Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Nginx] Add Missing ECS Field Mappings #6920

Closed
wants to merge 6 commits into from
Closed

[Nginx] Add Missing ECS Field Mappings #6920

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
baf74ac
Add missing ECS field mappings
MakoWish Jul 11, 2023
fc11063
Merge branch 'nginx_field_mappings' of https://github.com/MakoWish/in…
MakoWish Jul 11, 2023
5346fb6
Add entry to changelog and increment version in manifest
MakoWish Jul 11, 2023
5ff4be2
Merge branch 'nginx_field_mappings' of https://github.com/MakoWish/in…
MakoWish Jul 11, 2023
8a0bd29
Change type was accidentally put as enhancement instead of bugfix
MakoWish Jul 11, 2023
efe4698
Removed non-ECS field definition from ecs.yml
MakoWish Jul 11, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions packages/nginx/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "1.15.1"
changes:
- description: Add missing ECS field mappings
type: bugfix
link: https://github.com/elastic/integrations/pull/6920
- version: "1.15.0"
changes:
- description: Enable time series data streams for the metrics datasets. This improves storage usage and query performance. For more details, see https://www.elastic.co/guide/en/elasticsearch/reference/current/tsds.html
Expand Down
24 changes: 12 additions & 12 deletions packages/nginx/data_stream/access/_dev/test/pipeline/test-access.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
"web"
],
"created": "2020-04-28T11:07:58.223Z",
"ingested": "2022-12-09T10:33:39.640507096Z",
"ingested": "2023-08-14T16:15:39.257935331Z",
"kind": "event",
"original": "67.43.156.13 - - [25/Oct/2016:14:49:33 +0200] \"GET / HTTP/1.1\" 200 612 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36\"",
"outcome": "success",
Expand Down Expand Up @@ -91,7 +91,7 @@
"web"
],
"created": "2020-04-28T11:07:58.223Z",
"ingested": "2022-12-09T10:33:39.640525096Z",
"ingested": "2023-08-14T16:15:39.257975407Z",
"kind": "event",
"original": "67.43.156.13 - - [25/Oct/2016:14:49:34 +0200] \"GET /favicon.ico HTTP/1.1\" 404 571 \"http://localhost:8080/\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36\"",
"outcome": "failure",
Expand Down Expand Up @@ -173,7 +173,7 @@
"web"
],
"created": "2020-04-28T11:07:58.223Z",
"ingested": "2022-12-09T10:33:39.640527429Z",
"ingested": "2023-08-14T16:15:39.257978393Z",
"kind": "event",
"original": "67.43.156.13 - - [25/Oct/2016:14:50:44 +0200] \"GET /adsasd HTTP/1.1\" 404 571 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36\"",
"outcome": "failure",
Expand Down Expand Up @@ -253,7 +253,7 @@
"web"
],
"created": "2020-04-28T11:07:58.223Z",
"ingested": "2022-12-09T10:33:39.640529221Z",
"ingested": "2023-08-14T16:15:39.257980557Z",
"kind": "event",
"original": "67.43.156.13 - - [07/Dec/2016:10:34:43 +0100] \"GET / HTTP/1.1\" 200 612 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36\"",
"outcome": "success",
Expand Down Expand Up @@ -333,7 +333,7 @@
"web"
],
"created": "2020-04-28T11:07:58.223Z",
"ingested": "2022-12-09T10:33:39.640530971Z",
"ingested": "2023-08-14T16:15:39.257982611Z",
"kind": "event",
"original": "67.43.156.13 - - [07/Dec/2016:10:34:43 +0100] \"GET /favicon.ico HTTP/1.1\" 404 571 \"http://localhost:8080/\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36\"",
"outcome": "failure",
Expand Down Expand Up @@ -415,7 +415,7 @@
"web"
],
"created": "2020-04-28T11:07:58.223Z",
"ingested": "2022-12-09T10:33:39.640532637Z",
"ingested": "2023-08-14T16:15:39.257984705Z",
