "source.as.number", + "ignore_missing": true + } + }, + { + "rename": { + "field": "source.as.organization_name", + "target_field": "source.as.organization.name", + "ignore_missing": true + } + }, + { + "set": { + "field": "tls.cipher", + "value": "{{apache.access.ssl.cipher}}", + "if": "ctx?.apache?.access?.ssl?.cipher != null" + } + }, + { + "script": { + "lang": "painless", + "if": "ctx?.apache?.access?.ssl?.protocol != null", + "source": "def parts = ctx.apache.access.ssl.protocol.toLowerCase().splitOnToken(\"v\"); if (parts.length != 2) {\n return;\n} if (parts[1].contains(\".\")) {\n ctx.tls.version = parts[1];\n} else {\n ctx.tls.version = parts[1] + \".0\";\n} ctx.tls.version_protocol = parts[0];" + } + }, + { + "script": { + "lang": "painless", + "description": "This script processor iterates over the whole document to remove fields with null values.", + "source": "void handleMap(Map map) {\n for (def x : map.values()) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n map.values().removeIf(v -> v == null);\n}\nvoid handleList(List list) {\n for (def x : list) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n}\nhandleMap(ctx);\n" + } + }, + { + "remove": { + "field": "event.original", + "if": "ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))", + "ignore_failure": true, + "ignore_missing": true + } + } + ], + "on_failure": [ + { + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.4-third-party.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.4-third-party.json index 09cc15794..4f71b9360 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.4-third-party.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.4-third-party.json @@ -1,67 +1,67 @@ { - "description": "Pipeline for parsing Apache HTTP Server logs from third party api", - "processors": [ - { - "json": { - "field": "message", - "target_field": "json" - } - }, - { - "drop": { - "if": "ctx.json?.result == null" - } - }, - { - "fingerprint": { - "fields": [ - "json.result._cd", - "json.result._indextime", - "json.result._raw", - "json.result._time", - "json.result.host", - "json.result.source" - ], - "target_field": "_id", - "ignore_missing": true - } - }, - { - "set": { - "copy_from": "json.result._raw", - "field": "message", - "ignore_empty_value": true - } - }, - { - "set": { - "copy_from": "json.result.host", - "field": "host.name", - "ignore_empty_value": true - } - }, - { - "set": { - "copy_from": "json.result.source", - "field": "file.path", - "ignore_empty_value": true - } - }, - { - "remove": { - "field": [ - "json" - ], - "ignore_missing": true - } - } - ], - "on_failure": [ - { - "append": { - "field": "error.message", - "value": "error in third-party pipeline: error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}} with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}} {{ _ingest.on_failure_message }}" - } - } - ] + "description": "Pipeline for parsing Apache HTTP Server logs from third party api", + "processors": [ + { + "json": { + "field": "message", + "target_field": "json" + } + }, + { + "drop": { + "if": "ctx.json?.result == null" + } + }, + { + "fingerprint": { + "fields": [ + "json.result._cd", + "json.result._indextime", + "json.result._raw", + "json.result._time", + "json.result.host", + "json.result.source" + ], + "target_field": "_id", + "ignore_missing": true + } + }, + { + "set": { + "copy_from": "json.result._raw", + "field": "message", + "ignore_empty_value": true + } + }, + { + "set": { + "copy_from": "json.result.host", + "field": "host.name", + "ignore_empty_value": true + } + }, + { + "set": { + "copy_from": "json.result.source", + "field": "file.path", + "ignore_empty_value": true + } + }, + { + "remove": { + "field": [ + "json" + ], + "ignore_missing": true + } + } + ], + "on_failure": [ + { + "append": { + "field": "error.message", + "value": "error in third-party pipeline: error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}} with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}} {{ _ingest.on_failure_message }}" + } + } + ] } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.4.json b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.4.json index 300572b3a..abda1839b 100644 --- a/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.4.json +++ b/internal/dump/testdata/elasticsearch-7-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.4.json @@ -1,190 +1,190 @@ { - "description": "Pipeline for parsing apache error logs", - "processors": [ - { - "pipeline": { - "if": "ctx.message.startsWith('{')", - "name": "logs-apache.error-1.3.4-third-party" - } - }, - { - "set": { - "field": "event.ingested", - "value": "{{_ingest.timestamp}}" - } - }, - { - "set": { - "field": "ecs.version", - "value": "1.12.0" - } - }, - { - "rename": { - "field": "message", - "target_field": "event.original" - } - }, - { - "grok": { - "field": "event.original", - "patterns": [ - "\\[%{APACHE_TIME:apache.error.timestamp}\\] \\[%{LOGLEVEL:log.level}\\]( \\[client %{IPORHOST:source.address}(:%{POSINT:source.port})?\\])? %{GREEDYDATA:message}", - "\\[%{APACHE_TIME:apache.error.timestamp}\\] \\[%{DATA:apache.error.module}:%{APACHE_LOGLEVEL:log.level}\\] \\[pid %{NUMBER:process.pid:long}(:tid %{NUMBER:process.thread.id:long})?\\]( \\[client %{IPORHOST:source.address}(:%{POSINT:source.port})?\\])? %{GREEDYDATA:message}" - ], - "pattern_definitions": { - "APACHE_LOGLEVEL": "%{LOGLEVEL}[0-9]*", - "APACHE_TIME": "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}" - }, - "ignore_missing": true - } - }, - { - "grok": { - "field": "message", - "patterns": [ - "File does not exist: %{URIPATH:file.path}, referer: %{URI:http.request.referrer}", - "File does not exist: %{URIPATH:file.path}" - ], - "ignore_missing": true, - "ignore_failure": true - } - }, - { - "date": { - "if": "ctx.event.timezone == null", - "field": "apache.error.timestamp", - "target_field": "@timestamp", - "formats": [ - "EEE MMM dd H:m:s yyyy", - "EEE MMM dd H:m:s.SSSSSS yyyy" - ], - "on_failure": [ - { - "append": { - "field": "error.message", - "value": "{{ _ingest.on_failure_message }}" - } - } - ] - } - }, - { - "date": { - "if": "ctx.event.timezone != null", - "field": "apache.error.timestamp", - "target_field": "@timestamp", - "formats": [ - "EEE MMM dd H:m:s yyyy", - "EEE MMM dd H:m:s.SSSSSS yyyy" - ], - "timezone": "{{ event.timezone }}", - "on_failure": [ - { - "append": { - "field": "error.message", - "value": "{{ _ingest.on_failure_message }}" - } - } - ] - } - }, - { - "remove": { - "field": "apache.error.timestamp", - "ignore_failure": true - } - }, - { - "set": { - "field": "event.kind", - "value": "event" - } - }, - { - "set": { - "field": "event.category", - "value": "web" - } - }, - { - "script": { - "if": "ctx?.log?.level != null", - "lang": "painless", - "source": "def err_levels = [\"emerg\", \"alert\", \"crit\", \"error\", \"warn\"]; if (err_levels.contains(ctx.log.level)) {\n ctx.event.type = \"error\";\n} else {\n ctx.event.type = \"info\";\n}" - } - }, - { - "grok": { - "field": "source.address", - "ignore_missing": true, - "patterns": [ - "^(%{IP:source.ip}|%{HOSTNAME:source.domain})$" - ] - } - }, - { - "geoip": { - "field": "source.ip", - "target_field": "source.geo", - "ignore_missing": true - } - }, - { - "geoip": { - "database_file": "GeoLite2-ASN.mmdb", - "field": "source.ip", - "target_field": "source.as", - "properties": [ - "asn", - "organization_name" - ], - "ignore_missing": true - } - }, - { - "rename": { - "field": "source.as.asn", - "target_field": "source.as.number", - "ignore_missing": true - } - }, - { - "rename": { - "field": "source.as.organization_name", - "target_field": "source.as.organization.name", - "ignore_missing": true - } - }, - { - "convert": { - "field": "source.port", - "type": "long", - "ignore_missing": true - } - }, - { - "script": { - "lang": "painless", - "description": "This script processor iterates over the whole document to remove fields with null values.", - "source": "void handleMap(Map map) {\n for (def x : map.values()) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n map.values().removeIf(v -\u003e v == null);\n}\nvoid handleList(List list) {\n for (def x : list) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n}\nhandleMap(ctx);\n" - } - }, - { - "remove": { - "field": "event.original", - "if": "ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))", - "ignore_failure": true, - "ignore_missing": true - } - } - ], - "on_failure": [ - { - "set": { - "field": "error.message", - "value": "{{ _ingest.on_failure_message }}" - } - } - ] + "description": "Pipeline for parsing apache error logs", + "processors": [ + { + "pipeline": { + "if": "ctx.message.startsWith('{')", + "name": "logs-apache.error-1.3.4-third-party" + } + }, + { + "set": { + "field": "event.ingested", + "value": "{{_ingest.timestamp}}" + } + }, + { + "set": { + "field": "ecs.version", + "value": "1.12.0" + } + }, + { + "rename": { + "field": "message", + "target_field": "event.original" + } + }, + { + "grok": { + "field": "event.original", + "patterns": [ + "\\[%{APACHE_TIME:apache.error.timestamp}\\] \\[%{LOGLEVEL:log.level}\\]( \\[client %{IPORHOST:source.address}(:%{POSINT:source.port})?\\])? %{GREEDYDATA:message}", + "\\[%{APACHE_TIME:apache.error.timestamp}\\] \\[%{DATA:apache.error.module}:%{APACHE_LOGLEVEL:log.level}\\] \\[pid %{NUMBER:process.pid:long}(:tid %{NUMBER:process.thread.id:long})?\\]( \\[client %{IPORHOST:source.address}(:%{POSINT:source.port})?\\])? %{GREEDYDATA:message}" + ], + "pattern_definitions": { + "APACHE_LOGLEVEL": "%{LOGLEVEL}[0-9]*", + "APACHE_TIME": "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}" + }, + "ignore_missing": true + } + }, + { + "grok": { + "field": "message", + "patterns": [ + "File does not exist: %{URIPATH:file.path}, referer: %{URI:http.request.referrer}", + "File does not exist: %{URIPATH:file.path}" + ], + "ignore_missing": true, + "ignore_failure": true + } + }, + { + "date": { + "if": "ctx.event.timezone == null", + "field": "apache.error.timestamp", + "target_field": "@timestamp", + "formats": [ + "EEE MMM dd H:m:s yyyy", + "EEE MMM dd H:m:s.SSSSSS yyyy" + ], + "on_failure": [ + { + "append": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] + } + }, + { + "date": { + "if": "ctx.event.timezone != null", + "field": "apache.error.timestamp", + "target_field": "@timestamp", + "formats": [ + "EEE MMM dd H:m:s yyyy", + "EEE MMM dd H:m:s.SSSSSS yyyy" + ], + "timezone": "{{ event.timezone }}", + "on_failure": [ + { + "append": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] + } + }, + { + "remove": { + "field": "apache.error.timestamp", + "ignore_failure": true + } + }, + { + "set": { + "field": "event.kind", + "value": "event" + } + }, + { + "set": { + "field": "event.category", + "value": "web" + } + }, + { + "script": { + "if": "ctx?.log?.level != null", + "lang": "painless", + "source": "def err_levels = [\"emerg\", \"alert\", \"crit\", \"error\", \"warn\"]; if (err_levels.contains(ctx.log.level)) {\n ctx.event.type = \"error\";\n} else {\n ctx.event.type = \"info\";\n}" + } + }, + { + "grok": { + "field": "source.address", + "ignore_missing": true, + "patterns": [ + "^(%{IP:source.ip}|%{HOSTNAME:source.domain})$" + ] + } + }, + { + "geoip": { + "field": "source.ip", + "target_field": "source.geo", + "ignore_missing": true + } + }, + { + "geoip": { + "database_file": "GeoLite2-ASN.mmdb", + "field": "source.ip", + "target_field": "source.as", + "properties": [ + "asn", + "organization_name" + ], + "ignore_missing": true + } + }, + { + "rename": { + "field": "source.as.asn", + "target_field": "source.as.number", + "ignore_missing": true + } + }, + { + "rename": { + "field": "source.as.organization_name", + "target_field": "source.as.organization.name", + "ignore_missing": true + } + }, + { + "convert": { + "field": "source.port", + "type": "long", + "ignore_missing": true + } + }, + { + "script": { + "lang": "painless", + "description": "This script processor iterates over the whole document to remove fields with null values.", + "source": "void handleMap(Map map) {\n for (def x : map.values()) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n map.values().removeIf(v -> v == null);\n}\nvoid handleList(List list) {\n for (def x : list) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n}\nhandleMap(ctx);\n" + } + }, + { + "remove": { + "field": "event.original", + "if": "ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))", + "ignore_failure": true, + "ignore_missing": true + } + } + ], + "on_failure": [ + { + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/.fleet_component_template-1.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/.fleet_component_template-1.json index 1ef11224d..d6283b3f2 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/.fleet_component_template-1.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/.fleet_component_template-1.json @@ -1,32 +1,32 @@ { - "name": ".fleet_component_template-1", - "component_template": { - "template": { - "settings": { - "index": { - "final_pipeline": ".fleet_final_pipeline-1" - } - }, - "mappings": { - "properties": { - "event": { - "properties": { - "agent_id_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "ingested": { - "format": "strict_date_time_no_millis||strict_date_optional_time||epoch_millis", - "type": "date" - } - } - } - } + "name": ".fleet_component_template-1", + "component_template": { + "template": { + "settings": { + "index": { + "final_pipeline": ".fleet_final_pipeline-1" + } + }, + "mappings": { + "properties": { + "event": { + "properties": { + "agent_id_status": { + "ignore_above": 1024, + "type": "keyword" + }, + "ingested": { + "format": "strict_date_time_no_millis||strict_date_optional_time||epoch_millis", + "type": "date" + } } - }, - "_meta": { - "managed_by": "fleet", - "managed": true + } } + } + }, + "_meta": { + "managed_by": "fleet", + "managed": true } + } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@custom.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@custom.json index 6059896fe..cc43b5320 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@custom.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@custom.json @@ -1,15 +1,15 @@ { - "name": "logs-apache.access@custom", - "component_template": { - "template": { - "settings": {} - }, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true - } + "name": "logs-apache.access@custom", + "component_template": { + "template": { + "settings": {} + }, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true } + } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@settings.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@settings.json index cd660d6eb..547e96d54 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@settings.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.access@settings.json @@ -1,99 +1,99 @@ { - "name": "logs-apache.access@settings", - "component_template": { - "template": { - "settings": { - "index": { - "lifecycle": { - "name": "logs" - }, - "codec": "best_compression", - "mapping": { - "total_fields": { - "limit": "10000" - } - }, - "query": { - "default_field": [ - "cloud.account.id", - "cloud.availability_zone", - "cloud.instance.id", - "cloud.instance.name", - "cloud.machine.type", - "cloud.provider", - "cloud.region", - "cloud.project.id", - "cloud.image.id", - "container.id", - "container.image.name", - "container.name", - "host.architecture", - "host.domain", - "host.hostname", - "host.id", - "host.mac", - "host.name", - "host.os.family", - "host.os.kernel", - "host.os.name", - "host.os.platform", - "host.os.version", - "host.type", - "host.os.build", - "host.os.codename", - "input.type", - "destination.domain", - "ecs.version", - "event.category", - "event.kind", - "event.outcome", - "file.path", - "http.request.method", - "http.request.referrer", - "http.version", - "log.file.path", - "log.level", - "source.address", - "source.as.organization.name", - "source.domain", - "source.geo.city_name", - "source.geo.continent_name", - "source.geo.country_iso_code", - "source.geo.country_name", - "source.geo.region_iso_code", - "source.geo.region_name", - "tags", - "tls.cipher", - "tls.version", - "tls.version_protocol", - "url.domain", - "url.extension", - "url.query", - "user.name", - "user_agent.device.name", - "user_agent.device.name", - "user_agent.name", - "user_agent.name", - "user_agent.original", - "user_agent.original", - "user_agent.os.full", - "user_agent.os.name", - "user_agent.os.name", - "user_agent.os.version", - "user_agent.version", - "apache.access.ssl.protocol", - "apache.access.ssl.cipher" - ] - } - } + "name": "logs-apache.access@settings", + "component_template": { + "template": { + "settings": { + "index": { + "lifecycle": { + "name": "logs" + }, + "codec": "best_compression", + "mapping": { + "total_fields": { + "limit": "10000" } - }, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true + }, + "query": { + "default_field": [ + "cloud.account.id", + "cloud.availability_zone", + "cloud.instance.id", + "cloud.instance.name", + "cloud.machine.type", + "cloud.provider", + "cloud.region", + "cloud.project.id", + "cloud.image.id", + "container.id", + "container.image.name", + "container.name", + "host.architecture", + "host.domain", + "host.hostname", + "host.id", + "host.mac", + "host.name", + "host.os.family", + "host.os.kernel", + "host.os.name", + "host.os.platform", + "host.os.version", + "host.type", + "host.os.build", + "host.os.codename", + "input.type", + "destination.domain", + "ecs.version", + "event.category", + "event.kind", + "event.outcome", + "file.path", + "http.request.method", + "http.request.referrer", + "http.version", + "log.file.path", + "log.level", + "source.address", + "source.as.organization.name", + "source.domain", + "source.geo.city_name", + "source.geo.continent_name", + "source.geo.country_iso_code", + "source.geo.country_name", + "source.geo.region_iso_code", + "source.geo.region_name", + "tags", + "tls.cipher", + "tls.version", + "tls.version_protocol", + "url.domain", + "url.extension", + "url.query", + "user.name", + "user_agent.device.name", + "user_agent.device.name", + "user_agent.name", + "user_agent.name", + "user_agent.original", + "user_agent.original", + "user_agent.os.full", + "user_agent.os.name", + "user_agent.os.name", + "user_agent.os.version", + "user_agent.version", + "apache.access.ssl.protocol", + "apache.access.ssl.cipher" + ] + } } + } + }, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true } + } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@custom.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@custom.json index 044d8ed10..7297f02da 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@custom.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@custom.json @@ -1,15 +1,15 @@ { - "name": "logs-apache.error@custom", - "component_template": { - "template": { - "settings": {} - }, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true - } + "name": "logs-apache.error@custom", + "component_template": { + "template": { + "settings": {} + }, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true } + } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@settings.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@settings.json index a0863edaf..fcfcfd233 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@settings.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/logs-apache.error@settings.json @@ -1,88 +1,88 @@ { - "name": "logs-apache.error@settings", - "component_template": { - "template": { - "settings": { - "index": { - "lifecycle": { - "name": "logs" - }, - "codec": "best_compression", - "mapping": { - "total_fields": { - "limit": "10000" - } - }, - "query": { - "default_field": [ - "cloud.account.id", - "cloud.availability_zone", - "cloud.instance.id", - "cloud.instance.name", - "cloud.machine.type", - "cloud.provider", - "cloud.region", - "cloud.project.id", - "cloud.image.id", - "container.id", - "container.image.name", - "container.name", - "host.architecture", - "host.domain", - "host.hostname", - "host.id", - "host.mac", - "host.name", - "host.os.family", - "host.os.kernel", - "host.os.name", - "host.os.platform", - "host.os.version", - "host.type", - "host.os.build", - "host.os.codename", - "input.type", - "tags", - "ecs.version", - "event.category", - "event.kind", - "event.timezone", - "event.type", - "file.path", - "http.request.method", - "http.request.referrer", - "http.version", - "log.file.path", - "log.level", - "source.address", - "source.as.organization.name", - "source.geo.city_name", - "source.geo.continent_name", - "source.geo.country_iso_code", - "source.geo.country_name", - "source.geo.region_iso_code", - "source.geo.region_name", - "tags", - "url.domain", - "url.extension", - "url.query", - "user.name", - "user_agent.device.name", - "user_agent.name", - "user_agent.original", - "user_agent.os.name", - "apache.error.module" - ] - } - } + "name": "logs-apache.error@settings", + "component_template": { + "template": { + "settings": { + "index": { + "lifecycle": { + "name": "logs" + }, + "codec": "best_compression", + "mapping": { + "total_fields": { + "limit": "10000" } - }, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true + }, + "query": { + "default_field": [ + "cloud.account.id", + "cloud.availability_zone", + "cloud.instance.id", + "cloud.instance.name", + "cloud.machine.type", + "cloud.provider", + "cloud.region", + "cloud.project.id", + "cloud.image.id", + "container.id", + "container.image.name", + "container.name", + "host.architecture", + "host.domain", + "host.hostname", + "host.id", + "host.mac", + "host.name", + "host.os.family", + "host.os.kernel", + "host.os.name", + "host.os.platform", + "host.os.version", + "host.type", + "host.os.build", + "host.os.codename", + "input.type", + "tags", + "ecs.version", + "event.category", + "event.kind", + "event.timezone", + "event.type", + "file.path", + "http.request.method", + "http.request.referrer", + "http.version", + "log.file.path", + "log.level", + "source.address", + "source.as.organization.name", + "source.geo.city_name", + "source.geo.continent_name", + "source.geo.country_iso_code", + "source.geo.country_name", + "source.geo.region_iso_code", + "source.geo.region_name", + "tags", + "url.domain", + "url.extension", + "url.query", + "user.name", + "user_agent.device.name", + "user_agent.name", + "user_agent.original", + "user_agent.os.name", + "apache.error.module" + ] + } } + } + }, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true } + } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@custom.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@custom.json index 66f11878e..cabce8463 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@custom.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@custom.json @@ -1,15 +1,15 @@ { - "name": "metrics-apache.status@custom", - "component_template": { - "template": { - "settings": {} - }, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true - } + "name": "metrics-apache.status@custom", + "component_template": { + "template": { + "settings": {} + }, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true } + } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@settings.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@settings.json index 9ead41b97..c878ce03f 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@settings.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/component_templates/metrics-apache.status@settings.json @@ -1,60 +1,60 @@ { - "name": "metrics-apache.status@settings", - "component_template": { - "template": { - "settings": { - "index": { - "lifecycle": { - "name": "metrics" - }, - "codec": "best_compression", - "mapping": { - "total_fields": { - "limit": "10000" - } - }, - "query": { - "default_field": [ - "cloud.account.id", - "cloud.availability_zone", - "cloud.instance.id", - "cloud.instance.name", - "cloud.machine.type", - "cloud.provider", - "cloud.region", - "cloud.project.id", - "cloud.image.id", - "container.id", - "container.image.name", - "container.name", - "host.architecture", - "host.domain", - "host.hostname", - "host.id", - "host.mac", - "host.name", - "host.os.family", - "host.os.kernel", - "host.os.name", - "host.os.platform", - "host.os.version", - "host.type", - "host.os.build", - "host.os.codename", - "ecs.version", - "service.address", - "service.type" - ] - } - } + "name": "metrics-apache.status@settings", + "component_template": { + "template": { + "settings": { + "index": { + "lifecycle": { + "name": "metrics" + }, + "codec": "best_compression", + "mapping": { + "total_fields": { + "limit": "10000" } - }, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true + }, + "query": { + "default_field": [ + "cloud.account.id", + "cloud.availability_zone", + "cloud.instance.id", + "cloud.instance.name", + "cloud.machine.type", + "cloud.provider", + "cloud.region", + "cloud.project.id", + "cloud.image.id", + "container.id", + "container.image.name", + "container.name", + "host.architecture", + "host.domain", + "host.hostname", + "host.id", + "host.mac", + "host.name", + "host.os.family", + "host.os.kernel", + "host.os.name", + "host.os.platform", + "host.os.version", + "host.type", + "host.os.build", + "host.os.codename", + "ecs.version", + "service.address", + "service.type" + ] + } } + } + }, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true } + } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/logs.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/logs.json index 20d386bea..0260e14f6 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/logs.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/logs.json @@ -1,45 +1,45 @@ { - "version": 1, - "modified_date": "2022-04-06T15:40:04.029Z", - "policy": { - "phases": { - "hot": { - "min_age": "0ms", - "actions": { - "rollover": { - "max_primary_shard_size": "50gb", - "max_age": "30d" - } - } - } - }, - "_meta": { - "managed": true, - "description": "default policy for the logs index template installed by x-pack" + "version": 1, + "modified_date": "2022-04-06T15:40:04.029Z", + "policy": { + "phases": { + "hot": { + "min_age": "0ms", + "actions": { + "rollover": { + "max_primary_shard_size": "50gb", + "max_age": "30d" + } } + } }, - "in_use_by": { - "indices": [], - "data_streams": [], - "composable_templates": [ - "logs-apache.access", - "logs-elastic_agent.apm_server", - "logs-system.security", - "logs-system.auth", - "logs-elastic_agent.metricbeat", - "logs-elastic_agent.filebeat", - "logs-elastic_agent.packetbeat", - "logs-elastic_agent.endpoint_security", - "logs-elastic_agent.fleet_server", - "logs-apache.error", - "logs-system.system", - "logs-system.application", - "logs-elastic_agent.osquerybeat", - "logs-elastic_agent.heartbeat", - "logs-system.syslog", - "logs-elastic_agent.auditbeat", - "logs", - "logs-elastic_agent" - ] + "_meta": { + "managed": true, + "description": "default policy for the logs index template installed by x-pack" } + }, + "in_use_by": { + "indices": [], + "data_streams": [], + "composable_templates": [ + "logs-apache.access", + "logs-elastic_agent.apm_server", + "logs-system.security", + "logs-system.auth", + "logs-elastic_agent.metricbeat", + "logs-elastic_agent.filebeat", + "logs-elastic_agent.packetbeat", + "logs-elastic_agent.endpoint_security", + "logs-elastic_agent.fleet_server", + "logs-apache.error", + "logs-system.system", + "logs-system.application", + "logs-elastic_agent.osquerybeat", + "logs-elastic_agent.heartbeat", + "logs-system.syslog", + "logs-elastic_agent.auditbeat", + "logs", + "logs-elastic_agent" + ] + } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/metrics.