Skip to content

Commit

Permalink
Fix fields
Browse files Browse the repository at this point in the history
  • Loading branch information
@legoguy1000
legoguy1000 committed Aug 26, 2021
1 parent 3eac588 commit 3882f90
Show file tree
Hide file tree
Showing 8 changed files with 275 additions and 533 deletions.
36 changes: 18 additions & 18 deletions packages/zeek/data_stream/connection/_dev/test/pipeline/test-conn.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@
},
"event": {
"duration": 76967000,
"ingested": "2021-08-10T12:16:43.225275533Z",
"ingested": "2021-08-26T12:37:08.253067515Z",
"original": "{\"ts\":1547188415.857497,\"uid\":\"CAcJw21BbVedgFnYH3\",\"id.orig_h\":\"192.168.86.167\",\"id.orig_p\":38339,\"id.resp_h\":\"192.168.86.1\",\"id.resp_p\":53,\"proto\":\"udp\",\"service\":\"dns\",\"duration\":0.076967,\"orig_bytes\":75,\"resp_bytes\":178,\"conn_state\":\"SF\",\"local_orig\":true,\"local_resp\":true,\"missed_bytes\":0,\"history\":\"Dd\",\"orig_pkts\":1,\"orig_ip_bytes\":103,\"resp_pkts\":1,\"resp_ip_bytes\":206,\"tunnel_parents\":[]}",
"created": "2020-04-28T11:07:58.223Z",
"kind": "event",
Expand Down Expand Up @@ -117,7 +117,7 @@
},
"event": {
"duration": 76967000,
"ingested": "2021-08-10T12:16:43.225299658Z",
"ingested": "2021-08-26T12:37:08.253113730Z",
"original": "{\"ts\":1547188416.857497,\"uid\":\"CAcJw21BbVedgFnYH4\",\"id.orig_h\":\"192.168.86.167\",\"id.orig_p\":38340,\"id.resp_h\":\"8.8.8.8\",\"id.resp_p\":53,\"proto\":\"udp\",\"service\":\"dns\",\"duration\":0.076967,\"orig_bytes\":75,\"resp_bytes\":178,\"conn_state\":\"SF\",\"local_orig\":true,\"local_resp\":false,\"missed_bytes\":0,\"history\":\"Dd\",\"orig_pkts\":1,\"orig_ip_bytes\":103,\"resp_pkts\":1,\"resp_ip_bytes\":206,\"tunnel_parents\":[]}",
"created": "2020-04-28T11:07:58.223Z",
"kind": "event",
Expand Down Expand Up @@ -211,7 +211,7 @@
},
"event": {
"duration": 76967000,
"ingested": "2021-08-10T12:16:43.225307774Z",
"ingested": "2021-08-26T12:37:08.253137894Z",
"original": "{\"ts\":1547188417.857497,\"uid\":\"CAcJw21BbVedgFnYH5\",\"id.orig_h\":\"4.4.2.2\",\"id.orig_p\":38334,\"id.resp_h\":\"8.8.8.8\",\"id.resp_p\":53,\"proto\":\"udp\",\"service\":\"dns\",\"duration\":0.076967,\"orig_bytes\":75,\"resp_bytes\":178,\"conn_state\":\"SF\",\"local_orig\":false,\"local_resp\":false,\"missed_bytes\":0,\"history\":\"Dd\",\"orig_pkts\":1,\"orig_ip_bytes\":103,\"resp_pkts\":1,\"resp_ip_bytes\":206,\"tunnel_parents\":[]}",
"created": "2020-04-28T11:07:58.223Z",
"kind": "event",
Expand Down Expand Up @@ -275,7 +275,7 @@
"ip": "192.0.2.205"
},
"event": {
"ingested": "2021-08-10T12:16:43.225310341Z",
"ingested": "2021-08-26T12:37:08.253152215Z",