"kind": "event",
"original": "67.43.156.13 - - [07/Dec/2016:10:43:18 +0100] \"GET /test HTTP/1.1\" 404 571 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36\"",
"outcome": "failure",
Expand Down Expand Up @@ -495,7 +495,7 @@
"web"
],
"created": "2020-04-28T11:07:58.223Z",
"ingested": "2022-12-09T10:33:39.640534387Z",
"ingested": "2023-08-14T16:15:39.257986608Z",
"kind": "event",
"original": "67.43.156.13 - - [07/Dec/2016:10:43:21 +0100] \"GET /test HTTP/1.1\" 404 571 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36\"",
"outcome": "failure",
Expand Down Expand Up @@ -575,7 +575,7 @@
"web"
],
"created": "2020-04-28T11:07:58.223Z",
"ingested": "2022-12-09T10:33:39.640536054Z",
"ingested": "2023-08-14T16:15:39.257988842Z",
"kind": "event",
"original": "67.43.156.13 - - [07/Dec/2016:10:43:23 +0100] \"GET /test1 HTTP/1.1\" 404 571 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36\"",
"outcome": "failure",
Expand Down Expand Up @@ -655,7 +655,7 @@
"web"
],
"created": "2020-04-28T11:07:58.223Z",
"ingested": "2022-12-09T10:33:39.640537762Z",
"ingested": "2023-08-14T16:15:39.257990926Z",
"kind": "event",
"original": "127.0.0.1 - - [07/Dec/2016:11:04:37 +0100] \"GET /test1 HTTP/1.1\" 404 571 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36\"",
"outcome": "failure",
Expand Down Expand Up @@ -723,7 +723,7 @@
"web"
],
"created": "2020-04-28T11:07:58.223Z",
"ingested": "2022-12-09T10:33:39.640539429Z",
"ingested": "2023-08-14T16:15:39.257992940Z",
"kind": "event",
"original": "127.0.0.1 - - [07/Dec/2016:11:04:58 +0100] \"GET / HTTP/1.1\" 304 0 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0\"",
"outcome": "success",
Expand Down Expand Up @@ -791,7 +791,7 @@
"web"
],
"created": "2020-04-28T11:07:58.223Z",
"ingested": "2022-12-09T10:33:39.640541096Z",
"ingested": "2023-08-14T16:15:39.257997038Z",
"kind": "event",
"original": "127.0.0.1 - - [07/Dec/2016:11:04:59 +0100] \"GET / HTTP/1.1\" 304 0 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0\"",
"outcome": "success",
Expand Down Expand Up @@ -859,7 +859,7 @@
"web"
],
"created": "2020-04-28T11:07:58.223Z",
"ingested": "2022-12-09T10:33:39.640542887Z",
"ingested": "2023-08-14T16:15:39.257999452Z",
"kind": "event",
"original": "127.0.0.1 - - [07/Dec/2016:11:05:07 +0100] \"GET /taga HTTP/1.1\" 404 169 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0\"\nlessons.example.com 192.168.0.1 - - [09/Jun/2020:12:10:39 -0700] \"GET /A%20Beka%20G1%20Howe/029_AND_30/15%20reading%20elephants.mp4 HTTP/1.1\" 206 7648063 \"http://lessons.example.com/A%20Beka%20G1%20Howe/029_AND_30/15%20reading%20elephants.mp4\" \"Mozilla/5.0 (Linux; Android 5.1.1; KFFOWI) AppleWebKit/537.36 (KHTML, like Gecko) Silk/81.2.16 like Chrome/81.0.4044.138 Safari/537.36\"\nlessons.example.com 192.168.0.1 - - [09/Jun/2020:12:15:39 -0700] \"GET /%D0%A0%D1%83%D1%81%D1%81%D0%BA%D0%B0%D1%8F%20%D1%88%D0%BA%D0%BE%D0%BB%D0%B0%20-%20InternetUrok%201%D0%BA%D0%BB%D0%B0%D1%81%D1%81/ HTTP/1.1\" 206 7648063 \"http://lessons.example.com/A%20Beka%20G1%20Howe/029_AND_30/15%20reading%20elephants.mp4\" \"Mozilla/5.0 (Linux; Android 5.1.1; KFFOWI) AppleWebKit/537.36 (KHTML, like Gecko) Silk/81.2.16 like Chrome/81.0.4044.138 Safari/537.36\"",
"outcome": "failure",
Expand Down
10 changes: 5 additions & 5 deletions packages/nginx/data_stream/access/_dev/test/pipeline/test-nginx.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
"web"
],
"created": "2020-04-28T11:07:58.223Z",
"ingested": "2022-12-09T10:33:39.725697721Z",