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/metrics.json index e99281b3a..aea99c4d5 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/metrics.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ilm_policies/metrics.json @@ -1,51 +1,51 @@ { - "version": 1, - "modified_date": "2022-04-06T15:40:04.332Z", - "policy": { - "phases": { - "hot": { - "min_age": "0ms", - "actions": { - "rollover": { - "max_primary_shard_size": "50gb", - "max_age": "30d" - } - } - } - }, - "_meta": { - "managed": true, - "description": "default policy for the metrics index template installed by x-pack" + "version": 1, + "modified_date": "2022-04-06T15:40:04.332Z", + "policy": { + "phases": { + "hot": { + "min_age": "0ms", + "actions": { + "rollover": { + "max_primary_shard_size": "50gb", + "max_age": "30d" + } } + } }, - "in_use_by": { - "indices": [], - "data_streams": [], - "composable_templates": [ - "metrics-system.process", - "metrics-elastic_agent.packetbeat", - "metrics-system.fsstat", - "metrics-elastic_agent.osquerybeat", - "metrics-elastic_agent.endpoint_security", - "metrics-elastic_agent.apm_server", - "metrics-system.memory", - "metrics-system.socket_summary", - "metrics-apache.status", - "metrics-elastic_agent.elastic_agent", - "metrics-elastic_agent.fleet_server", - "metrics-system.load", - "metrics-system.core", - "metrics-elastic_agent.filebeat", - "metrics-system.uptime", - "metrics-system.process.summary", - "metrics-system.cpu", - "metrics-elastic_agent.heartbeat", - "metrics-system.diskio", - "metrics-elastic_agent.metricbeat", - "metrics-elastic_agent.auditbeat", - "metrics-system.network", - "metrics-system.filesystem", - "metrics" - ] + "_meta": { + "managed": true, + "description": "default policy for the metrics index template installed by x-pack" } + }, + "in_use_by": { + "indices": [], + "data_streams": [], + "composable_templates": [ + "metrics-system.process", + "metrics-elastic_agent.packetbeat", + "metrics-system.fsstat", + "metrics-elastic_agent.osquerybeat", + "metrics-elastic_agent.endpoint_security", + "metrics-elastic_agent.apm_server", + "metrics-system.memory", + "metrics-system.socket_summary", + "metrics-apache.status", + "metrics-elastic_agent.elastic_agent", + "metrics-elastic_agent.fleet_server", + "metrics-system.load", + "metrics-system.core", + "metrics-elastic_agent.filebeat", + "metrics-system.uptime", + "metrics-system.process.summary", + "metrics-system.cpu", + "metrics-elastic_agent.heartbeat", + "metrics-system.diskio", + "metrics-elastic_agent.metricbeat", + "metrics-elastic_agent.auditbeat", + "metrics-system.network", + "metrics-system.filesystem", + "metrics" + ] + } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.access.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.access.json index 961c4dd23..219cff1e5 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.access.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.access.json @@ -1,545 +1,545 @@ { - "name": "logs-apache.access", - "index_template": { - "index_patterns": [ - "logs-apache.access-*" + "name": "logs-apache.access", + "index_template": { + "index_patterns": [ + "logs-apache.access-*" + ], + "template": { + "settings": { + "index": { + "default_pipeline": "logs-apache.access-1.3.6" + } + }, + "mappings": { + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true + }, + "dynamic_templates": [ + { + "strings_as_keyword": { + "mapping": { + "ignore_above": 1024, + "type": "keyword" + }, + "match_mapping_type": "string" + } + } ], - "template": { - "settings": { - "index": { - "default_pipeline": "logs-apache.access-1.3.6" + "date_detection": false, + "properties": { + "container": { + "properties": { + "image": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "labels": { + "type": "object" + } + } + }, + "process": { + "properties": { + "pid": { + "type": "long" + }, + "thread": { + "properties": { + "id": { + "type": "long" + } + } + } + } + }, + "log": { + "properties": { + "file": { + "properties": { + "path": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "offset": { + "type": "long" + }, + "level": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "destination": { + "properties": { + "domain": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "source": { + "properties": { + "geo": { + "properties": { + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } } - }, - "mappings": { - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true - }, - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } + }, + "as": { + "properties": { + "number": { + "type": "long" + }, + "organization": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + } } - ], - "date_detection": false, + } + } + }, + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + } + } + }, + "error": { + "properties": { + "message": { + "type": "match_only_text" + } + } + }, + "message": { + "type": "match_only_text" + }, + "url": { + "properties": { + "path": { + "ignore_above": 1024, + "type": "wildcard" + }, + "extension": { + "ignore_above": 1024, + "type": "keyword" + }, + "original": { + "ignore_above": 1024, + "type": "wildcard", + "fields": {} + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "query": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "tags": { + "ignore_above": 1024, + "type": "keyword" + }, + "cloud": { + "properties": { + "availability_zone": { + "ignore_above": 1024, + "type": "keyword" + }, + "image": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "instance": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "provider": { + "ignore_above": 1024, + "type": "keyword" + }, + "machine": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "project": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "region": { + "ignore_above": 1024, + "type": "keyword" + }, + "account": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "input": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "@timestamp": { + "type": "date" + }, + "file": { + "properties": { + "path": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + } + } + }, + "apache": { + "properties": { + "access": { "properties": { - "container": { - "properties": { - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "labels": { - "type": "object" - } - } - }, - "process": { - "properties": { - "pid": { - "type": "long" - }, - "thread": { - "properties": { - "id": { - "type": "long" - } - } - } - } - }, - "log": { - "properties": { - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "offset": { - "type": "long" - }, - "level": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "destination": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "source": { - "properties": { - "geo": { - "properties": { - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - } - } - } - } - }, - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - } - } - }, - "error": { - "properties": { - "message": { - "type": "match_only_text" - } - } - }, - "message": { - "type": "match_only_text" - }, - "url": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "wildcard" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "ignore_above": 1024, - "type": "wildcard", - "fields": {} - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "tags": { + "ssl": { + "properties": { + "cipher": { "ignore_above": 1024, "type": "keyword" - }, - "cloud": { - "properties": { - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "instance": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - }, - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "input": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "@timestamp": { - "type": "date" - }, - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - } - } - }, - "apache": { - "properties": { - "access": { - "properties": { - "ssl": { - "properties": { - "cipher": { - "ignore_above": 1024, - "type": "keyword" - }, - "protocol": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } - }, - "host": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "text" - } - } - }, - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "containerized": { - "type": "boolean" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "architecture": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "http": { - "properties": { - "request": { - "properties": { - "referrer": { - "ignore_above": 1024, - "type": "keyword" - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "response": { - "properties": { - "status_code": { - "type": "long" - }, - "body": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "tls": { - "properties": { - "cipher": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "version_protocol": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event": { - "properties": { - "created": { - "type": "date" - }, - "kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "module": { - "type": "constant_keyword", - "value": "apache" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "dataset": { - "type": "constant_keyword", - "value": "apache.access" - }, - "outcome": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - } - } - }, - "user_agent": { - "properties": { - "original": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - }, - "os": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "device": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } + }, + "protocol": { + "ignore_above": 1024, + "type": "keyword" + } } + } } + } } - }, - "composed_of": [ - "logs-apache.access@settings", - "logs-apache.access@custom", - ".fleet_component_template-1" - ], - "priority": 200, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true - }, - "data_stream": { - "hidden": false, - "allow_custom_routing": false + }, + "ecs": { + "properties": { + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "data_stream": { + "properties": { + "namespace": { + "type": "constant_keyword" + }, + "type": { + "type": "constant_keyword" + }, + "dataset": { + "type": "constant_keyword" + } + } + }, + "host": { + "properties": { + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "build": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "codename": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "text": { + "type": "text" + } + } + }, + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + }, + "containerized": { + "type": "boolean" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "architecture": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "http": { + "properties": { + "request": { + "properties": { + "referrer": { + "ignore_above": 1024, + "type": "keyword" + }, + "method": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "response": { + "properties": { + "status_code": { + "type": "long" + }, + "body": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "tls": { + "properties": { + "cipher": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + }, + "version_protocol": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "event": { + "properties": { + "created": { + "type": "date" + }, + "kind": { + "ignore_above": 1024, + "type": "keyword" + }, + "module": { + "type": "constant_keyword", + "value": "apache" + }, + "category": { + "ignore_above": 1024, + "type": "keyword" + }, + "dataset": { + "type": "constant_keyword", + "value": "apache.access" + }, + "outcome": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "user": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + } + } + }, + "user_agent": { + "properties": { + "original": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + }, + "os": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + }, + "full": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "device": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + } } + } + }, + "composed_of": [ + "logs-apache.access@settings", + "logs-apache.access@custom", + ".fleet_component_template-1" + ], + "priority": 200, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true + }, + "data_stream": { + "hidden": false, + "allow_custom_routing": false } + } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.error.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.error.json index 157425454..78912bfde 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.error.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/logs-apache.error.json @@ -1,500 +1,500 @@ { - "name": "logs-apache.error", - "index_template": { - "index_patterns": [ - "logs-apache.error-*" + "name": "logs-apache.error", + "index_template": { + "index_patterns": [ + "logs-apache.error-*" + ], + "template": { + "settings": { + "index": { + "default_pipeline": "logs-apache.error-1.3.6" + } + }, + "mappings": { + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true + }, + "dynamic_templates": [ + { + "strings_as_keyword": { + "mapping": { + "ignore_above": 1024, + "type": "keyword" + }, + "match_mapping_type": "string" + } + } ], - "template": { - "settings": { - "index": { - "default_pipeline": "logs-apache.error-1.3.6" + "date_detection": false, + "properties": { + "container": { + "properties": { + "image": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } } - }, - "mappings": { - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true - }, - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false, + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "labels": { + "type": "object" + } + } + }, + "process": { + "properties": { + "pid": { + "type": "long" + }, + "thread": { + "properties": { + "id": { + "type": "long" + } + } + } + } + }, + "log": { + "properties": { + "file": { + "properties": { + "path": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "offset": { + "type": "long" + }, + "level": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "source": { + "properties": { + "geo": { + "properties": { + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "as": { "properties": { - "container": { - "properties": { - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "labels": { - "type": "object" - } - } - }, - "process": { - "properties": { - "pid": { - "type": "long" - }, - "thread": { - "properties": { - "id": { - "type": "long" - } - } - } - } - }, - "log": { - "properties": { - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "offset": { - "type": "long" - }, - "level": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "source": { - "properties": { - "geo": { - "properties": { - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - } - } - } - } - }, - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "port": { - "type": "long" - }, - "ip": { - "type": "ip" - } - } - }, - "error": { - "properties": { - "message": { - "type": "match_only_text" - } - } - }, - "message": { - "type": "match_only_text" - }, - "url": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "wildcard" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "ignore_above": 1024, - "type": "wildcard", - "fields": {} - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "tags": { + "number": { + "type": "long" + }, + "organization": { + "properties": { + "name": { "ignore_above": 1024, - "type": "keyword" - }, - "cloud": { - "properties": { - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "instance": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - }, - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "input": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "@timestamp": { - "type": "date" - }, - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - } - } - }, - "apache": { - "properties": { - "error": { - "properties": { - "module": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } - }, - "host": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "text" - } - } - }, - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "containerized": { - "type": "boolean" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "architecture": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "http": { - "properties": { - "request": { - "properties": { - "referrer": { - "ignore_above": 1024, - "type": "keyword" - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "response": { - "properties": { - "status_code": { - "type": "long" - }, - "body": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event": { - "properties": { - "kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - }, - "module": { - "type": "constant_keyword", - "value": "apache" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "dataset": { - "type": "constant_keyword", - "value": "apache.error" - } - } - }, - "user": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - } - } - }, - "user_agent": { - "properties": { - "original": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - }, - "os": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": {} - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "device": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } + "type": "keyword", + "fields": {} + } } + } } + }, + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "port": { + "type": "long" + }, + "ip": { + "type": "ip" + } } - }, - "composed_of": [ - "logs-apache.error@settings", - "logs-apache.error@custom", - ".fleet_component_template-1" - ], - "priority": 200, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true - }, - "data_stream": { - "hidden": false, - "allow_custom_routing": false + }, + "error": { + "properties": { + "message": { + "type": "match_only_text" + } + } + }, + "message": { + "type": "match_only_text" + }, + "url": { + "properties": { + "path": { + "ignore_above": 1024, + "type": "wildcard" + }, + "extension": { + "ignore_above": 1024, + "type": "keyword" + }, + "original": { + "ignore_above": 1024, + "type": "wildcard", + "fields": {} + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "query": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "tags": { + "ignore_above": 1024, + "type": "keyword" + }, + "cloud": { + "properties": { + "availability_zone": { + "ignore_above": 1024, + "type": "keyword" + }, + "image": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "instance": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "provider": { + "ignore_above": 1024, + "type": "keyword" + }, + "machine": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "project": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "region": { + "ignore_above": 1024, + "type": "keyword" + }, + "account": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "input": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "@timestamp": { + "type": "date" + }, + "file": { + "properties": { + "path": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + } + } + }, + "apache": { + "properties": { + "error": { + "properties": { + "module": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "ecs": { + "properties": { + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "data_stream": { + "properties": { + "namespace": { + "type": "constant_keyword" + }, + "type": { + "type": "constant_keyword" + }, + "dataset": { + "type": "constant_keyword" + } + } + }, + "host": { + "properties": { + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "build": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "codename": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "text": { + "type": "text" + } + } + }, + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + }, + "containerized": { + "type": "boolean" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "architecture": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "http": { + "properties": { + "request": { + "properties": { + "referrer": { + "ignore_above": 1024, + "type": "keyword" + }, + "method": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "response": { + "properties": { + "status_code": { + "type": "long" + }, + "body": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "event": { + "properties": { + "kind": { + "ignore_above": 1024, + "type": "keyword" + }, + "timezone": { + "ignore_above": 1024, + "type": "keyword" + }, + "module": { + "type": "constant_keyword", + "value": "apache" + }, + "category": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "dataset": { + "type": "constant_keyword", + "value": "apache.error" + } + } + }, + "user": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + } + } + }, + "user_agent": { + "properties": { + "original": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + }, + "os": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": {} + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "device": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + } } + } + }, + "composed_of": [ + "logs-apache.error@settings", + "logs-apache.error@custom", + ".fleet_component_template-1" + ], + "priority": 200, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true + }, + "data_stream": { + "hidden": false, + "allow_custom_routing": false } + } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/metrics-apache.status.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/metrics-apache.status.json index 06ee21bd7..d35ade557 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/metrics-apache.status.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/index_templates/metrics-apache.status.json @@ -1,510 +1,510 @@ { - "name": "metrics-apache.status", - "index_template": { - "index_patterns": [ - "metrics-apache.status-*" + "name": "metrics-apache.status", + "index_template": { + "index_patterns": [ + "metrics-apache.status-*" + ], + "template": { + "settings": {}, + "mappings": { + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true + }, + "dynamic_templates": [ + { + "strings_as_keyword": { + "mapping": { + "ignore_above": 1024, + "type": "keyword" + }, + "match_mapping_type": "string" + } + } ], - "template": { - "settings": {}, - "mappings": { - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true - }, - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false, + "date_detection": false, + "properties": { + "cloud": { + "properties": { + "availability_zone": { + "ignore_above": 1024, + "type": "keyword" + }, + "image": { "properties": { - "cloud": { - "properties": { - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "instance": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - }, - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "container": { - "properties": { - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "labels": { - "type": "object" - } - } - }, - "@timestamp": { - "type": "date" - }, - "apache": { - "properties": { - "status": { - "properties": { - "bytes_per_request": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "load": { - "properties": { - "1": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "15": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "5": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "bytes_per_sec": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "total_bytes": { - "meta": { - "unit": "byte", - "metric_type": "counter" - }, - "type": "long" - }, - "cpu": { - "properties": { - "system": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "load": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "children_system": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "children_user": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "user": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "total_accesses": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - }, - "scoreboard": { - "properties": { - "total": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "keepalive": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "idle_cleanup": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "waiting_for_connection": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "logging": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "gracefully_finishing": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "open_slot": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "dns_lookup": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "sending_reply": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "closing_connection": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "starting_up": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "reading_request": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - } - } - }, - "workers": { - "properties": { - "idle": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "busy": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - } - } - }, - "connections": { - "properties": { - "async": { - "properties": { - "closing": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "writing": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - }, - "keep_alive": { - "meta": { - "metric_type": "gauge" - }, - "type": "long" - } - } - }, - "total": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - } - } - }, - "requests_per_sec": { - "meta": { - "metric_type": "gauge" - }, - "scaling_factor": 1000, - "type": "scaled_float" - }, - "uptime": { - "properties": { - "server_uptime": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - }, - "uptime": { - "meta": { - "metric_type": "counter" - }, - "type": "long" - } - } - } - } - } - } + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "instance": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "provider": { + "ignore_above": 1024, + "type": "keyword" + }, + "machine": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "project": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "region": { + "ignore_above": 1024, + "type": "keyword" + }, + "account": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "container": { + "properties": { + "image": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "labels": { + "type": "object" + } + } + }, + "@timestamp": { + "type": "date" + }, + "apache": { + "properties": { + "status": { + "properties": { + "bytes_per_request": { + "meta": { + "metric_type": "gauge" }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } + "scaling_factor": 