"original": "{\"ts\":1551399000.57855,\"uid\":\"Cc6NJ3GRlfjE44I3h\",\"id.orig_h\":\"192.0.2.205\",\"id.orig_p\":3,\"id.resp_h\":\"198.51.100.249\",\"id.resp_p\":3,\"proto\":\"icmp\",\"conn_state\":\"OTH\",\"local_orig\":false,\"local_resp\":false,\"missed_bytes\":0,\"orig_pkts\":1,\"orig_ip_bytes\":107,\"resp_pkts\":0,\"resp_ip_bytes\":0,\"tunnel_parents\":[]}",
"created": "2020-04-28T11:07:58.223Z",
"kind": "event",
Expand Down Expand Up @@ -354,7 +354,7 @@
"ip": "10.156.0.2"
},
"event": {
"ingested": "2021-08-10T12:16:43.225312808Z",
"ingested": "2021-08-26T12:37:08.253166885Z",
"original": "{\"ts\":1617062400.404645,\"uid\":\"CCicIg43lOtCQOxXnb\",\"id.orig_h\":\"10.156.0.2\",\"id.orig_p\":56190,\"id.resp_h\":\"46.101.87.151\",\"id.resp_p\":443,\"proto\":\"tcp\",\"conn_state\":\"OTH\",\"local_orig\":true,\"local_resp\":false,\"missed_bytes\":0,\"history\":\"C\",\"orig_pkts\":0,\"orig_ip_bytes\":0,\"resp_pkts\":0,\"resp_ip_bytes\":0}",
"created": "2020-04-28T11:07:58.223Z",
"kind": "event",
Expand Down Expand Up @@ -434,7 +434,7 @@
},
"event": {
"duration": 103708982,
"ingested": "2021-08-10T12:16:43.225315271Z",
"ingested": "2021-08-26T12:37:08.253183090Z",
"original": "{\"ts\":1617062100.419397,\"uid\":\"C52mXBCPJ4pPGkhr1\",\"id.orig_h\":\"10.156.0.2\",\"id.orig_p\":60810,\"id.resp_h\":\"20.190.160.73\",\"id.resp_p\":443,\"proto\":\"tcp\",\"duration\":0.10370898246765137,\"orig_bytes\":0,\"resp_bytes\":5854,\"conn_state\":\"SHR\",\"local_orig\":true,\"local_resp\":false,\"missed_bytes\":0,\"history\":\"^hCcdafA\",\"orig_pkts\":1,\"orig_ip_bytes\":52,\"resp_pkts\":4,\"resp_ip_bytes\":267}",
"created": "2020-04-28T11:07:58.223Z",
"kind": "event",
Expand Down Expand Up @@ -514,7 +514,7 @@
},
"event": {
"duration": 104128838,
"ingested": "2021-08-10T12:16:43.225317743Z",
"ingested": "2021-08-26T12:37:08.253198430Z",
"original": "{\"ts\":1617062100.419603,\"uid\":\"CTzCky2CyLT5JJvHck\",\"id.orig_h\":\"10.156.0.2\",\"id.orig_p\":60804,\"id.resp_h\":\"20.190.160.73\",\"id.resp_p\":443,\"proto\":\"tcp\",\"duration\":0.10412883758544922,\"orig_bytes\":0,\"resp_bytes\":5854,\"conn_state\":\"SHR\",\"local_orig\":true,\"local_resp\":false,\"missed_bytes\":0,\"history\":\"^hCcdafA\",\"orig_pkts\":1,\"orig_ip_bytes\":52,\"resp_pkts\":4,\"resp_ip_bytes\":267}",
"created": "2020-04-28T11:07:58.223Z",
"kind": "event",
Expand Down Expand Up @@ -594,7 +594,7 @@
},
"event": {
"duration": 104333878,
"ingested": "2021-08-10T12:16:43.225320249Z",
"ingested": "2021-08-26T12:37:08.253214584Z",
"original": "{\"ts\":1617062100.419826,\"uid\":\"CIkS28PDxqQnN49m2\",\"id.orig_h\":\"10.156.0.2\",\"id.orig_p\":60802,\"id.resp_h\":\"20.190.160.73\",\"id.resp_p\":443,\"proto\":\"tcp\",\"duration\":0.10433387756347656,\"orig_bytes\":0,\"resp_bytes\":5854,\"conn_state\":\"SHR\",\"local_orig\":true,\"local_resp\":false,\"missed_bytes\":0,\"history\":\"^hCcdafA\",\"orig_pkts\":1,\"orig_ip_bytes\":52,\"resp_pkts\":4,\"resp_ip_bytes\":267}",