"ingested": "2023-08-14T16:15:39.426582165Z",
"kind": "event",
"original": "10.0.0.2, 10.0.0.1, 127.0.0.1 - - [07/Dec/2016:11:05:07 +0100] \"GET /ocelot HTTP/1.1\" 200 571 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0\"",
"outcome": "success",
Expand Down Expand Up @@ -81,7 +81,7 @@
"web"
],
"created": "2020-04-28T11:07:58.223Z",
"ingested": "2022-12-09T10:33:39.725715762Z",
"ingested": "2023-08-14T16:15:39.426599247Z",
"kind": "event",
"original": "172.17.0.1 - - [29/May/2017:19:02:48 +0000] \"GET /stringpatch HTTP/1.1\" 404 612 \"-\" \"Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2\" \"-\"",
"outcome": "failure",
Expand Down Expand Up @@ -149,7 +149,7 @@
"web"
],
"created": "2020-04-28T11:07:58.223Z",
"ingested": "2022-12-09T10:33:39.725718054Z",
"ingested": "2023-08-14T16:15:39.426601441Z",
"kind": "event",
"original": "10.0.0.2, 10.0.0.1, 67.43.156.14 - - [07/Dec/2016:11:05:07 +0100] \"GET /ocelot HTTP/1.1\" 200 571 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0\"",
"outcome": "success",
Expand Down Expand Up @@ -231,7 +231,7 @@
"web"
],
"created": "2020-04-28T11:07:58.223Z",
"ingested": "2022-12-09T10:33:39.725719804Z",
"ingested": "2023-08-14T16:15:39.426603465Z",
"kind": "event",
"original": "67.43.156.14 - - [07/Dec/2016:11:05:07 +0100] \"GET /ocelot HTTP/1.1\" 200 571 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36\"\n\"10.5.102.222, 199.96.1.1, 204.246.1.1\" 10.2.1.185 - - [22/Jan/2016:13:18:29 +0000] \"GET /assets/xxxx?q=100 HTTP/1.1\" 200 25507 \"-\" \"Amazon CloudFront\"\n2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6, 10.225.192.17 10.2.2.121 - - [30/Dec/2016:06:47:09 +0000] \"GET /test.html HTTP/1.1\" 404 8571 \"-\" \"Mozilla/5.0 (compatible; Facebot 1.0; https://developers.facebook.com/docs/sharing/webmasters/crawler)\"",
"outcome": "success",
Expand Down Expand Up @@ -310,7 +310,7 @@
"web"
],
"created": "2020-04-28T11:07:58.223Z",
"ingested": "2022-12-09T10:33:39.725721554Z",
"ingested": "2023-08-14T16:15:39.426605509Z",
"kind": "event",
"original": "127.0.0.1 - - [12/Apr/2018:09:48:40 +0200] \"\" 400 0 \"-\" \"-\"\nunix: - - [26/Feb/2019:15:39:42 +0100] \"hello\" 400 173 \"-\" \"-\"\nlocalhost - - [29/May/2017:19:02:48 +0000] \"GET /test2 HTTP/1.1\" 200 612 \"-\" \"Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2\" \"-\"\nlocalhost, localhost - - [29/May/2017:19:02:48 +0000] \"GET /test2 HTTP/1.1\" 200 612 \"-\" \"Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2\" \"-\"\n",
"outcome": "failure",
Expand Down
8 changes: 4 additions & 4 deletions packages/nginx/data_stream/access/_dev/test/pipeline/test-test-with-host.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
"web"
],
"created": "2020-04-28T11:07:58.223Z",
"ingested": "2022-12-09T10:33:39.777617179Z",
"ingested": "2023-08-14T16:15:39.533322711Z",
"kind": "event",
"original": "example.com 10.0.0.2, 10.0.0.1, 127.0.0.1 - - [07/Dec/2016:11:05:07 +0100] \"GET /ocelot HTTP/1.1\" 200 571 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0\"\nexample.com 172.17.0.1 - - [29/May/2017:19:02:48 +0000] \"GET /stringpatch HTTP/1.1\" 404 612 \"-\" \"Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2\" \"-\"\nexample.com 10.0.0.2, 10.0.0.1, 67.43.156.14 - - [07/Dec/2016:11:05:07 +0100] \"GET /ocelot HTTP/1.1\" 200 571 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0\"\nexample.com:80 67.43.156.14 - - [07/Dec/2016:11:05:07 +0100] \"GET /ocelot HTTP/1.1\" 200 571 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36\"\nexample.com:80 \"10.5.102.222, 199.96.1.1, 204.246.1.1\" 10.2.1.185 - - [22/Jan/2016:13:18:29 +0000] \"GET /assets/xxxx?q=100 HTTP/1.1\" 200 25507 \"-\" \"Amazon CloudFront\"",