1000, + "type": "scaled_float" + }, + "load": { + "properties": { + "1": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "15": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "5": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + } + } + }, + "bytes_per_sec": { + "meta": { + "metric_type": "gauge" }, - "data_stream": { - "properties": { - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - }, - "dataset": { - "type": "constant_keyword" - } - } + "scaling_factor": 1000, + "type": "scaled_float" + }, + "total_bytes": { + "meta": { + "unit": "byte", + "metric_type": "counter" }, - "service": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } + "type": "long" + }, + "cpu": { + "properties": { + "system": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "load": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "children_system": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "children_user": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + }, + "user": { + "meta": { + "metric_type": "gauge" + }, + "scaling_factor": 1000, + "type": "scaled_float" + } + } + }, + "total_accesses": { + "meta": { + "metric_type": "counter" }, - "host": { + "type": "long" + }, + "scoreboard": { + "properties": { + "total": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "keepalive": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "idle_cleanup": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "waiting_for_connection": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "logging": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "gracefully_finishing": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "open_slot": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "dns_lookup": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "sending_reply": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "closing_connection": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "starting_up": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "reading_request": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + } + } + }, + "workers": { + "properties": { + "idle": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + }, + "busy": { + "meta": { + "metric_type": "gauge" + }, + "type": "long" + } + } + }, + "connections": { + "properties": { + "async": { "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "text" - } - } - }, - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" + "closing": { + "meta": { + "metric_type": "gauge" }, - "ip": { - "type": "ip" + "type": "long" + }, + "writing": { + "meta": { + "metric_type": "gauge" }, - "containerized": { - "type": "boolean" + "type": "long" + }, + "keep_alive": { + "meta": { + "metric_type": "gauge" }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "architecture": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event": { - "properties": { - "module": { - "type": "constant_keyword", - "value": "apache" - }, - "dataset": { - "type": "constant_keyword", - "value": "apache.status" - } + "type": "long" + } } + }, + "total": { + "meta": { + "metric_type": "counter" + }, + "type": "long" + } + } + }, + "requests_per_sec": { + "meta": { + "metric_type": "gauge" }, - "error": { - "properties": { - "message": { - "type": "match_only_text" - } - } + "scaling_factor": 1000, + "type": "scaled_float" + }, + "uptime": { + "properties": { + "server_uptime": { + "meta": { + "metric_type": "counter" + }, + "type": "long" + }, + "uptime": { + "meta": { + "metric_type": "counter" + }, + "type": "long" + } } + } } + } } - }, - "composed_of": [ - "metrics-apache.status@settings", - "metrics-apache.status@custom", - ".fleet_component_template-1" - ], - "priority": 200, - "_meta": { - "package": { - "name": "apache" - }, - "managed_by": "fleet", - "managed": true - }, - "data_stream": { - "hidden": false, - "allow_custom_routing": false + }, + "ecs": { + "properties": { + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "data_stream": { + "properties": { + "namespace": { + "type": "constant_keyword" + }, + "type": { + "type": "constant_keyword" + }, + "dataset": { + "type": "constant_keyword" + } + } + }, + "service": { + "properties": { + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "host": { + "properties": { + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "build": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "codename": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "text": { + "type": "text" + } + } + }, + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + }, + "containerized": { + "type": "boolean" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "architecture": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "event": { + "properties": { + "module": { + "type": "constant_keyword", + "value": "apache" + }, + "dataset": { + "type": "constant_keyword", + "value": "apache.status" + } + } + }, + "error": { + "properties": { + "message": { + "type": "match_only_text" + } + } + } } + } + }, + "composed_of": [ + "metrics-apache.status@settings", + "metrics-apache.status@custom", + ".fleet_component_template-1" + ], + "priority": 200, + "_meta": { + "package": { + "name": "apache" + }, + "managed_by": "fleet", + "managed": true + }, + "data_stream": { + "hidden": false, + "allow_custom_routing": false } + } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/.fleet_final_pipeline-1.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/.fleet_final_pipeline-1.json index 8fb8c1732..ff7d6617e 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/.fleet_final_pipeline-1.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/.fleet_final_pipeline-1.json @@ -1,92 +1,92 @@ { - "version": 2, - "_meta": { - "managed_by": "fleet", - "managed": true + "version": 2, + "_meta": { + "managed_by": "fleet", + "managed": true + }, + "description": "Final pipeline for processing all incoming Fleet Agent documents.\n", + "processors": [ + { + "set": { + "description": "Add time when event was ingested.", + "field": "event.ingested", + "copy_from": "_ingest.timestamp" + } }, - "description": "Final pipeline for processing all incoming Fleet Agent documents.\n", - "processors": [ - { - "set": { - "description": "Add time when event was ingested.", - "field": "event.ingested", - "copy_from": "_ingest.timestamp" - } - }, - { - "script": { - "description": "Remove sub-seconds from event.ingested to improve storage efficiency.", - "tag": "truncate-subseconds-event-ingested", - "source": "ctx.event.ingested = ctx.event.ingested.withNano(0).format(DateTimeFormatter.ISO_OFFSET_DATE_TIME);", - "ignore_failure": true - } - }, - { - "remove": { - "description": "Remove any pre-existing untrusted values.", - "field": [ - "event.agent_id_status", - "_security" - ], - "ignore_missing": true - } - }, - { - "set_security_user": { - "field": "_security", - "properties": [ - "authentication_type", - "username", - "realm", - "api_key" - ] - } - }, - { - "script": { - "description": "Add event.agent_id_status based on the API key metadata and the agent.id contained in the event.\n", - "tag": "agent-id-status", - "source": "boolean is_user_trusted(def ctx, def users) {\n if (ctx?._security?.username == null) {\n return false;\n }\n\n def user = null;\n for (def item : users) {\n if (item?.username == ctx._security.username) {\n user = item;\n break;\n }\n }\n\n if (user == null || user?.realm == null || ctx?._security?.realm?.name == null) {\n return false;\n }\n\n if (ctx._security.realm.name != user.realm) {\n return false;\n }\n\n return true;\n}\n\nString verified(def ctx, def params) {\n // No agent.id field to validate.\n if (ctx?.agent?.id == null) {\n return \"missing\";\n }\n\n // Check auth metadata from API key.\n if (ctx?._security?.authentication_type == null\n // Agents only use API keys.\n || ctx._security.authentication_type != 'API_KEY'\n // Verify the API key owner before trusting any metadata it contains.\n || !is_user_trusted(ctx, params.trusted_users)\n // Verify the API key has metadata indicating the assigned agent ID.\n || ctx?._security?.api_key?.metadata?.agent_id == null) {\n return \"auth_metadata_missing\";\n }\n\n // The API key can only be used represent the agent.id it was issued to.\n if (ctx._security.api_key.metadata.agent_id != ctx.agent.id) {\n // Potential masquerade attempt.\n return \"mismatch\";\n }\n\n return \"verified\";\n}\n\nif (ctx?.event == null) {\n ctx.event = [:];\n}\n\nctx.event.agent_id_status = verified(ctx, params);", - "params": { - "trusted_users": [ - { - "username": "elastic/fleet-server", - "realm": "_service_account" - }, - { - "username": "cloud-internal-agent-server", - "realm": "found" - }, - { - "username": "elastic", - "realm": "reserved" - } - ] - } - } - }, - { - "remove": { - "field": "_security", - "ignore_missing": true - } - } - ], - "on_failure": [ - { - "remove": { - "field": "_security", - "ignore_missing": true, - "ignore_failure": true - } - }, - { - "append": { - "field": "error.message", - "value": [ - "failed in Fleet agent final_pipeline: {{ _ingest.on_failure_message }}" - ] + { + "script": { + "description": "Remove sub-seconds from event.ingested to improve storage efficiency.", + "tag": "truncate-subseconds-event-ingested", + "source": "ctx.event.ingested = ctx.event.ingested.withNano(0).format(DateTimeFormatter.ISO_OFFSET_DATE_TIME);", + "ignore_failure": true + } + }, + { + "remove": { + "description": "Remove any pre-existing untrusted values.", + "field": [ + "event.agent_id_status", + "_security" + ], + "ignore_missing": true + } + }, + { + "set_security_user": { + "field": "_security", + "properties": [ + "authentication_type", + "username", + "realm", + "api_key" + ] + } + }, + { + "script": { + "description": "Add event.agent_id_status based on the API key metadata and the agent.id contained in the event.\n", + "tag": "agent-id-status", + "source": "boolean is_user_trusted(def ctx, def users) {\n if (ctx?._security?.username == null) {\n return false;\n }\n\n def user = null;\n for (def item : users) {\n if (item?.username == ctx._security.username) {\n user = item;\n break;\n }\n }\n\n if (user == null || user?.realm == null || ctx?._security?.realm?.name == null) {\n return false;\n }\n\n if (ctx._security.realm.name != user.realm) {\n return false;\n }\n\n return true;\n}\n\nString verified(def ctx, def params) {\n // No agent.id field to validate.\n if (ctx?.agent?.id == null) {\n return \"missing\";\n }\n\n // Check auth metadata from API key.\n if (ctx?._security?.authentication_type == null\n // Agents only use API keys.\n || ctx._security.authentication_type != 'API_KEY'\n // Verify the API key owner before trusting any metadata it contains.\n || !is_user_trusted(ctx, params.trusted_users)\n // Verify the API key has metadata indicating the assigned agent ID.\n || ctx?._security?.api_key?.metadata?.agent_id == null) {\n return \"auth_metadata_missing\";\n }\n\n // The API key can only be used represent the agent.id it was issued to.\n if (ctx._security.api_key.metadata.agent_id != ctx.agent.id) {\n // Potential masquerade attempt.\n return \"mismatch\";\n }\n\n return \"verified\";\n}\n\nif (ctx?.event == null) {\n ctx.event = [:];\n}\n\nctx.event.agent_id_status = verified(ctx, params);", + "params": { + "trusted_users": [ + { + "username": "elastic/fleet-server", + "realm": "_service_account" + }, + { + "username": "cloud-internal-agent-server", + "realm": "found" + }, + { + "username": "elastic", + "realm": "reserved" } + ] } - ] + } + }, + { + "remove": { + "field": "_security", + "ignore_missing": true + } + } + ], + "on_failure": [ + { + "remove": { + "field": "_security", + "ignore_missing": true, + "ignore_failure": true + } + }, + { + "append": { + "field": "error.message", + "value": [ + "failed in Fleet agent final_pipeline: {{ _ingest.on_failure_message }}" + ] + } + } + ] } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6-third-party.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6-third-party.json index ff2578ba8..6e0001119 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6-third-party.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6-third-party.json @@ -1,74 +1,74 @@ { - "description": "Pipeline for parsing Apache HTTP Server logs from third party api", - "processors": [ - { - "json": { - "field": "message", - "target_field": "json" - } - }, - { - "drop": { - "if": "ctx.json?.result == null" - } - }, - { - "fingerprint": { - "fields": [ - "json.result._cd", - "json.result._indextime", - "json.result._raw", - "json.result._time", - "json.result.host", - "json.result.source" - ], - "target_field": "_id", - "ignore_missing": true - } - }, - { - "set": { - "copy_from": "json.result._raw", - "field": "message", - "ignore_empty_value": true - } - }, - { - "set": { - "copy_from": "json.result.host", - "field": "host.name", - "ignore_empty_value": true - } - }, - { - "set": { - "copy_from": "json.result.source", - "field": "file.path", - "ignore_empty_value": true - } - }, - { - "remove": { - "field": [ - "json" - ], - "ignore_missing": true - } - } - ], - "on_failure": [ - { - "append": { - "field": "error.message", - "value": "error in third-party pipeline: error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}} with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}} {{ _ingest.on_failure_message }}" - } - } - ], - "_meta": { - "managed_by": "fleet", - "managed": true, - "package": { - "name": "apache" - } + "description": "Pipeline for parsing Apache HTTP Server logs from third party api", + "processors": [ + { + "json": { + "field": "message", + "target_field": "json" + } + }, + { + "drop": { + "if": "ctx.json?.result == null" + } + }, + { + "fingerprint": { + "fields": [ + "json.result._cd", + "json.result._indextime", + "json.result._raw", + "json.result._time", + "json.result.host", + "json.result.source" + ], + "target_field": "_id", + "ignore_missing": true + } + }, + { + "set": { + "copy_from": "json.result._raw", + "field": "message", + "ignore_empty_value": true + } + }, + { + "set": { + "copy_from": "json.result.host", + "field": "host.name", + "ignore_empty_value": true + } + }, + { + "set": { + "copy_from": "json.result.source", + "field": "file.path", + "ignore_empty_value": true + } + }, + { + "remove": { + "field": [ + "json" + ], + "ignore_missing": true + } } + ], + "on_failure": [ + { + "append": { + "field": "error.message", + "value": "error in third-party pipeline: error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}} with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}} {{ _ingest.on_failure_message }}" + } + } + ], + "_meta": { + "managed_by": "fleet", + "managed": true, + "package": { + "name": "apache" + } + } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6.json index 37cd308c7..4faa9950f 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.access-1.3.6.json @@ -1,209 +1,209 @@ { - "description": "Pipeline for parsing Apache HTTP Server access logs. Requires the geoip and user_agent plugins.", - "processors": [ - { - "pipeline": { - "if": "ctx.message.startsWith('{')", - "name": "logs-apache.access-1.3.6-third-party" - } - }, - { - "set": { - "field": "event.ingested", - "value": "{{_ingest.timestamp}}" - } - }, - { - "set": { - "field": "ecs.version", - "value": "1.12.0" - } - }, - { - "rename": { - "field": "message", - "target_field": "event.original" - } - }, - { - "grok": { - "field": "event.original", - "patterns": [ - "%{IPORHOST:destination.domain} %{IPORHOST:source.ip} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"(?:%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}|-)?\" %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)( \"%{DATA:http.request.referrer}\")?( \"%{DATA:user_agent.original}\")?", - "%{IPORHOST:source.address} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"(?:%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}|-)?\" %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)( \"%{DATA:http.request.referrer}\")?( \"%{DATA:user_agent.original}\")?", - "%{IPORHOST:source.address} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"-\" %{NUMBER:http.response.status_code:long} -", - "\\[%{HTTPDATE:apache.access.time}\\] %{IPORHOST:source.address} %{DATA:apache.access.ssl.protocol} %{DATA:apache.access.ssl.cipher} \"%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}\" (-|%{NUMBER:http.response.body.bytes:long})" - ], - "ignore_missing": true - } - }, - { - "uri_parts": { - "field": "_tmp.url_orig", - "ignore_failure": true - } - }, - { - "remove": { - "field": [ - "_tmp" - ], - "ignore_missing": true - } - }, - { - "set": { - "field": "url.domain", - "value": "{{destination.domain}}", - "if": "ctx.url?.domain == null \u0026\u0026 ctx.destination?.domain != null" - } - }, - { - "set": { - "field": "event.kind", - "value": "event" - } - }, - { - "set": { - "field": "event.category", - "value": "web" - } - }, - { - "set": { - "field": "event.outcome", - "value": "success", - "if": "ctx?.http?.response?.status_code != null \u0026\u0026 ctx.http.response.status_code \u003c 400" - } - }, - { - "set": { - "field": "event.outcome", - "value": "failure", - "if": "ctx?.http?.response?.status_code != null \u0026\u0026 ctx.http.response.status_code \u003e 399" - } - }, - { - "grok": { - "field": "source.address", - "ignore_missing": true, - "patterns": [ - "^(%{IP:source.ip}|%{HOSTNAME:source.domain})$" - ] - } - }, - { - "remove": { - "field": "event.created", - "ignore_missing": true, - "ignore_failure": true - } - }, - { - "rename": { - "field": "@timestamp", - "target_field": "event.created" - } - }, - { - "date": { - "field": "apache.access.time", - "target_field": "@timestamp", - "formats": [ - "dd/MMM/yyyy:H:m:s Z" - ], - "ignore_failure": true - } - }, - { - "remove": { - "field": "apache.access.time", - "ignore_failure": true - } - }, - { - "user_agent": { - "field": "user_agent.original", - "ignore_failure": true - } - }, - { - "geoip": { - "field": "source.ip", - "target_field": "source.geo", - "ignore_missing": true - } - }, - { - "geoip": { - "database_file": "GeoLite2-ASN.mmdb", - "field": "source.ip", - "target_field": "source.as", - "properties": [ - "asn", - "organization_name" - ], - "ignore_missing": true - } - }, - { - "rename": { - "field": "source.as.asn", - "target_field": "source.as.number", - "ignore_missing": true - } - }, - { - "rename": { - "field": "source.as.organization_name", - "target_field": "source.as.organization.name", - "ignore_missing": true - } - }, - { - "set": { - "field": "tls.cipher", - "value": "{{apache.access.ssl.cipher}}", - "if": "ctx?.apache?.access?.ssl?.cipher != null" - } - }, - { - "script": { - "lang": "painless", - "if": "ctx?.apache?.access?.ssl?.protocol != null", - "source": "def parts = ctx.apache.access.ssl.protocol.toLowerCase().splitOnToken(\"v\"); if (parts.length != 2) {\n return;\n} if (parts[1].contains(\".\")) {\n ctx.tls.version = parts[1];\n} else {\n ctx.tls.version = parts[1] + \".0\";\n} ctx.tls.version_protocol = parts[0];" - } - }, - { - "script": { - "lang": "painless", - "description": "This script processor iterates over the whole document to remove fields with null values.", - "source": "void handleMap(Map map) {\n for (def x : map.values()) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n map.values().removeIf(v -\u003e v == null);\n}\nvoid handleList(List list) {\n for (def x : list) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n}\nhandleMap(ctx);\n" - } - }, - { - "remove": { - "field": "event.original", - "if": "ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))", - "ignore_failure": true, - "ignore_missing": true - } - } - ], - "on_failure": [ - { - "set": { - "field": "error.message", - "value": "{{ _ingest.on_failure_message }}" - } - } - ], - "_meta": { - "managed_by": "fleet", - "managed": true, - "package": { - "name": "apache" - } + "description": "Pipeline for parsing Apache HTTP Server access logs. Requires the geoip and user_agent plugins.", + "processors": [ + { + "pipeline": { + "if": "ctx.message.startsWith('{')", + "name": "logs-apache.access-1.3.6-third-party" + } + }, + { + "set": { + "field": "event.ingested", + "value": "{{_ingest.timestamp}}" + } + }, + { + "set": { + "field": "ecs.version", + "value": "1.12.0" + } + }, + { + "rename": { + "field": "message", + "target_field": "event.original" + } + }, + { + "grok": { + "field": "event.original", + "patterns": [ + "%{IPORHOST:destination.domain} %{IPORHOST:source.ip} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"(?:%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}|-)?\" %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)( \"%{DATA:http.request.referrer}\")?( \"%{DATA:user_agent.original}\")?", + "%{IPORHOST:source.address} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"(?:%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}|-)?\" %{NUMBER:http.response.status_code:long} (?:%{NUMBER:http.response.body.bytes:long}|-)( \"%{DATA:http.request.referrer}\")?( \"%{DATA:user_agent.original}\")?", + "%{IPORHOST:source.address} - %{DATA:user.name} \\[%{HTTPDATE:apache.access.time}\\] \"-\" %{NUMBER:http.response.status_code:long} -", + "\\[%{HTTPDATE:apache.access.time}\\] %{IPORHOST:source.address} %{DATA:apache.access.ssl.protocol} %{DATA:apache.access.ssl.cipher} \"%{WORD:http.request.method} %{DATA:_tmp.url_orig} HTTP/%{NUMBER:http.version}\" (-|%{NUMBER:http.response.body.bytes:long})" + ], + "ignore_missing": true + } + }, + { + "uri_parts": { + "field": "_tmp.url_orig", + "ignore_failure": true + } + }, + { + "remove": { + "field": [ + "_tmp" + ], + "ignore_missing": true + } + }, + { + "set": { + "field": "url.domain", + "value": "{{destination.domain}}", + "if": "ctx.url?.domain == null && ctx.destination?.domain != null" + } + }, + { + "set": { + "field": "event.kind", + "value": "event" + } + }, + { + "set": { + "field": "event.category", + "value": "web" + } + }, + { + "set": { + "field": "event.outcome", + "value": "success", + "if": "ctx?.http?.response?.status_code != null && ctx.http.response.status_code < 400" + } + }, + { + "set": { + "field": "event.outcome", + "value": "failure", + "if": "ctx?.http?.response?.status_code != null && ctx.http.response.status_code > 399" + } + }, + { + "grok": { + "field": "source.address", + "ignore_missing": true, + "patterns": [ + "^(%{IP:source.ip}|%{HOSTNAME:source.domain})$" + ] + } + }, + { + "remove": { + "field": "event.created", + "ignore_missing": true, + "ignore_failure": true + } + }, + { + "rename": { + "field": "@timestamp", + "target_field": "event.created" + } + }, + { + "date": { + "field": "apache.access.time", + "target_field": "@timestamp", + "formats": [ + "dd/MMM/yyyy:H:m:s Z" + ], + "ignore_failure": true + } + }, + { + "remove": { + "field": "apache.access.time", + "ignore_failure": true + } + }, + { + "user_agent": { + "field": "user_agent.original", + "ignore_failure": true + } + }, + { + "geoip": { + "field": "source.ip", + "target_field": "source.geo", + "ignore_missing": true + } + }, + { + "geoip": { + "database_file": "GeoLite2-ASN.mmdb", + "field": "source.ip", + "target_field": "source.as", + "properties": [ + "asn", + "organization_name" + ], + "ignore_missing": true + } + }, + { + "rename": { + "field": "source.as.asn", + "target_field": "source.as.number", + "ignore_missing": true + } + }, + { + "rename": { + "field": "source.as.organization_name", + "target_field": "source.as.organization.name", + "ignore_missing": true + } + }, + { + "set": { + "field": "tls.cipher", + "value": "{{apache.access.ssl.cipher}}", + "if": "ctx?.apache?.access?.ssl?.cipher != null" + } + }, + { + "script": { + "lang": "painless", + "if": "ctx?.apache?.access?.ssl?.protocol != null", + "source": "def parts = ctx.apache.access.ssl.protocol.toLowerCase().splitOnToken(\"v\"); if (parts.length != 2) {\n return;\n} if (parts[1].contains(\".\")) {\n ctx.tls.version = parts[1];\n} else {\n ctx.tls.version = parts[1] + \".0\";\n} ctx.tls.version_protocol = parts[0];" + } + }, + { + "script": { + "lang": "painless", + "description": "This script processor iterates over the whole document to remove fields with null values.", + "source": "void handleMap(Map map) {\n for (def x : map.values()) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n map.values().removeIf(v -> v == null);\n}\nvoid handleList(List list) {\n for (def x : list) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n}\nhandleMap(ctx);\n" + } + }, + { + "remove": { + "field": "event.original", + "if": "ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))", + "ignore_failure": true, + "ignore_missing": true + } } + ], + "on_failure": [ + { + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ], + "_meta": { + "managed_by": "fleet", + "managed": true, + "package": { + "name": "apache" + } + } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6-third-party.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6-third-party.json index ff2578ba8..6e0001119 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6-third-party.