"created": "2020-04-28T11:07:58.223Z",
"kind": "event",
Expand Down Expand Up @@ -656,7 +656,7 @@
},
"event": {
"duration": 26802063,
"ingested": "2021-08-10T12:16:43.225322698Z",
"ingested": "2021-08-26T12:37:08.253228176Z",
"original": "{\"ts\":1617062390.563187,\"uid\":\"CezEGe4jeLNkayV976\",\"id.orig_h\":\"10.156.0.2\",\"id.orig_p\":38948,\"id.resp_h\":\"169.254.169.254\",\"id.resp_p\":53,\"proto\":\"udp\",\"service\":\"dns\",\"duration\":0.02680206298828125,\"orig_bytes\":0,\"resp_bytes\":241,\"conn_state\":\"SHR\",\"local_orig\":true,\"local_resp\":false,\"missed_bytes\":0,\"history\":\"Cd\",\"orig_pkts\":0,\"orig_ip_bytes\":0,\"resp_pkts\":1,\"resp_ip_bytes\":269}",
"created": "2020-04-28T11:07:58.223Z",
"kind": "event",
Expand Down Expand Up @@ -719,7 +719,7 @@
},
"event": {
"duration": 25056124,
"ingested": "2021-08-10T12:16:43.225325161Z",
"ingested": "2021-08-26T12:37:08.253241303Z",
"original": "{\"ts\":1617062390.563442,\"uid\":\"CKSr3w18mmW6t7bXC4\",\"id.orig_h\":\"10.156.0.2\",\"id.orig_p\":40080,\"id.resp_h\":\"169.254.169.254\",\"id.resp_p\":53,\"proto\":\"udp\",\"service\":\"dns\",\"duration\":0.025056123733520509,\"orig_bytes\":0,\"resp_bytes\":276,\"conn_state\":\"SHR\",\"local_orig\":true,\"local_resp\":false,\"missed_bytes\":0,\"history\":\"Cd\",\"orig_pkts\":0,\"orig_ip_bytes\":0,\"resp_pkts\":1,\"resp_ip_bytes\":304}",
"created": "2020-04-28T11:07:58.223Z",
"kind": "event",
Expand Down Expand Up @@ -782,7 +782,7 @@
},
"event": {
"duration": 3319979,
"ingested": "2021-08-10T12:16:43.225327579Z",
"ingested": "2021-08-26T12:37:08.253258868Z",
"original": "{\"ts\":1617062390.667048,\"uid\":\"CGUiHy4kLIF2ml95eg\",\"id.orig_h\":\"10.156.0.2\",\"id.orig_p\":41407,\"id.resp_h\":\"169.254.169.254\",\"id.resp_p\":53,\"proto\":\"udp\",\"service\":\"dns\",\"duration\":0.003319978713989258,\"orig_bytes\":0,\"resp_bytes\":133,\"conn_state\":\"SHR\",\"local_orig\":true,\"local_resp\":false,\"missed_bytes\":0,\"history\":\"Cd\",\"orig_pkts\":0,\"orig_ip_bytes\":0,\"resp_pkts\":1,\"resp_ip_bytes\":161}",
"created": "2020-04-28T11:07:58.223Z",
"kind": "event",
Expand Down Expand Up @@ -845,7 +845,7 @@
},
"event": {
"duration": 1111984,
"ingested": "2021-08-10T12:16:43.225330390Z",
"ingested": "2021-08-26T12:37:08.253273597Z",
"original": "{\"ts\":1617062390.698943,\"uid\":\"CAOZZi4Qrio7gUVgVc\",\"id.orig_h\":\"10.156.0.2\",\"id.orig_p\":50487,\"id.resp_h\":\"169.254.169.254\",\"id.resp_p\":53,\"proto\":\"udp\",\"service\":\"dns\",\"duration\":0.0011119842529296876,\"orig_bytes\":0,\"resp_bytes\":202,\"conn_state\":\"SHR\",\"local_orig\":true,\"local_resp\":false,\"missed_bytes\":0,\"history\":\"Cd\",\"orig_pkts\":0,\"orig_ip_bytes\":0,\"resp_pkts\":1,\"resp_ip_bytes\":230}",
"created": "2020-04-28T11:07:58.223Z",
"kind": "event",
Expand Down Expand Up @@ -908,7 +908,7 @@
},
"event": {
"duration": 908852,
"ingested": "2021-08-10T12:16:43.225332830Z",
"ingested": "2021-08-26T12:37:08.253287095Z",
"original": "{\"ts\":1617062390.699227,\"uid\":\"Chx5fs3xQ5ALB72i4e\",\"id.orig_h\":\"10.156.0.2\",\"id.orig_p\":49647,\"id.resp_h\":\"169.254.169.254\",\"id.resp_p\":53,\"proto\":\"udp\",\"service\":\"dns\",\"duration\":0.0009088516235351563,\"orig_bytes\":0,\"resp_bytes\":145,\"conn_state\":\"SHR\",\"local_orig\":true,\"local_resp\":false,\"missed_bytes\":0,\"history\":\"Cd\",\"orig_pkts\":0,\"orig_ip_bytes\":0,\"resp_pkts\":1,\"resp_ip_bytes\":173}",
"created": "2020-04-28T11:07:58.223Z",
"kind": "event",
Expand Down Expand Up @@ -970,7 +970,7 @@
"ip": "10.156.0.2"
},
"event": {
"ingested": "2021-08-10T12:16:43.225335244Z",
"ingested": "2021-08-26T12:37:08.253306054Z",
"original": "{\"ts\":1617062400.703865,\"uid\":\"C3pPjh1YRYcVDiZD3\",\"id.orig_h\":\"10.156.0.2\",\"id.orig_p\":44944,\"id.resp_h\":\"169.254.169.254\",\"id.resp_p\":80,\"proto\":\"tcp\",\"conn_state\":\"OTH\",\"local_orig\":true,\"local_resp\":false,\"missed_bytes\":0,\"history\":\"C\",\"orig_pkts\":0,\"orig_ip_bytes\":0,\"resp_pkts\":0,\"resp_ip_bytes\":0}",
"created": "2020-04-28T11:07:58.223Z",
"kind": "event",
Expand Down Expand Up @@ -1031,7 +1031,7 @@
"ip": "10.156.0.2"
},
"event": {
"ingested": "2021-08-10T12:16:43.225337683Z",
"ingested": "2021-08-26T12:37:08.253319736Z",
"original": "{\"ts\":1617062400.703851,\"uid\":\"ChUxTmYLG37oO5qUb\",\"id.orig_h\":\"10.156.0.2\",\"id.orig_p\":44942,\"id.resp_h\":\"169.254.169.254\",\"id.resp_p\":80,\"proto\":\"tcp\",\"conn_state\":\"OTH\",\"local_orig\":true,\"local_resp\":false,\"missed_bytes\":0,\"history\":\"C\",\"orig_pkts\":0,\"orig_ip_bytes\":0,\"resp_pkts\":0,\"resp_ip_bytes\":0}",
"created": "2020-04-28T11:07:58.223Z",
"kind": "event",
Expand Down Expand Up @@ -1092,7 +1092,7 @@
"ip": "10.156.0.2"
},
"event": {
"ingested": "2021-08-10T12:16:43.225340124Z",
"ingested": "2021-08-26T12:37:08.253332989Z",
"original": "{\"ts\":1617062400.704467,\"uid\":\"CpeAOT3B11CTXJgzw2\",\"id.orig_h\":\"10.156.0.2\",\"id.orig_p\":44946,\"id.resp_h\":\"169.254.169.254\",\"id.resp_p\":80,\"proto\":\"tcp\",\"conn_state\":\"OTH\",\"local_orig\":true,\"local_resp\":false,\"missed_bytes\":0,\"history\":\"C\",\"orig_pkts\":0,\"orig_ip_bytes\":0,\"resp_pkts\":0,\"resp_ip_bytes\":0}",
"created": "2020-04-28T11:07:58.223Z",
"kind": "event",
Expand Down Expand Up @@ -1205,7 +1205,7 @@
},
"event": {
"duration": 76967000,
"ingested": "2021-08-10T12:16:43.225342661Z",
"ingested": "2021-08-26T12:37:08.253346340Z",