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6-third-party.json @@ -1,74 +1,74 @@ { - "description": "Pipeline for parsing Apache HTTP Server logs from third party api", - "processors": [ - { - "json": { - "field": "message", - "target_field": "json" - } - }, - { - "drop": { - "if": "ctx.json?.result == null" - } - }, - { - "fingerprint": { - "fields": [ - "json.result._cd", - "json.result._indextime", - "json.result._raw", - "json.result._time", - "json.result.host", - "json.result.source" - ], - "target_field": "_id", - "ignore_missing": true - } - }, - { - "set": { - "copy_from": "json.result._raw", - "field": "message", - "ignore_empty_value": true - } - }, - { - "set": { - "copy_from": "json.result.host", - "field": "host.name", - "ignore_empty_value": true - } - }, - { - "set": { - "copy_from": "json.result.source", - "field": "file.path", - "ignore_empty_value": true - } - }, - { - "remove": { - "field": [ - "json" - ], - "ignore_missing": true - } - } - ], - "on_failure": [ - { - "append": { - "field": "error.message", - "value": "error in third-party pipeline: error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}} with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}} {{ _ingest.on_failure_message }}" - } - } - ], - "_meta": { - "managed_by": "fleet", - "managed": true, - "package": { - "name": "apache" - } + "description": "Pipeline for parsing Apache HTTP Server logs from third party api", + "processors": [ + { + "json": { + "field": "message", + "target_field": "json" + } + }, + { + "drop": { + "if": "ctx.json?.result == null" + } + }, + { + "fingerprint": { + "fields": [ + "json.result._cd", + "json.result._indextime", + "json.result._raw", + "json.result._time", + "json.result.host", + "json.result.source" + ], + "target_field": "_id", + "ignore_missing": true + } + }, + { + "set": { + "copy_from": "json.result._raw", + "field": "message", + "ignore_empty_value": true + } + }, + { + "set": { + "copy_from": "json.result.host", + "field": "host.name", + "ignore_empty_value": true + } + }, + { + "set": { + "copy_from": "json.result.source", + "field": "file.path", + "ignore_empty_value": true + } + }, + { + "remove": { + "field": [ + "json" + ], + "ignore_missing": true + } } + ], + "on_failure": [ + { + "append": { + "field": "error.message", + "value": "error in third-party pipeline: error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}} with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}} {{ _ingest.on_failure_message }}" + } + } + ], + "_meta": { + "managed_by": "fleet", + "managed": true, + "package": { + "name": "apache" + } + } } \ No newline at end of file diff --git a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6.json b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6.json index 2a9e3a63f..979cb41ed 100644 --- a/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6.json +++ b/internal/dump/testdata/elasticsearch-8-apache-dump-all/ingest_pipelines/logs-apache.error-1.3.6.json @@ -1,197 +1,197 @@ { - "description": "Pipeline for parsing apache error logs", - "processors": [ - { - "pipeline": { - "if": "ctx.message.startsWith('{')", - "name": "logs-apache.error-1.3.6-third-party" - } - }, - { - "set": { - "field": "event.ingested", - "value": "{{_ingest.timestamp}}" - } - }, - { - "set": { - "field": "ecs.version", - "value": "1.12.0" - } - }, - { - "rename": { - "field": "message", - "target_field": "event.original" - } - }, - { - "grok": { - "field": "event.original", - "patterns": [ - "\\[%{APACHE_TIME:apache.error.timestamp}\\] \\[%{LOGLEVEL:log.level}\\]( \\[client %{IPORHOST:source.address}(:%{POSINT:source.port})?\\])? %{GREEDYDATA:message}", - "\\[%{APACHE_TIME:apache.error.timestamp}\\] \\[%{DATA:apache.error.module}:%{APACHE_LOGLEVEL:log.level}\\] \\[pid %{NUMBER:process.pid:long}(:tid %{NUMBER:process.thread.id:long})?\\]( \\[client %{IPORHOST:source.address}(:%{POSINT:source.port})?\\])? %{GREEDYDATA:message}" - ], - "pattern_definitions": { - "APACHE_LOGLEVEL": "%{LOGLEVEL}[0-9]*", - "APACHE_TIME": "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}" - }, - "ignore_missing": true - } - }, - { - "grok": { - "field": "message", - "patterns": [ - "File does not exist: %{URIPATH:file.path}, referer: %{URI:http.request.referrer}", - "File does not exist: %{URIPATH:file.path}" - ], - "ignore_missing": true, - "ignore_failure": true - } - }, - { - "date": { - "if": "ctx.event.timezone == null", - "field": "apache.error.timestamp", - "target_field": "@timestamp", - "formats": [ - "EEE MMM dd H:m:s yyyy", - "EEE MMM dd H:m:s.SSSSSS yyyy" - ], - "on_failure": [ - { - "append": { - "field": "error.message", - "value": "{{ _ingest.on_failure_message }}" - } - } - ] - } - }, - { - "date": { - "if": "ctx.event.timezone != null", - "field": "apache.error.timestamp", - "target_field": "@timestamp", - "formats": [ - "EEE MMM dd H:m:s yyyy", - "EEE MMM dd H:m:s.SSSSSS yyyy" - ], - "timezone": "{{ event.timezone }}", - "on_failure": [ - { - "append": { - "field": "error.message", - "value": "{{ _ingest.on_failure_message }}" - } - } - ] - } - }, - { - "remove": { - "field": "apache.error.timestamp", - "ignore_failure": true - } - }, - { - "set": { - "field": "event.kind", - "value": "event" - } - }, - { - "set": { - "field": "event.category", - "value": "web" - } - }, - { - "script": { - "if": "ctx?.log?.level != null", - "lang": "painless", - "source": "def err_levels = [\"emerg\", \"alert\", \"crit\", \"error\", \"warn\"]; if (err_levels.contains(ctx.log.level)) {\n ctx.event.type = \"error\";\n} else {\n ctx.event.type = \"info\";\n}" - } - }, - { - "grok": { - "field": "source.address", - "ignore_missing": true, - "patterns": [ - "^(%{IP:source.ip}|%{HOSTNAME:source.domain})$" - ] - } - }, - { - "geoip": { - "field": "source.ip", - "target_field": "source.geo", - "ignore_missing": true - } - }, - { - "geoip": { - "database_file": "GeoLite2-ASN.mmdb", - "field": "source.ip", - "target_field": "source.as", - "properties": [ - "asn", - "organization_name" - ], - "ignore_missing": true - } - }, - { - "rename": { - "field": "source.as.asn", - "target_field": "source.as.number", - "ignore_missing": true - } - }, - { - "rename": { - "field": "source.as.organization_name", - "target_field": "source.as.organization.name", - "ignore_missing": true - } - }, - { - "convert": { - "field": "source.port", - "type": "long", - "ignore_missing": true - } - }, - { - "script": { - "lang": "painless", - "description": "This script processor iterates over the whole document to remove fields with null values.", - "source": "void handleMap(Map map) {\n for (def x : map.values()) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n map.values().removeIf(v -\u003e v == null);\n}\nvoid handleList(List list) {\n for (def x : list) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n}\nhandleMap(ctx);\n" - } - }, - { - "remove": { - "field": "event.original", - "if": "ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))", - "ignore_failure": true, - "ignore_missing": true - } - } - ], - "on_failure": [ - { - "set": { - "field": "error.message", - "value": "{{ _ingest.on_failure_message }}" - } - } - ], - "_meta": { - "managed_by": "fleet", - "managed": true, - "package": { - "name": "apache" - } + "description": "Pipeline for parsing apache error logs", + "processors": [ + { + "pipeline": { + "if": "ctx.message.startsWith('{')", + "name": "logs-apache.error-1.3.6-third-party" + } + }, + { + "set": { + "field": "event.ingested", + "value": "{{_ingest.timestamp}}" + } + }, + { + "set": { + "field": "ecs.version", + "value": "1.12.0" + } + }, + { + "rename": { + "field": "message", + "target_field": "event.original" + } + }, + { + "grok": { + "field": "event.original", + "patterns": [ + "\\[%{APACHE_TIME:apache.error.timestamp}\\] \\[%{LOGLEVEL:log.level}\\]( \\[client %{IPORHOST:source.address}(:%{POSINT:source.port})?\\])? %{GREEDYDATA:message}", + "\\[%{APACHE_TIME:apache.error.timestamp}\\] \\[%{DATA:apache.error.module}:%{APACHE_LOGLEVEL:log.level}\\] \\[pid %{NUMBER:process.pid:long}(:tid %{NUMBER:process.thread.id:long})?\\]( \\[client %{IPORHOST:source.address}(:%{POSINT:source.port})?\\])? %{GREEDYDATA:message}" + ], + "pattern_definitions": { + "APACHE_LOGLEVEL": "%{LOGLEVEL}[0-9]*", + "APACHE_TIME": "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}" + }, + "ignore_missing": true + } + }, + { + "grok": { + "field": "message", + "patterns": [ + "File does not exist: %{URIPATH:file.path}, referer: %{URI:http.request.referrer}", + "File does not exist: %{URIPATH:file.path}" + ], + "ignore_missing": true, + "ignore_failure": true + } + }, + { + "date": { + "if": "ctx.event.timezone == null", + "field": "apache.error.timestamp", + "target_field": "@timestamp", + "formats": [ + "EEE MMM dd H:m:s yyyy", + "EEE MMM dd H:m:s.SSSSSS yyyy" + ], + "on_failure": [ + { + "append": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] + } + }, + { + "date": { + "if": "ctx.event.timezone != null", + "field": "apache.error.timestamp", + "target_field": "@timestamp", + "formats": [ + "EEE MMM dd H:m:s yyyy", + "EEE MMM dd H:m:s.SSSSSS yyyy" + ], + "timezone": "{{ event.timezone }}", + "on_failure": [ + { + "append": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] + } + }, + { + "remove": { + "field": "apache.error.timestamp", + "ignore_failure": true + } + }, + { + "set": { + "field": "event.kind", + "value": "event" + } + }, + { + "set": { + "field": "event.category", + "value": "web" + } + }, + { + "script": { + "if": "ctx?.log?.level != null", + "lang": "painless", + "source": "def err_levels = [\"emerg\", \"alert\", \"crit\", \"error\", \"warn\"]; if (err_levels.contains(ctx.log.level)) {\n ctx.event.type = \"error\";\n} else {\n ctx.event.type = \"info\";\n}" + } + }, + { + "grok": { + "field": "source.address", + "ignore_missing": true, + "patterns": [ + "^(%{IP:source.ip}|%{HOSTNAME:source.domain})$" + ] + } + }, + { + "geoip": { + "field": "source.ip", + "target_field": "source.geo", + "ignore_missing": true + } + }, + { + "geoip": { + "database_file": "GeoLite2-ASN.mmdb", + "field": "source.ip", + "target_field": "source.as", + "properties": [ + "asn", + "organization_name" + ], + "ignore_missing": true + } + }, + { + "rename": { + "field": "source.as.asn", + "target_field": "source.as.number", + "ignore_missing": true + } + }, + { + "rename": { + "field": "source.as.organization_name", + "target_field": "source.as.organization.name", + "ignore_missing": true + } + }, + { + "convert": { + "field": "source.port", + "type": "long", + "ignore_missing": true + } + }, + { + "script": { + "lang": "painless", + "description": "This script processor iterates over the whole document to remove fields with null values.", + "source": "void handleMap(Map map) {\n for (def x : map.values()) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n map.values().removeIf(v -> v == null);\n}\nvoid handleList(List list) {\n for (def x : list) {\n if (x instanceof Map) {\n handleMap(x);\n } else if (x instanceof List) {\n handleList(x);\n }\n }\n}\nhandleMap(ctx);\n" + } + }, + { + "remove": { + "field": "event.original", + "if": "ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))", + "ignore_failure": true, + "ignore_missing": true + } + } + ], + "on_failure": [ + { + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ], + "_meta": { + "managed_by": "fleet", + "managed": true, + "package": { + "name": "apache" } + } } \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-dump/agentpolicy/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e.json b/internal/dump/testdata/fleet-7-dump/agentpolicy/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e.json index 09dba2f7d..e76912f49 100644 --- a/internal/dump/testdata/fleet-7-dump/agentpolicy/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e.json +++ b/internal/dump/testdata/fleet-7-dump/agentpolicy/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e.json @@ -1,77 +1,77 @@ { - "id": "499b5aa7-d214-5b5d-838b-3cd76469844e", - "namespace": "default", - "monitoring_enabled": [ - "logs", - "metrics" - ], - "name": "Default Fleet Server policy", - "description": "Default Fleet Server agent policy created by Kibana", - "is_default": false, - "is_default_fleet_server": true, - "is_preconfigured": true, - "status": "active", - "is_managed": false, - "revision": 2, - "updated_at": "2022-06-27T19:19:42.793Z", - "updated_by": "system", - "package_policies": [ + "id": "499b5aa7-d214-5b5d-838b-3cd76469844e", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "name": "Default Fleet Server policy", + "description": "Default Fleet Server agent policy created by Kibana", + "is_default": false, + "is_default_fleet_server": true, + "is_preconfigured": true, + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T19:19:42.793Z", + "updated_by": "system", + "package_policies": [ + { + "id": "default-fleet-server-agent-policy", + "version": "WzYxOSwxXQ==", + "name": "fleet_server-1", + "namespace": "default", + "package": { + "name": "fleet_server", + "title": "Fleet Server", + "version": "1.2.0" + }, + "enabled": true, + "policy_id": "499b5aa7-d214-5b5d-838b-3cd76469844e", + "output_id": "fleet-default-output", + "inputs": [ { - "id": "default-fleet-server-agent-policy", - "version": "WzYxOSwxXQ==", - "name": "fleet_server-1", - "namespace": "default", - "package": { - "name": "fleet_server", - "title": "Fleet Server", - "version": "1.2.0" + "type": "fleet-server", + "policy_template": "fleet_server", + "enabled": true, + "streams": [], + "vars": { + "host": { + "value": [ + "0.0.0.0" + ], + "type": "text" }, - "enabled": true, - "policy_id": "499b5aa7-d214-5b5d-838b-3cd76469844e", - "output_id": "fleet-default-output", - "inputs": [ - { - "type": "fleet-server", - "policy_template": "fleet_server", - "enabled": true, - "streams": [], - "vars": { - "host": { - "value": [ - "0.0.0.0" - ], - "type": "text" - }, - "port": { - "value": [ - 8220 - ], - "type": "integer" - }, - "max_agents": { - "type": "integer" - }, - "max_connections": { - "type": "integer" - }, - "custom": { - "value": "", - "type": "yaml" - } - }, - "compiled_input": { - "server": { - "port": 8220, - "host": "0.0.0.0" - } - } - } - ], - "revision": 1, - "created_at": "2022-06-27T19:19:41.976Z", - "created_by": "system", - "updated_at": "2022-06-27T19:19:41.976Z", - "updated_by": "system" + "port": { + "value": [ + 8220 + ], + "type": "integer" + }, + "max_agents": { + "type": "integer" + }, + "max_connections": { + "type": "integer" + }, + "custom": { + "value": "", + "type": "yaml" + } + }, + "compiled_input": { + "server": { + "port": 8220, + "host": "0.0.0.0" + } + } } - ] + ], + "revision": 1, + "created_at": "2022-06-27T19:19:41.976Z", + "created_by": "system", + "updated_at": "2022-06-27T19:19:41.976Z", + "updated_by": "system" + } + ] } \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-dump/all/agent_policies/2016d7cc-135e-5583-9758-3ba01f5a06e5.json b/internal/dump/testdata/fleet-7-dump/all/agent_policies/2016d7cc-135e-5583-9758-3ba01f5a06e5.json index c04f04d89..006683e24 100644 --- a/internal/dump/testdata/fleet-7-dump/all/agent_policies/2016d7cc-135e-5583-9758-3ba01f5a06e5.json +++ b/internal/dump/testdata/fleet-7-dump/all/agent_policies/2016d7cc-135e-5583-9758-3ba01f5a06e5.json @@ -1,676 +1,676 @@ { - "id": "2016d7cc-135e-5583-9758-3ba01f5a06e5", - "namespace": "default", - "monitoring_enabled": [ - "logs", - "metrics" - ], - "name": "Default policy", - "description": "Default agent policy created by Kibana", - "is_default": true, - "is_preconfigured": true, - "status": "active", - "is_managed": false, - "revision": 2, - "updated_at": "2022-06-27T19:19:39.755Z", - "updated_by": "system", - "package_policies": [ + "id": "2016d7cc-135e-5583-9758-3ba01f5a06e5", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "name": "Default policy", + "description": "Default agent policy created by Kibana", + "is_default": true, + "is_preconfigured": true, + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T19:19:39.755Z", + "updated_by": "system", + "package_policies": [ + { + "id": "default-system-policy", + "version": "WzYxNywxXQ==", + "name": "system-1", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.11.0" + }, + "enabled": true, + "policy_id": "2016d7cc-135e-5583-9758-3ba01f5a06e5", + "output_id": "fleet-default-output", + "inputs": [ { - "id": "default-system-policy", - "version": "WzYxNywxXQ==", - "name": "system-1", - "namespace": "default", - "package": { - "name": "system", - "title": "System", - "version": "1.11.0" + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-default-system-policy", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-default-system-policy", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-default-system-policy", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-default-system-policy", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } }, - "enabled": true, - "policy_id": "2016d7cc-135e-5583-9758-3ba01f5a06e5", - "output_id": "fleet-default-output", - "inputs": [ - { - "type": "logfile", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.auth" - }, - "vars": { - "paths": { - "value": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "type": "text" - } - }, - "id": "logfile-system.auth-default-system-policy", - "compiled_stream": { - "paths": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.syslog" - }, - "vars": { - "paths": { - "value": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "type": "text" - } - }, - "id": "logfile-system.syslog-default-system-policy", - "compiled_stream": { - "paths": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "winlog", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.application-default-system-policy", - "compiled_stream": { - "name": "Application", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.security-default-system-policy", - "compiled_stream": { - "name": "Security", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.system-default-system-policy", - "compiled_stream": { - "name": "System", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - } - ] - }, - { - "type": "system/metrics", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "metrics", - "dataset": "system.core" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "core.metrics": { - "value": [ - "percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.core-default-system-policy" - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.cpu" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "cpu.metrics": { - "value": [ - "percentages", - "normalized_percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.cpu-default-system-policy", - "compiled_stream": { - "metricsets": [ - "cpu" - ], - "cpu.metrics": [ - "percentages", - "normalized_percentages" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.diskio" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "diskio.include_devices": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.diskio-default-system-policy", - "compiled_stream": { - "metricsets": [ - "diskio" - ], - "diskio.include_devices": null, - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.filesystem" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" - }, - "processors": { - "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - }, - "filesystem.ignore_types": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.filesystem-default-system-policy", - "compiled_stream": { - "metricsets": [ - "filesystem" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" - } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.fsstat" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" - }, - "processors": { - "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - } - }, - "id": "system/metrics-system.fsstat-default-system-policy", - "compiled_stream": { - "metricsets": [ - "fsstat" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" - } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.load" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.load-default-system-policy", - "compiled_stream": { - "metricsets": [ - "load" - ], - "condition": "${host.platform} != 'windows'", - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.memory" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.memory-default-system-policy", - "compiled_stream": { - "metricsets": [ - "memory" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.network" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "network.interfaces": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.network-default-system-policy", - "compiled_stream": { - "metricsets": [ - "network" - ], - "period": "10s", - "network.interfaces": null - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "process.include_top_n.by_cpu": { - "value": 5, - "type": "integer" - }, - "process.include_top_n.by_memory": { - "value": 5, - "type": "integer" - }, - "process.cmdline.cache.enabled": { - "value": true, - "type": "bool" - }, - "process.cgroups.enabled": { - "value": false, - "type": "bool" - }, - "process.env.whitelist": { - "value": [], - "type": "text" - }, - "process.include_cpu_ticks": { - "value": false, - "type": "bool" - }, - "processes": { - "value": [ - ".*" - ], - "type": "text" - } - }, - "id": "system/metrics-system.process-default-system-policy", - "compiled_stream": { - "metricsets": [ - "process" - ], - "period": "10s", - "process.include_top_n.by_cpu": 5, - "process.include_top_n.by_memory": 5, - "process.cmdline.cache.enabled": true, - "process.cgroups.enabled": false, - "process.include_cpu_ticks": false, - "processes": [ - ".*" - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process.summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.process.summary-default-system-policy", - "compiled_stream": { - "metricsets": [ - "process_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.socket_summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.socket_summary-default-system-policy", - "compiled_stream": { - "metricsets": [ - "socket_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.uptime" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.uptime-default-system-policy", - "compiled_stream": { - "metricsets": [ - "uptime" - ], - "period": "10s" - } - } - ], - "vars": { - "system.hostfs": { - "type": "text" - } + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-default-system-policy", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-default-system-policy" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-default-system-policy", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-default-system-policy", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-default-system-policy", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" }, - { - "type": "httpjson", - "policy_template": "system", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Application\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.application-default-system-policy" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Security\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.security-default-system-policy" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:System\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.system-default-system-policy" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-default-system-policy", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-default-system-policy", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-default-system-policy", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-default-system-policy", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-default-system-policy", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-default-system-policy", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" } - ], - "revision": 1, - "created_at": "2022-06-27T19:19:38.837Z", - "created_by": "system", - "updated_at": "2022-06-27T19:19:38.837Z", - "updated_by": "system" + }, + "id": "system/metrics-system.socket_summary-default-system-policy", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-default-system-policy", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-default-system-policy" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-default-system-policy" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-default-system-policy" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } } - ], - "agents": 1 + ], + "revision": 1, + "created_at": "2022-06-27T19:19:38.837Z", + "created_by": "system", + "updated_at": "2022-06-27T19:19:38.837Z", + "updated_by": "system" + } + ], + "agents": 1 } \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-dump/all/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e.json b/internal/dump/testdata/fleet-7-dump/all/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e.json index 7554f3180..8a268d4b8 100644 --- a/internal/dump/testdata/fleet-7-dump/all/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e.json +++ b/internal/dump/testdata/fleet-7-dump/all/agent_policies/499b5aa7-d214-5b5d-838b-3cd76469844e.json @@ -1,78 +1,78 @@ { - "id": "499b5aa7-d214-5b5d-838b-3cd76469844e", - "namespace": "default", - "monitoring_enabled": [ - "logs", - "metrics" - ], - "name": "Default Fleet Server policy", - "description": "Default Fleet Server agent policy created by Kibana", - "is_default": false, - "is_default_fleet_server": true, - "is_preconfigured": true, - "status": "active", - "is_managed": false, - "revision": 2, - "updated_at": "2022-06-27T19:19:42.793Z", - "updated_by": "system", - "package_policies": [ + "id": "499b5aa7-d214-5b5d-838b-3cd76469844e", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "name": "Default Fleet Server policy", + "description": "Default Fleet Server agent policy created by Kibana", + "is_default": false, + "is_default_fleet_server": true, + "is_preconfigured": true, + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T19:19:42.793Z", + "updated_by": "system", + "package_policies": [ + { + "id": "default-fleet-server-agent-policy", + "version": "WzYxOSwxXQ==", + "name": "fleet_server-1", + "namespace": "default", + "package": { + "name": "fleet_server", + "title": "Fleet Server", + "version": "1.2.0" + }, + "enabled": true, + "policy_id": "499b5aa7-d214-5b5d-838b-3cd76469844e", + "output_id": "fleet-default-output", + "inputs": [ { - "id": "default-fleet-server-agent-policy", - "version": "WzYxOSwxXQ==", - "name": "fleet_server-1", - "namespace": "default", - "package": { - "name": "fleet_server", - "title": "Fleet Server", - "version": "1.2.0" + "type": "fleet-server", + "policy_template": "fleet_server", + "enabled": true, + "streams": [], + "vars": { + "host": { + "value": [ + "0.0.0.0" + ], + "type": "text" }, - "enabled": true, - "policy_id": "499b5aa7-d214-5b5d-838b-3cd76469844e", - "output_id": "fleet-default-output", - "inputs": [ - { - "type": "fleet-server", - "policy_template": "fleet_server", - "enabled": true, - "streams": [], - "vars": { - "host": { - "value": [ - "0.0.0.0" - ], - "type": "text" - }, - "port": { - "value": [ - 8220 - ], - "type": "integer" - }, - "max_agents": { - "type": "integer" - }, - "max_connections": { - "type": "integer" - }, - "custom": { - "value": "", - "type": "yaml" - } - }, - "compiled_input": { - "server": { - "port": 8220, - "host": "0.0.0.0" - } - } - } - ], - "revision": 1, - "created_at": "2022-06-27T19:19:41.976Z", - "created_by": "system", - "updated_at": "2022-06-27T19:19:41.976Z", - "updated_by": "system" + "port": { + "value": [ + 8220 + ], + "type": "integer" + }, + "max_agents": { + "type": "integer" + }, + "max_connections": { + "type": "integer" + }, + "custom": { + "value": "", + "type": "yaml" + } + }, + "compiled_input": { + "server": { + "port": 8220, + "host": "0.0.0.0" + } + } } - ], - "agents": 1 + ], + "revision": 1, + "created_at": "2022-06-27T19:19:41.976Z", + "created_by": "system", + "updated_at": "2022-06-27T19:19:41.976Z", + "updated_by": "system" + } + ], + "agents": 1 } \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-dump/all/agent_policies/b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json b/internal/dump/testdata/fleet-7-dump/all/agent_policies/b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json index 8aff8089b..9dfdad45e 100644 --- a/internal/dump/testdata/fleet-7-dump/all/agent_policies/b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json +++ b/internal/dump/testdata/fleet-7-dump/all/agent_policies/b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json @@ -1,931 +1,931 @@ { - "id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", - "name": "HTTP servers", - "description": "", - "namespace": "default", - "monitoring_enabled": [ - "logs", - "metrics" - ], - "status": "active", - "is_managed": false, - "revision": 2, - "updated_at": "2022-06-27T19:24:39.501Z", - "updated_by": "elastic", - "package_policies": [ + "id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", + "name": "HTTP servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T19:24:39.501Z", + "updated_by": "elastic", + "package_policies": [ + { + "id": "7a0e17cf-e39e-4846-911d-c1e4322ff358", + "version": "Wzg4OSwxXQ==", + "name": "system-2", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.11.0" + }, + "enabled": true, + "policy_id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", + "output_id": "fleet-default-output", + "inputs": [ { - "id": "7a0e17cf-e39e-4846-911d-c1e4322ff358", - "version": "Wzg4OSwxXQ==", - "name": "system-2", - "namespace": "default", - "package": { - "name": "system", - "title": "System", - "version": "1.11.0" + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } }, - "enabled": true, - "policy_id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", - "output_id": "fleet-default-output", - "inputs": [ - { - "type": "logfile", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.auth" - }, - "vars": { - "paths": { - "value": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "type": "text" - } - }, - "id": "logfile-system.auth-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "paths": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.syslog" - }, - "vars": { - "paths": { - "value": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "type": "text" - } - }, - "id": "logfile-system.syslog-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "paths": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "winlog", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "name": "Application", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "name": "Security", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "name": "System", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - } - ] - }, - { - "type": "system/metrics", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "metrics", - "dataset": "system.core" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "core.metrics": { - "value": [ - "percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.core-7a0e17cf-e39e-4846-911d-c1e4322ff358" - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.cpu" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "cpu.metrics": { - "value": [ - "percentages", - "normalized_percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.cpu-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "cpu" - ], - "cpu.metrics": [ - "percentages", - "normalized_percentages" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.diskio" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "diskio.include_devices": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.diskio-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "diskio" - ], - "diskio.include_devices": null, - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.filesystem" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" - }, - "processors": { - "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - }, - "filesystem.ignore_types": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.filesystem-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "filesystem" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" - } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.fsstat" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" - }, - "processors": { - "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - } - }, - "id": "system/metrics-system.fsstat-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "fsstat" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" - } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.load" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.load-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "load" - ], - "condition": "${host.platform} != 'windows'", - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.memory" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.memory-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "memory" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.network" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "network.interfaces": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.network-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "network" - ], - "period": "10s", - "network.interfaces": null - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "process.include_top_n.by_cpu": { - "value": 5, - "type": "integer" - }, - "process.include_top_n.by_memory": { - "value": 5, - "type": "integer" - }, - "process.cmdline.cache.enabled": { - "value": true, - "type": "bool" - }, - "process.cgroups.enabled": { - "value": false, - "type": "bool" - }, - "process.env.whitelist": { - "value": [], - "type": "text" - }, - "process.include_cpu_ticks": { - "value": false, - "type": "bool" - }, - "processes": { - "value": [ - ".*" - ], - "type": "text" - } - }, - "id": "system/metrics-system.process-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "process" - ], - "period": "10s", - "process.include_top_n.by_cpu": 5, - "process.include_top_n.by_memory": 5, - "process.cmdline.cache.enabled": true, - "process.cgroups.enabled": false, - "process.include_cpu_ticks": false, - "processes": [ - ".*" - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process.summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.process.summary-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "process_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.socket_summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.socket_summary-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "socket_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.uptime" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.uptime-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "uptime" - ], - "period": "10s" - } - } - ], - "vars": { - "system.hostfs": { - "type": "text" - } - } + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" }, - { - "type": "httpjson", - "policy_template": "system", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Application\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Security\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:System\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } - } + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" } - ], - "revision": 1, - "created_at": "2022-06-27T19:24:09.017Z", - "created_by": "elastic", - "updated_at": "2022-06-27T19:24:09.017Z", - "updated_by": "elastic" + }, + "id": "winlog-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] }, { - "id": "95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", - "version": "Wzk5NSwxXQ==", - "name": "nginx-http-servers-test", - "description": "", - "namespace": "default", - "policy_id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", - "enabled": true, - "output_id": "", - "inputs": [ - { - "type": "logfile", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/access.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", - "compiled_stream": { - "paths": [ - "/var/log/nginx/access.log*" - ], - "tags": [ - "nginx-access" - ], - "exclude_files": [ - ".gz$" - ], - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/error.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", - "compiled_stream": { - "paths": [ - "/var/log/nginx/error.log*" - ], - "tags": [ - "nginx-error" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", - "negate": true, - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "httpjson", - "policy_template": "nginx", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:access", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "httpjson-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:error", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "httpjson-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-7a0e17cf-e39e-4846-911d-c1e4322ff358" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" }, - { - "type": "nginx/metrics", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "nginx.stubstatus" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "server_status_path": { - "value": "/nginx_status", - "type": "text" - } - }, - "id": "nginx/metrics-nginx.stubstatus-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", - "compiled_stream": { - "metricsets": [ - "stubstatus" - ], - "hosts": [ - "http://127.0.0.1:80" - ], - "period": "10s", - "server_status_path": "/nginx_status" - } - } - ], - "vars": { - "hosts": { - "value": [ - "http://127.0.0.1:80" - ], - "type": "text" - } + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" } - ], - "package": { - "name": "nginx", - "title": "Nginx", - "version": "1.3.2" + }, + "id": "system/metrics-system.process-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } }, - "revision": 1, - "created_at": "2022-06-27T19:24:38.498Z", - "created_by": "elastic", - "updated_at": "2022-06-27T19:24:38.498Z", - "updated_by": "elastic" + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T19:24:09.017Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:24:09.017Z", + "updated_by": "elastic" + }, + { + "id": "95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "version": "Wzk5NSwxXQ==", + "name": "nginx-http-servers-test", + "description": "", + "namespace": "default", + "policy_id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", + "enabled": true, + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + }, + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" + } + }, + "id": "nginx/metrics-nginx.stubstatus-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } } - ], - "agents": 0 + ], + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.3.2" + }, + "revision": 1, + "created_at": "2022-06-27T19:24:38.498Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:24:38.498Z", + "updated_by": "elastic" + } + ], + "agents": 0 } \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-dump/all/agent_policies/edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json b/internal/dump/testdata/fleet-7-dump/all/agent_policies/edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json index 0e77a8d21..3accc582b 100644 --- a/internal/dump/testdata/fleet-7-dump/all/agent_policies/edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json +++ b/internal/dump/testdata/fleet-7-dump/all/agent_policies/edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json @@ -1,931 +1,931 @@ { - "id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", - "name": "Load Balancers Servers", - "description": "", - "namespace": "default", - "monitoring_enabled": [ - "logs", - "metrics" - ], - "status": "active", - "is_managed": false, - "revision": 2, - "updated_at": "2022-06-27T19:26:16.891Z", - "updated_by": "elastic", - "package_policies": [ + "id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", + "name": "Load Balancers Servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T19:26:16.891Z", + "updated_by": "elastic", + "package_policies": [ + { + "id": "0483a039-2f91-4d47-b43c-4623cadd5f27", + "version": "WzEyNTcsMV0=", + "name": "system-3", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.11.0" + }, + "enabled": true, + "policy_id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", + "output_id": "fleet-default-output", + "inputs": [ { - "id": "0483a039-2f91-4d47-b43c-4623cadd5f27", - "version": "WzEyNTcsMV0=", - "name": "system-3", - "namespace": "default", - "package": { - "name": "system", - "title": "System", - "version": "1.11.0" + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } }, - "enabled": true, - "policy_id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", - "output_id": "fleet-default-output", - "inputs": [ - { - "type": "logfile", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.auth" - }, - "vars": { - "paths": { - "value": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "type": "text" - } - }, - "id": "logfile-system.auth-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "paths": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.syslog" - }, - "vars": { - "paths": { - "value": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "type": "text" - } - }, - "id": "logfile-system.syslog-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "paths": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "winlog", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "name": "Application", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "name": "Security", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "name": "System", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - } - ] - }, - { - "type": "system/metrics", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "metrics", - "dataset": "system.core" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "core.metrics": { - "value": [ - "percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.core-0483a039-2f91-4d47-b43c-4623cadd5f27" - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.cpu" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "cpu.metrics": { - "value": [ - "percentages", - "normalized_percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.cpu-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "cpu" - ], - "cpu.metrics": [ - "percentages", - "normalized_percentages" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.diskio" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "diskio.include_devices": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.diskio-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "diskio" - ], - "diskio.include_devices": null, - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.filesystem" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" - }, - "processors": { - "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - }, - "filesystem.ignore_types": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.filesystem-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "filesystem" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" - } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.fsstat" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" - }, - "processors": { - "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - } - }, - "id": "system/metrics-system.fsstat-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "fsstat" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" - } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.load" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.load-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "load" - ], - "condition": "${host.platform} != 'windows'", - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.memory" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.memory-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "memory" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.network" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "network.interfaces": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.network-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "network" - ], - "period": "10s", - "network.interfaces": null - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "process.include_top_n.by_cpu": { - "value": 5, - "type": "integer" - }, - "process.include_top_n.by_memory": { - "value": 5, - "type": "integer" - }, - "process.cmdline.cache.enabled": { - "value": true, - "type": "bool" - }, - "process.cgroups.enabled": { - "value": false, - "type": "bool" - }, - "process.env.whitelist": { - "value": [], - "type": "text" - }, - "process.include_cpu_ticks": { - "value": false, - "type": "bool" - }, - "processes": { - "value": [ - ".*" - ], - "type": "text" - } - }, - "id": "system/metrics-system.process-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "process" - ], - "period": "10s", - "process.include_top_n.by_cpu": 5, - "process.include_top_n.by_memory": 5, - "process.cmdline.cache.enabled": true, - "process.cgroups.enabled": false, - "process.include_cpu_ticks": false, - "processes": [ - ".*" - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process.summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.process.summary-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "process_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.socket_summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.socket_summary-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "socket_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.uptime" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.uptime-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "uptime" - ], - "period": "10s" - } - } - ], - "vars": { - "system.hostfs": { - "type": "text" - } - } + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" }, - { - "type": "httpjson", - "policy_template": "system", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Application\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Security\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:System\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } - } + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" } - ], - "revision": 1, - "created_at": "2022-06-27T19:25:42.095Z", - "created_by": "elastic", - "updated_at": "2022-06-27T19:25:42.095Z", - "updated_by": "elastic" + }, + "id": "winlog-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] }, { - "id": "c864461b-b8d3-48e0-b477-7954434078b5", - "version": "WzE1MTgsMV0=", - "name": "nginx-load-balancers-testt", - "description": "", - "namespace": "default", - "policy_id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", - "enabled": true, - "output_id": "", - "inputs": [ - { - "type": "logfile", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/access.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5", - "compiled_stream": { - "paths": [ - "/var/log/nginx/access.log*" - ], - "tags": [ - "nginx-access" - ], - "exclude_files": [ - ".gz$" - ], - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/error.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5", - "compiled_stream": { - "paths": [ - "/var/log/nginx/error.log*" - ], - "tags": [ - "nginx-error" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", - "negate": true, - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "httpjson", - "policy_template": "nginx", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:access", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "httpjson-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:error", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "httpjson-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-0483a039-2f91-4d47-b43c-4623cadd5f27" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" }, - { - "type": "nginx/metrics", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "nginx.stubstatus" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "server_status_path": { - "value": "/nginx_status", - "type": "text" - } - }, - "id": "nginx/metrics-nginx.stubstatus-c864461b-b8d3-48e0-b477-7954434078b5", - "compiled_stream": { - "metricsets": [ - "stubstatus" - ], - "hosts": [ - "http://127.0.0.1:80" - ], - "period": "10s", - "server_status_path": "/nginx_status" - } - } - ], - "vars": { - "hosts": { - "value": [ - "http://127.0.0.1:80" - ], - "type": "text" - } + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" } - ], - "package": { - "name": "nginx", - "title": "Nginx", - "version": "1.3.2" + }, + "id": "system/metrics-system.process-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } }, - "revision": 1, - "created_at": "2022-06-27T19:26:16.169Z", - "created_by": "elastic", - "updated_at": "2022-06-27T19:26:16.169Z", - "updated_by": "elastic" + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T19:25:42.095Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:25:42.095Z", + "updated_by": "elastic" + }, + { + "id": "c864461b-b8d3-48e0-b477-7954434078b5", + "version": "WzE1MTgsMV0=", + "name": "nginx-load-balancers-testt", + "description": "", + "namespace": "default", + "policy_id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", + "enabled": true, + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + }, + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" + } + }, + "id": "nginx/metrics-nginx.stubstatus-c864461b-b8d3-48e0-b477-7954434078b5", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } } - ], - "agents": 0 + ], + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.3.2" + }, + "revision": 1, + "created_at": "2022-06-27T19:26:16.169Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:26:16.169Z", + "updated_by": "elastic" + } + ], + "agents": 0 } \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-dump/package/agent_policies/b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json b/internal/dump/testdata/fleet-7-dump/package/agent_policies/b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json index 8aff8089b..9dfdad45e 100644 --- a/internal/dump/testdata/fleet-7-dump/package/agent_policies/b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json +++ b/internal/dump/testdata/fleet-7-dump/package/agent_policies/b57023b0-f64e-11ec-acb0-0b2e9206fdb0.json @@ -1,931 +1,931 @@ { - "id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", - "name": "HTTP servers", - "description": "", - "namespace": "default", - "monitoring_enabled": [ - "logs", - "metrics" - ], - "status": "active", - "is_managed": false, - "revision": 2, - "updated_at": "2022-06-27T19:24:39.501Z", - "updated_by": "elastic", - "package_policies": [ + "id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", + "name": "HTTP servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T19:24:39.501Z", + "updated_by": "elastic", + "package_policies": [ + { + "id": "7a0e17cf-e39e-4846-911d-c1e4322ff358", + "version": "Wzg4OSwxXQ==", + "name": "system-2", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.11.0" + }, + "enabled": true, + "policy_id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", + "output_id": "fleet-default-output", + "inputs": [ { - "id": "7a0e17cf-e39e-4846-911d-c1e4322ff358", - "version": "Wzg4OSwxXQ==", - "name": "system-2", - "namespace": "default", - "package": { - "name": "system", - "title": "System", - "version": "1.11.0" + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } }, - "enabled": true, - "policy_id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", - "output_id": "fleet-default-output", - "inputs": [ - { - "type": "logfile", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.auth" - }, - "vars": { - "paths": { - "value": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "type": "text" - } - }, - "id": "logfile-system.auth-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "paths": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.syslog" - }, - "vars": { - "paths": { - "value": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "type": "text" - } - }, - "id": "logfile-system.syslog-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "paths": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "winlog", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "name": "Application", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "name": "Security", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "name": "System", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - } - ] - }, - { - "type": "system/metrics", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "metrics", - "dataset": "system.core" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "core.metrics": { - "value": [ - "percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.core-7a0e17cf-e39e-4846-911d-c1e4322ff358" - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.cpu" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "cpu.metrics": { - "value": [ - "percentages", - "normalized_percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.cpu-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "cpu" - ], - "cpu.metrics": [ - "percentages", - "normalized_percentages" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.diskio" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "diskio.include_devices": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.diskio-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "diskio" - ], - "diskio.include_devices": null, - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.filesystem" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" - }, - "processors": { - "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - }, - "filesystem.ignore_types": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.filesystem-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "filesystem" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" - } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.fsstat" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" - }, - "processors": { - "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - } - }, - "id": "system/metrics-system.fsstat-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "fsstat" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" - } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.load" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.load-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "load" - ], - "condition": "${host.platform} != 'windows'", - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.memory" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.memory-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "memory" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.network" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "network.interfaces": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.network-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "network" - ], - "period": "10s", - "network.interfaces": null - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "process.include_top_n.by_cpu": { - "value": 5, - "type": "integer" - }, - "process.include_top_n.by_memory": { - "value": 5, - "type": "integer" - }, - "process.cmdline.cache.enabled": { - "value": true, - "type": "bool" - }, - "process.cgroups.enabled": { - "value": false, - "type": "bool" - }, - "process.env.whitelist": { - "value": [], - "type": "text" - }, - "process.include_cpu_ticks": { - "value": false, - "type": "bool" - }, - "processes": { - "value": [ - ".