"original": "{\"ts\":1547188417.857497,\"uid\":\"CAcJw21BbVedgFnYH5\",\"id.orig_h\":\"4.4.2.2\",\"id.orig_p\":38334,\"id.resp_h\":\"8.8.8.8\",\"id.resp_p\":53,\"proto\":\"udp\",\"service\":\"dns\",\"duration\":0.076967,\"orig_bytes\":75,\"resp_bytes\":178,\"conn_state\":\"SF\",\"local_orig\":false,\"local_resp\":false,\"missed_bytes\":0,\"history\":\"Dd\",\"orig_pkts\":1,\"orig_ip_bytes\":103,\"resp_pkts\":1,\"resp_ip_bytes\":206,\"tunnel_parents\":[]}",
"created": "2020-04-28T11:07:58.223Z",
"kind": "event",
Expand Down Expand Up @@ -1270,7 +1270,7 @@
"ip": "10.0.2.15"
},
"event": {
"ingested": "2021-08-10T12:16:43.225345083Z",
"ingested": "2021-08-26T12:37:08.253359559Z",
"original": "{\"ts\":\"2021-06-09T20:55:13.160328Z\",\"uid\":\"C2KP1V3alRLoxl4JB9\",\"id.orig_h\":\"10.0.2.15\",\"id.orig_p\":46408,\"id.resp_h\":\"172.217.9.68\",\"id.resp_p\":80,\"proto\":\"tcp\",\"conn_state\":\"OTH\",\"local_orig\":true,\"local_resp\":false,\"missed_bytes\":0,\"history\":\"C\",\"orig_pkts\":0,\"orig_ip_bytes\":0,\"resp_pkts\":0,\"resp_ip_bytes\":0}",
"created": "2020-04-28T11:07:58.223Z",
"kind": "event",
Expand Down
4 changes: 2 additions & 2 deletions packages/zeek/data_stream/ntp/_dev/test/pipeline/test-ntp.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@
"ip": "130.118.205.62"
},
"event": {
"ingested": "2021-08-10T12:16:45.963639174Z",
"ingested": "2021-08-26T12:37:14.367022936Z",
"original": "{\"ts\":1602116947.977,\"uid\":\"CqlPpF1AQVLMPgGiL5\",\"id.orig_h\":\"130.118.205.62\",\"id.orig_p\":38461,\"id.resp_h\":\"208.79.89.249\",\"id.resp_p\":123,\"version\":4,\"mode\":3,\"stratum\":0,\"poll\":1,\"precision\":1,\"root_delay\":0,\"root_disp\":0,\"ref_id\":\"\\\\x00\\\\x00\\\\x00\\\\x00\",\"ref_time\":0,\"org_time\":0,\"rec_time\":0,\"xmt_time\":1602116947.215,\"num_exts\":0}",
"created": "2020-04-28T11:07:58.223Z",
"kind": "event",
Expand Down Expand Up @@ -150,7 +150,7 @@
"ip": "130.118.205.62"
},
"event": {
"ingested": "2021-08-10T12:16:45.963645447Z",
"ingested": "2021-08-26T12:37:14.367053691Z",
"original": "{\"ts\":1602116948.081,\"uid\":\"CqlPpF1AQVLMPgGiL5\",\"id.orig_h\":\"130.118.205.62\",\"id.orig_p\":38461,\"id.resp_h\":\"208.79.89.249\",\"id.resp_p\":123,\"version\":4,\"mode\":4,\"stratum\":2,\"poll\":8,\"precision\":5.960464477539063e-8,\"root_delay\":0.00921630859375,\"root_disp\":0.0212249755859375,\"ref_id\":\"127.67.113.92\",\"ref_time\":1602116655.942,\"org_time\":1602116947.215,\"rec_time\":1602116947.964,\"xmt_time\":1602116947.964,\"num_exts\":0}",
"created": "2020-04-28T11:07:58.223Z",
"kind": "event",
Expand Down
2 changes: 1 addition & 1 deletion packages/zeek/data_stream/ntp/fields/base-fields.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
- name: event.dataset
type: constant_keyword
description: Event dataset
value: zeek.connection
value: zeek.ntp
- name: '@timestamp'
type: date
description: Event timestamp.
Loading

0 comments on commit 3882f90

Please sign in to comment.