*" - ], - "type": "text" - } - }, - "id": "system/metrics-system.process-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "process" - ], - "period": "10s", - "process.include_top_n.by_cpu": 5, - "process.include_top_n.by_memory": 5, - "process.cmdline.cache.enabled": true, - "process.cgroups.enabled": false, - "process.include_cpu_ticks": false, - "processes": [ - ".*" - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process.summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.process.summary-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "process_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.socket_summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.socket_summary-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "socket_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.uptime" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.uptime-7a0e17cf-e39e-4846-911d-c1e4322ff358", - "compiled_stream": { - "metricsets": [ - "uptime" - ], - "period": "10s" - } - } - ], - "vars": { - "system.hostfs": { - "type": "text" - } - } + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" }, - { - "type": "httpjson", - "policy_template": "system", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Application\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Security\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:System\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } - } + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" } - ], - "revision": 1, - "created_at": "2022-06-27T19:24:09.017Z", - "created_by": "elastic", - "updated_at": "2022-06-27T19:24:09.017Z", - "updated_by": "elastic" + }, + "id": "winlog-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] }, { - "id": "95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", - "version": "Wzk5NSwxXQ==", - "name": "nginx-http-servers-test", - "description": "", - "namespace": "default", - "policy_id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", - "enabled": true, - "output_id": "", - "inputs": [ - { - "type": "logfile", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/access.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", - "compiled_stream": { - "paths": [ - "/var/log/nginx/access.log*" - ], - "tags": [ - "nginx-access" - ], - "exclude_files": [ - ".gz$" - ], - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/error.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", - "compiled_stream": { - "paths": [ - "/var/log/nginx/error.log*" - ], - "tags": [ - "nginx-error" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", - "negate": true, - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "httpjson", - "policy_template": "nginx", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:access", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "httpjson-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:error", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "httpjson-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-7a0e17cf-e39e-4846-911d-c1e4322ff358" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" }, - { - "type": "nginx/metrics", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "nginx.stubstatus" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "server_status_path": { - "value": "/nginx_status", - "type": "text" - } - }, - "id": "nginx/metrics-nginx.stubstatus-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", - "compiled_stream": { - "metricsets": [ - "stubstatus" - ], - "hosts": [ - "http://127.0.0.1:80" - ], - "period": "10s", - "server_status_path": "/nginx_status" - } - } - ], - "vars": { - "hosts": { - "value": [ - "http://127.0.0.1:80" - ], - "type": "text" - } + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" } - ], - "package": { - "name": "nginx", - "title": "Nginx", - "version": "1.3.2" + }, + "id": "system/metrics-system.process-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } }, - "revision": 1, - "created_at": "2022-06-27T19:24:38.498Z", - "created_by": "elastic", - "updated_at": "2022-06-27T19:24:38.498Z", - "updated_by": "elastic" + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-7a0e17cf-e39e-4846-911d-c1e4322ff358", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-7a0e17cf-e39e-4846-911d-c1e4322ff358" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-7a0e17cf-e39e-4846-911d-c1e4322ff358" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-7a0e17cf-e39e-4846-911d-c1e4322ff358" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T19:24:09.017Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:24:09.017Z", + "updated_by": "elastic" + }, + { + "id": "95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "version": "Wzk5NSwxXQ==", + "name": "nginx-http-servers-test", + "description": "", + "namespace": "default", + "policy_id": "b57023b0-f64e-11ec-acb0-0b2e9206fdb0", + "enabled": true, + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + }, + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" + } + }, + "id": "nginx/metrics-nginx.stubstatus-95aa181b-0ab8-4ce0-ac0a-c5e3f629c1f4", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } } - ], - "agents": 0 + ], + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.3.2" + }, + "revision": 1, + "created_at": "2022-06-27T19:24:38.498Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:24:38.498Z", + "updated_by": "elastic" + } + ], + "agents": 0 } \ No newline at end of file diff --git a/internal/dump/testdata/fleet-7-dump/package/agent_policies/edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json b/internal/dump/testdata/fleet-7-dump/package/agent_policies/edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json index 0e77a8d21..3accc582b 100644 --- a/internal/dump/testdata/fleet-7-dump/package/agent_policies/edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json +++ b/internal/dump/testdata/fleet-7-dump/package/agent_policies/edf437d0-f64e-11ec-acb0-0b2e9206fdb0.json @@ -1,931 +1,931 @@ { - "id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", - "name": "Load Balancers Servers", - "description": "", - "namespace": "default", - "monitoring_enabled": [ - "logs", - "metrics" - ], - "status": "active", - "is_managed": false, - "revision": 2, - "updated_at": "2022-06-27T19:26:16.891Z", - "updated_by": "elastic", - "package_policies": [ + "id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", + "name": "Load Balancers Servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T19:26:16.891Z", + "updated_by": "elastic", + "package_policies": [ + { + "id": "0483a039-2f91-4d47-b43c-4623cadd5f27", + "version": "WzEyNTcsMV0=", + "name": "system-3", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.11.0" + }, + "enabled": true, + "policy_id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", + "output_id": "fleet-default-output", + "inputs": [ { - "id": "0483a039-2f91-4d47-b43c-4623cadd5f27", - "version": "WzEyNTcsMV0=", - "name": "system-3", - "namespace": "default", - "package": { - "name": "system", - "title": "System", - "version": "1.11.0" + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } }, - "enabled": true, - "policy_id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", - "output_id": "fleet-default-output", - "inputs": [ - { - "type": "logfile", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.auth" - }, - "vars": { - "paths": { - "value": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "type": "text" - } - }, - "id": "logfile-system.auth-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "paths": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.syslog" - }, - "vars": { - "paths": { - "value": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "type": "text" - } - }, - "id": "logfile-system.syslog-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "paths": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "winlog", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "name": "Application", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "name": "Security", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "name": "System", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - } - ] - }, - { - "type": "system/metrics", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "metrics", - "dataset": "system.core" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "core.metrics": { - "value": [ - "percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.core-0483a039-2f91-4d47-b43c-4623cadd5f27" - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.cpu" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "cpu.metrics": { - "value": [ - "percentages", - "normalized_percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.cpu-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "cpu" - ], - "cpu.metrics": [ - "percentages", - "normalized_percentages" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.diskio" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "diskio.include_devices": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.diskio-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "diskio" - ], - "diskio.include_devices": null, - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.filesystem" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" - }, - "processors": { - "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - }, - "filesystem.ignore_types": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.filesystem-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "filesystem" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" - } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.fsstat" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" - }, - "processors": { - "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - } - }, - "id": "system/metrics-system.fsstat-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "fsstat" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" - } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.load" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.load-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "load" - ], - "condition": "${host.platform} != 'windows'", - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.memory" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.memory-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "memory" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.network" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "network.interfaces": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.network-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "network" - ], - "period": "10s", - "network.interfaces": null - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "process.include_top_n.by_cpu": { - "value": 5, - "type": "integer" - }, - "process.include_top_n.by_memory": { - "value": 5, - "type": "integer" - }, - "process.cmdline.cache.enabled": { - "value": true, - "type": "bool" - }, - "process.cgroups.enabled": { - "value": false, - "type": "bool" - }, - "process.env.whitelist": { - "value": [], - "type": "text" - }, - "process.include_cpu_ticks": { - "value": false, - "type": "bool" - }, - "processes": { - "value": [ - ".*" - ], - "type": "text" - } - }, - "id": "system/metrics-system.process-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "process" - ], - "period": "10s", - "process.include_top_n.by_cpu": 5, - "process.include_top_n.by_memory": 5, - "process.cmdline.cache.enabled": true, - "process.cgroups.enabled": false, - "process.include_cpu_ticks": false, - "processes": [ - ".*" - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process.summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.process.summary-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "process_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.socket_summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.socket_summary-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "socket_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.uptime" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.uptime-0483a039-2f91-4d47-b43c-4623cadd5f27", - "compiled_stream": { - "metricsets": [ - "uptime" - ], - "period": "10s" - } - } - ], - "vars": { - "system.hostfs": { - "type": "text" - } - } + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" }, - { - "type": "httpjson", - "policy_template": "system", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Application\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Security\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:System\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } - } + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" } - ], - "revision": 1, - "created_at": "2022-06-27T19:25:42.095Z", - "created_by": "elastic", - "updated_at": "2022-06-27T19:25:42.095Z", - "updated_by": "elastic" + }, + "id": "winlog-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] }, { - "id": "c864461b-b8d3-48e0-b477-7954434078b5", - "version": "WzE1MTgsMV0=", - "name": "nginx-load-balancers-testt", - "description": "", - "namespace": "default", - "policy_id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", - "enabled": true, - "output_id": "", - "inputs": [ - { - "type": "logfile", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/access.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5", - "compiled_stream": { - "paths": [ - "/var/log/nginx/access.log*" - ], - "tags": [ - "nginx-access" - ], - "exclude_files": [ - ".gz$" - ], - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/error.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5", - "compiled_stream": { - "paths": [ - "/var/log/nginx/error.log*" - ], - "tags": [ - "nginx-error" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", - "negate": true, - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "httpjson", - "policy_template": "nginx", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:access", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "httpjson-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:error", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "httpjson-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-0483a039-2f91-4d47-b43c-4623cadd5f27" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" }, - { - "type": "nginx/metrics", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "nginx.stubstatus" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "server_status_path": { - "value": "/nginx_status", - "type": "text" - } - }, - "id": "nginx/metrics-nginx.stubstatus-c864461b-b8d3-48e0-b477-7954434078b5", - "compiled_stream": { - "metricsets": [ - "stubstatus" - ], - "hosts": [ - "http://127.0.0.1:80" - ], - "period": "10s", - "server_status_path": "/nginx_status" - } - } - ], - "vars": { - "hosts": { - "value": [ - "http://127.0.0.1:80" - ], - "type": "text" - } + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" } - ], - "package": { - "name": "nginx", - "title": "Nginx", - "version": "1.3.2" + }, + "id": "system/metrics-system.process-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } }, - "revision": 1, - "created_at": "2022-06-27T19:26:16.169Z", - "created_by": "elastic", - "updated_at": "2022-06-27T19:26:16.169Z", - "updated_by": "elastic" + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-0483a039-2f91-4d47-b43c-4623cadd5f27", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-0483a039-2f91-4d47-b43c-4623cadd5f27" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-0483a039-2f91-4d47-b43c-4623cadd5f27" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-0483a039-2f91-4d47-b43c-4623cadd5f27" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T19:25:42.095Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:25:42.095Z", + "updated_by": "elastic" + }, + { + "id": "c864461b-b8d3-48e0-b477-7954434078b5", + "version": "WzE1MTgsMV0=", + "name": "nginx-load-balancers-testt", + "description": "", + "namespace": "default", + "policy_id": "edf437d0-f64e-11ec-acb0-0b2e9206fdb0", + "enabled": true, + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-c864461b-b8d3-48e0-b477-7954434078b5" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-c864461b-b8d3-48e0-b477-7954434078b5" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + }, + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" + } + }, + "id": "nginx/metrics-nginx.stubstatus-c864461b-b8d3-48e0-b477-7954434078b5", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } } - ], - "agents": 0 + ], + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.3.2" + }, + "revision": 1, + "created_at": "2022-06-27T19:26:16.169Z", + "created_by": "elastic", + "updated_at": "2022-06-27T19:26:16.169Z", + "updated_by": "elastic" + } + ], + "agents": 0 } \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-dump/agentpolicy/agent_policies/fleet-server-policy.json b/internal/dump/testdata/fleet-8-dump/agentpolicy/agent_policies/fleet-server-policy.json index 8898d1740..3f56889e7 100644 --- a/internal/dump/testdata/fleet-8-dump/agentpolicy/agent_policies/fleet-server-policy.json +++ b/internal/dump/testdata/fleet-8-dump/agentpolicy/agent_policies/fleet-server-policy.json @@ -1,75 +1,75 @@ { - "id": "fleet-server-policy", - "namespace": "default", - "monitoring_enabled": [ - "logs", - "metrics" - ], - "name": "Fleet Server (elastic-package)", - "is_default_fleet_server": true, - "is_preconfigured": true, - "status": "active", - "is_managed": false, - "revision": 2, - "updated_at": "2022-06-27T15:31:03.382Z", - "updated_by": "system", - "package_policies": [ + "id": "fleet-server-policy", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "name": "Fleet Server (elastic-package)", + "is_default_fleet_server": true, + "is_preconfigured": true, + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T15:31:03.382Z", + "updated_by": "system", + "package_policies": [ + { + "id": "default-fleet-server", + "version": "WzYyNCwxXQ==", + "name": "fleet_server-1", + "namespace": "default", + "package": { + "name": "fleet_server", + "title": "Fleet Server", + "version": "1.2.0" + }, + "enabled": true, + "policy_id": "fleet-server-policy", + "output_id": "fleet-default-output", + "inputs": [ { - "id": "default-fleet-server", - "version": "WzYyNCwxXQ==", - "name": "fleet_server-1", - "namespace": "default", - "package": { - "name": "fleet_server", - "title": "Fleet Server", - "version": "1.2.0" + "type": "fleet-server", + "policy_template": "fleet_server", + "enabled": true, + "streams": [], + "vars": { + "host": { + "value": [ + "0.0.0.0" + ], + "type": "text" }, - "enabled": true, - "policy_id": "fleet-server-policy", - "output_id": "fleet-default-output", - "inputs": [ - { - "type": "fleet-server", - "policy_template": "fleet_server", - "enabled": true, - "streams": [], - "vars": { - "host": { - "value": [ - "0.0.0.0" - ], - "type": "text" - }, - "port": { - "value": [ - 8220 - ], - "type": "integer" - }, - "max_agents": { - "type": "integer" - }, - "max_connections": { - "type": "integer" - }, - "custom": { - "value": "", - "type": "yaml" - } - }, - "compiled_input": { - "server": { - "port": 8220, - "host": "0.0.0.0" - } - } - } - ], - "revision": 1, - "created_at": "2022-06-27T15:31:03.351Z", - "created_by": "system", - "updated_at": "2022-06-27T15:31:03.351Z", - "updated_by": "system" + "port": { + "value": [ + 8220 + ], + "type": "integer" + }, + "max_agents": { + "type": "integer" + }, + "max_connections": { + "type": "integer" + }, + "custom": { + "value": "", + "type": "yaml" + } + }, + "compiled_input": { + "server": { + "port": 8220, + "host": "0.0.0.0" + } + } } - ] + ], + "revision": 1, + "created_at": "2022-06-27T15:31:03.351Z", + "created_by": "system", + "updated_at": "2022-06-27T15:31:03.351Z", + "updated_by": "system" + } + ] } \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-dump/all/agent_policies/67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json b/internal/dump/testdata/fleet-8-dump/all/agent_policies/67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json index a0da2715c..d2d31e1da 100644 --- a/internal/dump/testdata/fleet-8-dump/all/agent_policies/67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json +++ b/internal/dump/testdata/fleet-8-dump/all/agent_policies/67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json @@ -1,931 +1,931 @@ { - "id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", - "name": "HTTP servers", - "description": "", - "namespace": "default", - "monitoring_enabled": [ - "logs", - "metrics" - ], - "status": "active", - "is_managed": false, - "revision": 2, - "updated_at": "2022-06-27T15:33:05.252Z", - "updated_by": "elastic", - "package_policies": [ + "id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", + "name": "HTTP servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T15:33:05.252Z", + "updated_by": "elastic", + "package_policies": [ + { + "id": "863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "version": "WzkyMywxXQ==", + "name": "system-2", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.16.2" + }, + "enabled": true, + "policy_id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "fleet-default-output", + "inputs": [ { - "id": "863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "version": "WzkyMywxXQ==", - "name": "system-2", - "namespace": "default", - "package": { - "name": "system", - "title": "System", - "version": "1.16.2" + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } }, - "enabled": true, - "policy_id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", - "output_id": "fleet-default-output", - "inputs": [ - { - "type": "logfile", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.auth" - }, - "vars": { - "paths": { - "value": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "type": "text" - } - }, - "id": "logfile-system.auth-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "paths": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.syslog" - }, - "vars": { - "paths": { - "value": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "type": "text" - } - }, - "id": "logfile-system.syslog-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "paths": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "winlog", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "name": "Application", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "name": "Security", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "name": "System", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - } - ] - }, - { - "type": "system/metrics", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "metrics", - "dataset": "system.core" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "core.metrics": { - "value": [ - "percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.core-863e86ed-8d12-466c-a6b9-b5c3769f4f80" - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.cpu" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "cpu.metrics": { - "value": [ - "percentages", - "normalized_percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.cpu-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "cpu" - ], - "cpu.metrics": [ - "percentages", - "normalized_percentages" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.diskio" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "diskio.include_devices": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.diskio-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "diskio" - ], - "diskio.include_devices": null, - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.filesystem" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" - }, - "processors": { - "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - }, - "filesystem.ignore_types": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.filesystem-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "filesystem" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" - } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.fsstat" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" - }, - "processors": { - "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - } - }, - "id": "system/metrics-system.fsstat-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "fsstat" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" - } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.load" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.load-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "load" - ], - "condition": "${host.platform} != 'windows'", - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.memory" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.memory-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "memory" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.network" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "network.interfaces": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.network-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "network" - ], - "period": "10s", - "network.interfaces": null - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "process.include_top_n.by_cpu": { - "value": 5, - "type": "integer" - }, - "process.include_top_n.by_memory": { - "value": 5, - "type": "integer" - }, - "process.cmdline.cache.enabled": { - "value": true, - "type": "bool" - }, - "process.cgroups.enabled": { - "value": false, - "type": "bool" - }, - "process.env.whitelist": { - "value": [], - "type": "text" - }, - "process.include_cpu_ticks": { - "value": false, - "type": "bool" - }, - "processes": { - "value": [ - ".*" - ], - "type": "text" - } - }, - "id": "system/metrics-system.process-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "process" - ], - "period": "10s", - "process.include_top_n.by_cpu": 5, - "process.include_top_n.by_memory": 5, - "process.cmdline.cache.enabled": true, - "process.cgroups.enabled": false, - "process.include_cpu_ticks": false, - "processes": [ - ".*" - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process.summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.process.summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "process_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.socket_summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.socket_summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "socket_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.uptime" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.uptime-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "uptime" - ], - "period": "10s" - } - } - ], - "vars": { - "system.hostfs": { - "type": "text" - } - } + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" }, - { - "type": "httpjson", - "policy_template": "system", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Application\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Security\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:System\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } - } + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" } - ], - "revision": 1, - "created_at": "2022-06-27T15:32:53.484Z", - "created_by": "elastic", - "updated_at": "2022-06-27T15:32:53.484Z", - "updated_by": "elastic" + }, + "id": "winlog-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] }, { - "id": "9be915b0-9b9b-45e2-adfc-37f18b64d468", - "version": "WzEwMjIsMV0=", - "name": "nginx-http-servers-test", - "namespace": "default", - "description": "", - "package": { - "name": "nginx", - "title": "Nginx", - "version": "1.4.0" + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-863e86ed-8d12-466c-a6b9-b5c3769f4f80" }, - "enabled": true, - "policy_id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", - "output_id": "", - "inputs": [ - { - "type": "logfile", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/access.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468", - "compiled_stream": { - "paths": [ - "/var/log/nginx/access.log*" - ], - "tags": [ - "nginx-access" - ], - "exclude_files": [ - ".gz$" - ], - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/error.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468", - "compiled_stream": { - "paths": [ - "/var/log/nginx/error.log*" - ], - "tags": [ - "nginx-error" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", - "negate": true, - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "httpjson", - "policy_template": "nginx", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:access", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "httpjson-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:error", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "httpjson-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" }, - { - "type": "nginx/metrics", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "nginx.stubstatus" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "server_status_path": { - "value": "/nginx_status", - "type": "text" - } - }, - "id": "nginx/metrics-nginx.stubstatus-9be915b0-9b9b-45e2-adfc-37f18b64d468", - "compiled_stream": { - "metricsets": [ - "stubstatus" - ], - "hosts": [ - "http://127.0.0.1:80" - ], - "period": "10s", - "server_status_path": "/nginx_status" - } - } - ], - "vars": { - "hosts": { - "value": [ - "http://127.0.0.1:80" - ], - "type": "text" - } + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T15:32:53.484Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:32:53.484Z", + "updated_by": "elastic" + }, + { + "id": "9be915b0-9b9b-45e2-adfc-37f18b64d468", + "version": "WzEwMjIsMV0=", + "name": "nginx-http-servers-test", + "namespace": "default", + "description": "", + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.4.0" + }, + "enabled": true, + "policy_id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + }, + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" } - ], - "revision": 1, - "created_at": "2022-06-27T15:33:04.248Z", - "created_by": "elastic", - "updated_at": "2022-06-27T15:33:04.248Z", - "updated_by": "elastic" + }, + "id": "nginx/metrics-nginx.stubstatus-9be915b0-9b9b-45e2-adfc-37f18b64d468", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } } - ], - "agents": 0 + ], + "revision": 1, + "created_at": "2022-06-27T15:33:04.248Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:33:04.248Z", + "updated_by": "elastic" + } + ], + "agents": 0 } \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-dump/all/agent_policies/8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json b/internal/dump/testdata/fleet-8-dump/all/agent_policies/8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json index 77939ff53..60cbdaa91 100644 --- a/internal/dump/testdata/fleet-8-dump/all/agent_policies/8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json +++ b/internal/dump/testdata/fleet-8-dump/all/agent_policies/8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json @@ -1,931 +1,931 @@ { - "id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", - "name": "Load Balancers Servers", - "description": "", - "namespace": "default", - "monitoring_enabled": [ - "logs", - "metrics" - ], - "status": "active", - "is_managed": false, - "revision": 2, - "updated_at": "2022-06-27T15:33:59.587Z", - "updated_by": "elastic", - "package_policies": [ + "id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", + "name": "Load Balancers Servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T15:33:59.587Z", + "updated_by": "elastic", + "package_policies": [ + { + "id": "a09f2609-9e8b-4b48-998f-ce99340da027", + "version": "WzEzMjAsMV0=", + "name": "system-3", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.16.2" + }, + "enabled": true, + "policy_id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "fleet-default-output", + "inputs": [ { - "id": "a09f2609-9e8b-4b48-998f-ce99340da027", - "version": "WzEzMjAsMV0=", - "name": "system-3", - "namespace": "default", - "package": { - "name": "system", - "title": "System", - "version": "1.16.2" + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } }, - "enabled": true, - "policy_id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", - "output_id": "fleet-default-output", - "inputs": [ - { - "type": "logfile", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.auth" - }, - "vars": { - "paths": { - "value": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "type": "text" - } - }, - "id": "logfile-system.auth-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "paths": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.syslog" - }, - "vars": { - "paths": { - "value": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "type": "text" - } - }, - "id": "logfile-system.syslog-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "paths": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "winlog", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.application-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "name": "Application", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.security-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "name": "Security", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.system-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "name": "System", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - } - ] - }, - { - "type": "system/metrics", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "metrics", - "dataset": "system.core" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "core.metrics": { - "value": [ - "percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.core-a09f2609-9e8b-4b48-998f-ce99340da027" - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.cpu" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "cpu.metrics": { - "value": [ - "percentages", - "normalized_percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.cpu-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "cpu" - ], - "cpu.metrics": [ - "percentages", - "normalized_percentages" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.diskio" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "diskio.include_devices": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.diskio-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "diskio" - ], - "diskio.include_devices": null, - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.filesystem" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" - }, - "processors": { - "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - }, - "filesystem.ignore_types": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.filesystem-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "filesystem" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" - } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.fsstat" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" - }, - "processors": { - "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - } - }, - "id": "system/metrics-system.fsstat-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "fsstat" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" - } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.load" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.load-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "load" - ], - "condition": "${host.platform} != 'windows'", - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.memory" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.memory-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "memory" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.network" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "network.interfaces": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.network-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "network" - ], - "period": "10s", - "network.interfaces": null - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "process.include_top_n.by_cpu": { - "value": 5, - "type": "integer" - }, - "process.include_top_n.by_memory": { - "value": 5, - "type": "integer" - }, - "process.cmdline.cache.enabled": { - "value": true, - "type": "bool" - }, - "process.cgroups.enabled": { - "value": false, - "type": "bool" - }, - "process.env.whitelist": { - "value": [], - "type": "text" - }, - "process.include_cpu_ticks": { - "value": false, - "type": "bool" - }, - "processes": { - "value": [ - ".*" - ], - "type": "text" - } - }, - "id": "system/metrics-system.process-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "process" - ], - "period": "10s", - "process.include_top_n.by_cpu": 5, - "process.include_top_n.by_memory": 5, - "process.cmdline.cache.enabled": true, - "process.cgroups.enabled": false, - "process.include_cpu_ticks": false, - "processes": [ - ".*" - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process.summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.process.summary-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "process_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.socket_summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.socket_summary-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "socket_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.uptime" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.uptime-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "uptime" - ], - "period": "10s" - } - } - ], - "vars": { - "system.hostfs": { - "type": "text" - } - } + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" }, - { - "type": "httpjson", - "policy_template": "system", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Application\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.application-a09f2609-9e8b-4b48-998f-ce99340da027" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Security\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.security-a09f2609-9e8b-4b48-998f-ce99340da027" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:System\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.system-a09f2609-9e8b-4b48-998f-ce99340da027" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } - } + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" } - ], - "revision": 1, - "created_at": "2022-06-27T15:33:55.519Z", - "created_by": "elastic", - "updated_at": "2022-06-27T15:33:55.519Z", - "updated_by": "elastic" + }, + "id": "winlog-system.system-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] }, { - "id": "46331ee9-90a9-4b1f-b568-98641e9bafc9", - "version": "WzEzMjIsMV0=", - "name": "nginx-load-balancers-test", - "namespace": "default", - "description": "", - "package": { - "name": "nginx", - "title": "Nginx", - "version": "1.4.0" + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-a09f2609-9e8b-4b48-998f-ce99340da027" }, - "enabled": true, - "policy_id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", - "output_id": "", - "inputs": [ - { - "type": "logfile", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/access.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9", - "compiled_stream": { - "paths": [ - "/var/log/nginx/access.log*" - ], - "tags": [ - "nginx-access" - ], - "exclude_files": [ - ".gz$" - ], - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/error.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9", - "compiled_stream": { - "paths": [ - "/var/log/nginx/error.log*" - ], - "tags": [ - "nginx-error" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", - "negate": true, - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "httpjson", - "policy_template": "nginx", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:access", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "httpjson-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:error", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "httpjson-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" }, - { - "type": "nginx/metrics", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "nginx.stubstatus" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "server_status_path": { - "value": "/nginx_status", - "type": "text" - } - }, - "id": "nginx/metrics-nginx.stubstatus-46331ee9-90a9-4b1f-b568-98641e9bafc9", - "compiled_stream": { - "metricsets": [ - "stubstatus" - ], - "hosts": [ - "http://127.0.0.1:80" - ], - "period": "10s", - "server_status_path": "/nginx_status" - } - } - ], - "vars": { - "hosts": { - "value": [ - "http://127.0.0.1:80" - ], - "type": "text" - } + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-a09f2609-9e8b-4b48-998f-ce99340da027" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-a09f2609-9e8b-4b48-998f-ce99340da027" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-a09f2609-9e8b-4b48-998f-ce99340da027" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T15:33:55.519Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:33:55.519Z", + "updated_by": "elastic" + }, + { + "id": "46331ee9-90a9-4b1f-b568-98641e9bafc9", + "version": "WzEzMjIsMV0=", + "name": "nginx-load-balancers-test", + "namespace": "default", + "description": "", + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.4.0" + }, + "enabled": true, + "policy_id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + }, + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" } - ], - "revision": 1, - "created_at": "2022-06-27T15:33:58.606Z", - "created_by": "elastic", - "updated_at": "2022-06-27T15:33:58.606Z", - "updated_by": "elastic" + }, + "id": "nginx/metrics-nginx.stubstatus-46331ee9-90a9-4b1f-b568-98641e9bafc9", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } } - ], - "agents": 0 + ], + "revision": 1, + "created_at": "2022-06-27T15:33:58.606Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:33:58.606Z", + "updated_by": "elastic" + } + ], + "agents": 0 } \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-dump/all/agent_policies/elastic-agent-managed-ep.json b/internal/dump/testdata/fleet-8-dump/all/agent_policies/elastic-agent-managed-ep.json index ea538c51c..ca549c5ee 100644 --- a/internal/dump/testdata/fleet-8-dump/all/agent_policies/elastic-agent-managed-ep.json +++ b/internal/dump/testdata/fleet-8-dump/all/agent_policies/elastic-agent-managed-ep.json @@ -1,675 +1,675 @@ { - "id": "elastic-agent-managed-ep", - "namespace": "default", - "monitoring_enabled": [ - "logs", - "metrics" - ], - "name": "Elastic-Agent (elastic-package)", - "is_default": true, - "is_preconfigured": true, - "status": "active", - "is_managed": false, - "revision": 2, - "updated_at": "2022-06-27T15:31:01.360Z", - "updated_by": "system", - "package_policies": [ + "id": "elastic-agent-managed-ep", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "name": "Elastic-Agent (elastic-package)", + "is_default": true, + "is_preconfigured": true, + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T15:31:01.360Z", + "updated_by": "system", + "package_policies": [ + { + "id": "default-system", + "version": "WzYyMiwxXQ==", + "name": "system-1", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.16.2" + }, + "enabled": true, + "policy_id": "elastic-agent-managed-ep", + "output_id": "fleet-default-output", + "inputs": [ { - "id": "default-system", - "version": "WzYyMiwxXQ==", - "name": "system-1", - "namespace": "default", - "package": { - "name": "system", - "title": "System", - "version": "1.16.2" + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-default-system", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-default-system", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-default-system", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-default-system", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } }, - "enabled": true, - "policy_id": "elastic-agent-managed-ep", - "output_id": "fleet-default-output", - "inputs": [ - { - "type": "logfile", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.auth" - }, - "vars": { - "paths": { - "value": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "type": "text" - } - }, - "id": "logfile-system.auth-default-system", - "compiled_stream": { - "paths": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.syslog" - }, - "vars": { - "paths": { - "value": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "type": "text" - } - }, - "id": "logfile-system.syslog-default-system", - "compiled_stream": { - "paths": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "winlog", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.application-default-system", - "compiled_stream": { - "name": "Application", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.security-default-system", - "compiled_stream": { - "name": "Security", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.system-default-system", - "compiled_stream": { - "name": "System", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - } - ] - }, - { - "type": "system/metrics", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "metrics", - "dataset": "system.core" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "core.metrics": { - "value": [ - "percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.core-default-system" - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.cpu" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "cpu.metrics": { - "value": [ - "percentages", - "normalized_percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.cpu-default-system", - "compiled_stream": { - "metricsets": [ - "cpu" - ], - "cpu.metrics": [ - "percentages", - "normalized_percentages" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.diskio" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "diskio.include_devices": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.diskio-default-system", - "compiled_stream": { - "metricsets": [ - "diskio" - ], - "diskio.include_devices": null, - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.filesystem" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" - }, - "processors": { - "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - }, - "filesystem.ignore_types": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.filesystem-default-system", - "compiled_stream": { - "metricsets": [ - "filesystem" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" - } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.fsstat" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" - }, - "processors": { - "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - } - }, - "id": "system/metrics-system.fsstat-default-system", - "compiled_stream": { - "metricsets": [ - "fsstat" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" - } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.load" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.load-default-system", - "compiled_stream": { - "metricsets": [ - "load" - ], - "condition": "${host.platform} != 'windows'", - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.memory" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.memory-default-system", - "compiled_stream": { - "metricsets": [ - "memory" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.network" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "network.interfaces": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.network-default-system", - "compiled_stream": { - "metricsets": [ - "network" - ], - "period": "10s", - "network.interfaces": null - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "process.include_top_n.by_cpu": { - "value": 5, - "type": "integer" - }, - "process.include_top_n.by_memory": { - "value": 5, - "type": "integer" - }, - "process.cmdline.cache.enabled": { - "value": true, - "type": "bool" - }, - "process.cgroups.enabled": { - "value": false, - "type": "bool" - }, - "process.env.whitelist": { - "value": [], - "type": "text" - }, - "process.include_cpu_ticks": { - "value": false, - "type": "bool" - }, - "processes": { - "value": [ - ".*" - ], - "type": "text" - } - }, - "id": "system/metrics-system.process-default-system", - "compiled_stream": { - "metricsets": [ - "process" - ], - "period": "10s", - "process.include_top_n.by_cpu": 5, - "process.include_top_n.by_memory": 5, - "process.cmdline.cache.enabled": true, - "process.cgroups.enabled": false, - "process.include_cpu_ticks": false, - "processes": [ - ".*" - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process.summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.process.summary-default-system", - "compiled_stream": { - "metricsets": [ - "process_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.socket_summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.socket_summary-default-system", - "compiled_stream": { - "metricsets": [ - "socket_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.uptime" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.uptime-default-system", - "compiled_stream": { - "metricsets": [ - "uptime" - ], - "period": "10s" - } - } - ], - "vars": { - "system.hostfs": { - "type": "text" - } + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.system-default-system", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-default-system" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-default-system", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-default-system", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-default-system", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" }, - { - "type": "httpjson", - "policy_template": "system", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Application\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.application-default-system" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Security\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.security-default-system" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:System\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.system-default-system" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-default-system", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-default-system", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-default-system", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-default-system", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-default-system", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-default-system", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" } - ], - "revision": 1, - "created_at": "2022-06-27T15:31:00.403Z", - "created_by": "system", - "updated_at": "2022-06-27T15:31:00.403Z", - "updated_by": "system" + }, + "id": "system/metrics-system.socket_summary-default-system", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-default-system", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-default-system" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-default-system" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-default-system" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } } - ], - "agents": 1 + ], + "revision": 1, + "created_at": "2022-06-27T15:31:00.403Z", + "created_by": "system", + "updated_at": "2022-06-27T15:31:00.403Z", + "updated_by": "system" + } + ], + "agents": 1 } \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-dump/all/agent_policies/fleet-server-policy.json b/internal/dump/testdata/fleet-8-dump/all/agent_policies/fleet-server-policy.json index 8194f81c2..c9dcf5bcd 100644 --- a/internal/dump/testdata/fleet-8-dump/all/agent_policies/fleet-server-policy.json +++ b/internal/dump/testdata/fleet-8-dump/all/agent_policies/fleet-server-policy.json @@ -1,76 +1,76 @@ { - "id": "fleet-server-policy", - "namespace": "default", - "monitoring_enabled": [ - "logs", - "metrics" - ], - "name": "Fleet Server (elastic-package)", - "is_default_fleet_server": true, - "is_preconfigured": true, - "status": "active", - "is_managed": false, - "revision": 2, - "updated_at": "2022-06-27T15:31:03.382Z", - "updated_by": "system", - "package_policies": [ + "id": "fleet-server-policy", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "name": "Fleet Server (elastic-package)", + "is_default_fleet_server": true, + "is_preconfigured": true, + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T15:31:03.382Z", + "updated_by": "system", + "package_policies": [ + { + "id": "default-fleet-server", + "version": "WzYyNCwxXQ==", + "name": "fleet_server-1", + "namespace": "default", + "package": { + "name": "fleet_server", + "title": "Fleet Server", + "version": "1.2.0" + }, + "enabled": true, + "policy_id": "fleet-server-policy", + "output_id": "fleet-default-output", + "inputs": [ { - "id": "default-fleet-server", - "version": "WzYyNCwxXQ==", - "name": "fleet_server-1", - "namespace": "default", - "package": { - "name": "fleet_server", - "title": "Fleet Server", - "version": "1.2.0" + "type": "fleet-server", + "policy_template": "fleet_server", + "enabled": true, + "streams": [], + "vars": { + "host": { + "value": [ + "0.0.0.0" + ], + "type": "text" }, - "enabled": true, - "policy_id": "fleet-server-policy", - "output_id": "fleet-default-output", - "inputs": [ - { - "type": "fleet-server", - "policy_template": "fleet_server", - "enabled": true, - "streams": [], - "vars": { - "host": { - "value": [ - "0.0.0.0" - ], - "type": "text" - }, - "port": { - "value": [ - 8220 - ], - "type": "integer" - }, - "max_agents": { - "type": "integer" - }, - "max_connections": { - "type": "integer" - }, - "custom": { - "value": "", - "type": "yaml" - } - }, - "compiled_input": { - "server": { - "port": 8220, - "host": "0.0.0.0" - } - } - } - ], - "revision": 1, - "created_at": "2022-06-27T15:31:03.351Z", - "created_by": "system", - "updated_at": "2022-06-27T15:31:03.351Z", - "updated_by": "system" + "port": { + "value": [ + 8220 + ], + "type": "integer" + }, + "max_agents": { + "type": "integer" + }, + "max_connections": { + "type": "integer" + }, + "custom": { + "value": "", + "type": "yaml" + } + }, + "compiled_input": { + "server": { + "port": 8220, + "host": "0.0.0.0" + } + } } - ], - "agents": 1 + ], + "revision": 1, + "created_at": "2022-06-27T15:31:03.351Z", + "created_by": "system", + "updated_at": "2022-06-27T15:31:03.351Z", + "updated_by": "system" + } + ], + "agents": 1 } \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-dump/package/agent_policies/67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json b/internal/dump/testdata/fleet-8-dump/package/agent_policies/67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json index a0da2715c..d2d31e1da 100644 --- a/internal/dump/testdata/fleet-8-dump/package/agent_policies/67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json +++ b/internal/dump/testdata/fleet-8-dump/package/agent_policies/67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f.json @@ -1,931 +1,931 @@ { - "id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", - "name": "HTTP servers", - "description": "", - "namespace": "default", - "monitoring_enabled": [ - "logs", - "metrics" - ], - "status": "active", - "is_managed": false, - "revision": 2, - "updated_at": "2022-06-27T15:33:05.252Z", - "updated_by": "elastic", - "package_policies": [ + "id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", + "name": "HTTP servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T15:33:05.252Z", + "updated_by": "elastic", + "package_policies": [ + { + "id": "863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "version": "WzkyMywxXQ==", + "name": "system-2", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.16.2" + }, + "enabled": true, + "policy_id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "fleet-default-output", + "inputs": [ { - "id": "863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "version": "WzkyMywxXQ==", - "name": "system-2", - "namespace": "default", - "package": { - "name": "system", - "title": "System", - "version": "1.16.2" + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } }, - "enabled": true, - "policy_id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", - "output_id": "fleet-default-output", - "inputs": [ - { - "type": "logfile", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.auth" - }, - "vars": { - "paths": { - "value": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "type": "text" - } - }, - "id": "logfile-system.auth-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "paths": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.syslog" - }, - "vars": { - "paths": { - "value": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "type": "text" - } - }, - "id": "logfile-system.syslog-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "paths": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "winlog", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "name": "Application", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "name": "Security", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "name": "System", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - } - ] - }, - { - "type": "system/metrics", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "metrics", - "dataset": "system.core" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "core.metrics": { - "value": [ - "percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.core-863e86ed-8d12-466c-a6b9-b5c3769f4f80" - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.cpu" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "cpu.metrics": { - "value": [ - "percentages", - "normalized_percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.cpu-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "cpu" - ], - "cpu.metrics": [ - "percentages", - "normalized_percentages" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.diskio" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "diskio.include_devices": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.diskio-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "diskio" - ], - "diskio.include_devices": null, - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.filesystem" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" - }, - "processors": { - "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - }, - "filesystem.ignore_types": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.filesystem-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "filesystem" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" - } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.fsstat" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" - }, - "processors": { - "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - } - }, - "id": "system/metrics-system.fsstat-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "fsstat" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" - } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.load" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.load-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "load" - ], - "condition": "${host.platform} != 'windows'", - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.memory" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.memory-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "memory" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.network" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "network.interfaces": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.network-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "network" - ], - "period": "10s", - "network.interfaces": null - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "process.include_top_n.by_cpu": { - "value": 5, - "type": "integer" - }, - "process.include_top_n.by_memory": { - "value": 5, - "type": "integer" - }, - "process.cmdline.cache.enabled": { - "value": true, - "type": "bool" - }, - "process.cgroups.enabled": { - "value": false, - "type": "bool" - }, - "process.env.whitelist": { - "value": [], - "type": "text" - }, - "process.include_cpu_ticks": { - "value": false, - "type": "bool" - }, - "processes": { - "value": [ - ".*" - ], - "type": "text" - } - }, - "id": "system/metrics-system.process-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "process" - ], - "period": "10s", - "process.include_top_n.by_cpu": 5, - "process.include_top_n.by_memory": 5, - "process.cmdline.cache.enabled": true, - "process.cgroups.enabled": false, - "process.include_cpu_ticks": false, - "processes": [ - ".*" - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process.summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.process.summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "process_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.socket_summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.socket_summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "socket_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.uptime" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.uptime-863e86ed-8d12-466c-a6b9-b5c3769f4f80", - "compiled_stream": { - "metricsets": [ - "uptime" - ], - "period": "10s" - } - } - ], - "vars": { - "system.hostfs": { - "type": "text" - } - } + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" }, - { - "type": "httpjson", - "policy_template": "system", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Application\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Security\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:System\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } - } + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" } - ], - "revision": 1, - "created_at": "2022-06-27T15:32:53.484Z", - "created_by": "elastic", - "updated_at": "2022-06-27T15:32:53.484Z", - "updated_by": "elastic" + }, + "id": "winlog-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] }, { - "id": "9be915b0-9b9b-45e2-adfc-37f18b64d468", - "version": "WzEwMjIsMV0=", - "name": "nginx-http-servers-test", - "namespace": "default", - "description": "", - "package": { - "name": "nginx", - "title": "Nginx", - "version": "1.4.0" + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-863e86ed-8d12-466c-a6b9-b5c3769f4f80" }, - "enabled": true, - "policy_id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", - "output_id": "", - "inputs": [ - { - "type": "logfile", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/access.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468", - "compiled_stream": { - "paths": [ - "/var/log/nginx/access.log*" - ], - "tags": [ - "nginx-access" - ], - "exclude_files": [ - ".gz$" - ], - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/error.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468", - "compiled_stream": { - "paths": [ - "/var/log/nginx/error.log*" - ], - "tags": [ - "nginx-error" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", - "negate": true, - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "httpjson", - "policy_template": "nginx", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:access", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "httpjson-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:error", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "httpjson-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" }, - { - "type": "nginx/metrics", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "nginx.stubstatus" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "server_status_path": { - "value": "/nginx_status", - "type": "text" - } - }, - "id": "nginx/metrics-nginx.stubstatus-9be915b0-9b9b-45e2-adfc-37f18b64d468", - "compiled_stream": { - "metricsets": [ - "stubstatus" - ], - "hosts": [ - "http://127.0.0.1:80" - ], - "period": "10s", - "server_status_path": "/nginx_status" - } - } - ], - "vars": { - "hosts": { - "value": [ - "http://127.0.0.1:80" - ], - "type": "text" - } + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-863e86ed-8d12-466c-a6b9-b5c3769f4f80", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T15:32:53.484Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:32:53.484Z", + "updated_by": "elastic" + }, + { + "id": "9be915b0-9b9b-45e2-adfc-37f18b64d468", + "version": "WzEwMjIsMV0=", + "name": "nginx-http-servers-test", + "namespace": "default", + "description": "", + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.4.0" + }, + "enabled": true, + "policy_id": "67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + }, + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" } - ], - "revision": 1, - "created_at": "2022-06-27T15:33:04.248Z", - "created_by": "elastic", - "updated_at": "2022-06-27T15:33:04.248Z", - "updated_by": "elastic" + }, + "id": "nginx/metrics-nginx.stubstatus-9be915b0-9b9b-45e2-adfc-37f18b64d468", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } } - ], - "agents": 0 + ], + "revision": 1, + "created_at": "2022-06-27T15:33:04.248Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:33:04.248Z", + "updated_by": "elastic" + } + ], + "agents": 0 } \ No newline at end of file diff --git a/internal/dump/testdata/fleet-8-dump/package/agent_policies/8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json b/internal/dump/testdata/fleet-8-dump/package/agent_policies/8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json index 77939ff53..60cbdaa91 100644 --- a/internal/dump/testdata/fleet-8-dump/package/agent_policies/8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json +++ b/internal/dump/testdata/fleet-8-dump/package/agent_policies/8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f.json @@ -1,931 +1,931 @@ { - "id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", - "name": "Load Balancers Servers", - "description": "", - "namespace": "default", - "monitoring_enabled": [ - "logs", - "metrics" - ], - "status": "active", - "is_managed": false, - "revision": 2, - "updated_at": "2022-06-27T15:33:59.587Z", - "updated_by": "elastic", - "package_policies": [ + "id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", + "name": "Load Balancers Servers", + "description": "", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "status": "active", + "is_managed": false, + "revision": 2, + "updated_at": "2022-06-27T15:33:59.587Z", + "updated_by": "elastic", + "package_policies": [ + { + "id": "a09f2609-9e8b-4b48-998f-ce99340da027", + "version": "WzEzMjAsMV0=", + "name": "system-3", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.16.2" + }, + "enabled": true, + "policy_id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "fleet-default-output", + "inputs": [ { - "id": "a09f2609-9e8b-4b48-998f-ce99340da027", - "version": "WzEzMjAsMV0=", - "name": "system-3", - "namespace": "default", - "package": { - "name": "system", - "title": "System", - "version": "1.16.2" + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } }, - "enabled": true, - "policy_id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", - "output_id": "fleet-default-output", - "inputs": [ - { - "type": "logfile", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.auth" - }, - "vars": { - "paths": { - "value": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "type": "text" - } - }, - "id": "logfile-system.auth-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "paths": [ - "/var/log/auth.log*", - "/var/log/secure*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.syslog" - }, - "vars": { - "paths": { - "value": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "type": "text" - } - }, - "id": "logfile-system.syslog-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "paths": [ - "/var/log/messages*", - "/var/log/syslog*" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\s", - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "winlog", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.application-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "name": "Application", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.security-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "name": "Security", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "event_id": { - "type": "text" - }, - "ignore_older": { - "value": "72h", - "type": "text" - }, - "language": { - "value": 0, - "type": "text" - }, - "tags": { - "value": [], - "type": "text" - }, - "processors": { - "type": "yaml" - } - }, - "id": "winlog-system.system-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "name": "System", - "condition": "${host.platform} == 'windows'", - "ignore_older": "72h" - } - } - ] - }, - { - "type": "system/metrics", - "policy_template": "system", - "enabled": true, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "metrics", - "dataset": "system.core" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "core.metrics": { - "value": [ - "percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.core-a09f2609-9e8b-4b48-998f-ce99340da027" - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.cpu" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "cpu.metrics": { - "value": [ - "percentages", - "normalized_percentages" - ], - "type": "text" - } - }, - "id": "system/metrics-system.cpu-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "cpu" - ], - "cpu.metrics": [ - "percentages", - "normalized_percentages" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.diskio" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "diskio.include_devices": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.diskio-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "diskio" - ], - "diskio.include_devices": null, - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.filesystem" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" - }, - "processors": { - "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - }, - "filesystem.ignore_types": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.filesystem-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "filesystem" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" - } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.fsstat" - }, - "vars": { - "period": { - "value": "1m", - "type": "text" - }, - "processors": { - "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", - "type": "yaml" - } - }, - "id": "system/metrics-system.fsstat-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "fsstat" - ], - "period": "1m", - "processors": [ - { - "drop_event.when.regexp": { - "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" - } - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.load" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.load-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "load" - ], - "condition": "${host.platform} != 'windows'", - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.memory" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.memory-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "memory" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.network" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "network.interfaces": { - "value": [], - "type": "text" - } - }, - "id": "system/metrics-system.network-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "network" - ], - "period": "10s", - "network.interfaces": null - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "process.include_top_n.by_cpu": { - "value": 5, - "type": "integer" - }, - "process.include_top_n.by_memory": { - "value": 5, - "type": "integer" - }, - "process.cmdline.cache.enabled": { - "value": true, - "type": "bool" - }, - "process.cgroups.enabled": { - "value": false, - "type": "bool" - }, - "process.env.whitelist": { - "value": [], - "type": "text" - }, - "process.include_cpu_ticks": { - "value": false, - "type": "bool" - }, - "processes": { - "value": [ - ".*" - ], - "type": "text" - } - }, - "id": "system/metrics-system.process-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "process" - ], - "period": "10s", - "process.include_top_n.by_cpu": 5, - "process.include_top_n.by_memory": 5, - "process.cmdline.cache.enabled": true, - "process.cgroups.enabled": false, - "process.include_cpu_ticks": false, - "processes": [ - ".*" - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.process.summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.process.summary-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "process_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.socket_summary" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.socket_summary-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "socket_summary" - ], - "period": "10s" - } - }, - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "system.uptime" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - } - }, - "id": "system/metrics-system.uptime-a09f2609-9e8b-4b48-998f-ce99340da027", - "compiled_stream": { - "metricsets": [ - "uptime" - ], - "period": "10s" - } - } - ], - "vars": { - "system.hostfs": { - "type": "text" - } - } + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" }, - { - "type": "httpjson", - "policy_template": "system", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.application" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Application\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.application-a09f2609-9e8b-4b48-998f-ce99340da027" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.security" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:Security\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.security-a09f2609-9e8b-4b48-998f-ce99340da027" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "system.system" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=\"XmlWinEventLog:System\"", - "type": "text" - }, - "tags": { - "value": [ - "forwarded" - ], - "type": "text" - } - }, - "id": "httpjson-system.system-a09f2609-9e8b-4b48-998f-ce99340da027" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } - } + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.application-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" + } + }, + "id": "winlog-system.security-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "event_id": { + "type": "text" + }, + "ignore_older": { + "value": "72h", + "type": "text" + }, + "language": { + "value": 0, + "type": "text" + }, + "tags": { + "value": [], + "type": "text" + }, + "processors": { + "type": "yaml" } - ], - "revision": 1, - "created_at": "2022-06-27T15:33:55.519Z", - "created_by": "elastic", - "updated_at": "2022-06-27T15:33:55.519Z", - "updated_by": "elastic" + }, + "id": "winlog-system.system-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h" + } + } + ] }, { - "id": "46331ee9-90a9-4b1f-b568-98641e9bafc9", - "version": "WzEzMjIsMV0=", - "name": "nginx-load-balancers-test", - "namespace": "default", - "description": "", - "package": { - "name": "nginx", - "title": "Nginx", - "version": "1.4.0" + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-a09f2609-9e8b-4b48-998f-ce99340da027" }, - "enabled": true, - "policy_id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", - "output_id": "", - "inputs": [ - { - "type": "logfile", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/access.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9", - "compiled_stream": { - "paths": [ - "/var/log/nginx/access.log*" - ], - "tags": [ - "nginx-access" - ], - "exclude_files": [ - ".gz$" - ], - "processors": [ - { - "add_locale": null - } - ] - } - }, - { - "enabled": true, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "paths": { - "value": [ - "/var/log/nginx/error.log*" - ], - "type": "text" - }, - "tags": { - "value": [ - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "logfile-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9", - "compiled_stream": { - "paths": [ - "/var/log/nginx/error.log*" - ], - "tags": [ - "nginx-error" - ], - "exclude_files": [ - ".gz$" - ], - "multiline": { - "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", - "negate": true, - "match": "after" - }, - "processors": [ - { - "add_locale": null - } - ] - } - } - ] - }, - { - "type": "httpjson", - "policy_template": "nginx", - "enabled": false, - "streams": [ - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.access" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:access", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-access" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "httpjson-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9" - }, - { - "enabled": false, - "data_stream": { - "type": "logs", - "dataset": "nginx.error" - }, - "vars": { - "interval": { - "value": "10s", - "type": "text" - }, - "search": { - "value": "search sourcetype=nginx:plus:error", - "type": "text" - }, - "tags": { - "value": [ - "forwarded", - "nginx-error" - ], - "type": "text" - }, - "preserve_original_event": { - "value": false, - "type": "bool" - }, - "processors": { - "type": "yaml" - } - }, - "id": "httpjson-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9" - } - ], - "vars": { - "url": { - "value": "https://server.example.com:8089", - "type": "text" - }, - "username": { - "type": "text" - }, - "password": { - "type": "password" - }, - "token": { - "type": "password" - }, - "ssl": { - "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", - "type": "yaml" - } + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + }, + "filesystem.ignore_types": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.filesystem-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" }, - { - "type": "nginx/metrics", - "policy_template": "nginx", - "enabled": true, - "streams": [ - { - "enabled": true, - "data_stream": { - "type": "metrics", - "dataset": "nginx.stubstatus" - }, - "vars": { - "period": { - "value": "10s", - "type": "text" - }, - "server_status_path": { - "value": "/nginx_status", - "type": "text" - } - }, - "id": "nginx/metrics-nginx.stubstatus-46331ee9-90a9-4b1f-b568-98641e9bafc9", - "compiled_stream": { - "metricsets": [ - "stubstatus" - ], - "hosts": [ - "http://127.0.0.1:80" - ], - "period": "10s", - "server_status_path": "/nginx_status" - } - } - ], - "vars": { - "hosts": { - "value": [ - "http://127.0.0.1:80" - ], - "type": "text" - } + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-a09f2609-9e8b-4b48-998f-ce99340da027", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-a09f2609-9e8b-4b48-998f-ce99340da027" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-a09f2609-9e8b-4b48-998f-ce99340da027" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-a09f2609-9e8b-4b48-998f-ce99340da027" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2022-06-27T15:33:55.519Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:33:55.519Z", + "updated_by": "elastic" + }, + { + "id": "46331ee9-90a9-4b1f-b568-98641e9bafc9", + "version": "WzEzMjIsMV0=", + "name": "nginx-load-balancers-test", + "namespace": "default", + "description": "", + "package": { + "name": "nginx", + "title": "Nginx", + "version": "1.4.0" + }, + "enabled": true, + "policy_id": "8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f", + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/access.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9", + "compiled_stream": { + "paths": [ + "/var/log/nginx/access.log*" + ], + "tags": [ + "nginx-access" + ], + "exclude_files": [ + ".gz$" + ], + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/nginx/error.log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9", + "compiled_stream": { + "paths": [ + "/var/log/nginx/error.log*" + ], + "tags": [ + "nginx-error" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\d{4}\\/\\d{2}\\/\\d{2} ", + "negate": true, + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "nginx", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:access", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "nginx.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=nginx:plus:error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "nginx-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + }, + { + "type": "nginx/metrics", + "policy_template": "nginx", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "nginx.stubstatus" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "server_status_path": { + "value": "/nginx_status", + "type": "text" } - ], - "revision": 1, - "created_at": "2022-06-27T15:33:58.606Z", - "created_by": "elastic", - "updated_at": "2022-06-27T15:33:58.606Z", - "updated_by": "elastic" + }, + "id": "nginx/metrics-nginx.stubstatus-46331ee9-90a9-4b1f-b568-98641e9bafc9", + "compiled_stream": { + "metricsets": [ + "stubstatus" + ], + "hosts": [ + "http://127.0.0.1:80" + ], + "period": "10s", + "server_status_path": "/nginx_status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1:80" + ], + "type": "text" + } + } } - ], - "agents": 0 + ], + "revision": 1, + "created_at": "2022-06-27T15:33:58.606Z", + "created_by": "elastic", + "updated_at": "2022-06-27T15:33:58.606Z", + "updated_by": "elastic" + } + ], + "agents": 0 } \ No newline at end of file