"outcome": "success",
Expand Down Expand Up @@ -88,7 +88,7 @@
"web"
],
"created": "2020-04-28T11:07:58.223Z",
"ingested": "2022-12-09T10:33:39.777634971Z",
"ingested": "2023-08-14T16:15:39.533339062Z",
"kind": "event",
"original": "67.43.156.15 2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6, 10.225.192.17 10.2.2.121 - - [30/Dec/2016:06:47:09 +0000] \"GET /test.html HTTP/1.1\" 404 8571 \"-\" \"Mozilla/5.0 (compatible; Facebot 1.0; https://developers.facebook.com/docs/sharing/webmasters/crawler)\"",
"outcome": "failure",
Expand Down Expand Up @@ -167,7 +167,7 @@
"web"
],
"created": "2020-04-28T11:07:58.223Z",
"ingested": "2022-12-09T10:33:39.777637262Z",
"ingested": "2023-08-14T16:15:39.533341597Z",
"kind": "event",
"original": "67.43.156.15:80 127.0.0.1 - - [12/Apr/2018:09:48:40 +0200] \"\" 400 0 \"-\" \"-\"\nexample.com:80 unix: - - [26/Feb/2019:15:39:42 +0100] \"hello\" 400 173 \"-\" \"-\"",
"outcome": "failure",
Expand Down Expand Up @@ -218,7 +218,7 @@
"web"
],
"created": "2020-04-28T11:07:58.223Z",
"ingested": "2022-12-09T10:33:39.777639137Z",
"ingested": "2023-08-14T16:15:39.533343691Z",
"kind": "event",
"original": "67.43.156.15 localhost - - [29/May/2017:19:02:48 +0000] \"GET /test2 HTTP/1.1\" 200 612 \"-\" \"Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2\" \"-\"\nexample.com localhost, localhost - - [29/May/2017:19:02:48 +0000] \"GET /test2 HTTP/1.1\" 200 612 \"-\" \"Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2\" \"-\"",
"outcome": "success",
Expand Down
36 changes: 36 additions & 0 deletions packages/nginx/data_stream/access/fields/ecs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,33 @@
- external: ecs
name: destination.address
- external: ecs
name: destination.as.number
- external: ecs
name: destination.as.organization.name
- external: ecs
name: destination.domain
- external: ecs
name: destination.geo.city_name
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to add these mapping for destination.geo.*, as I dont see these fields being populated somewhere in nginx.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

They are not populated by Nginx, but any customer that wants to enrich the data with Geo Location will require these fields to be mapped.

- external: ecs
name: destination.geo.continent_code
- external: ecs
name: destination.geo.continent_name
- external: ecs
name: destination.geo.country_iso_code
- external: ecs
name: destination.geo.country_name
- external: ecs
name: destination.geo.location
- external: ecs
name: destination.geo.name
- external: ecs
name: destination.geo.postal_code
- external: ecs
name: destination.geo.region_iso_code
- external: ecs
name: destination.geo.region_name
- external: ecs
name: destination.geo.timezone
- external: ecs
name: destination.ip
- external: ecs
Expand Down Expand Up @@ -30,6 +58,8 @@
name: source.as.organization.name
- external: ecs
name: source.geo.city_name
- external: ecs
name: source.geo.continent_code
- external: ecs
name: source.geo.continent_name
- external: ecs
Expand All @@ -40,10 +70,16 @@
level: core
name: source.geo.location
type: geo_point
- external: ecs
name: source.geo.name
- external: ecs
name: source.geo.postal_code
- external: ecs
name: source.geo.region_iso_code
- external: ecs
name: source.geo.region_name
- external: ecs
name: source.geo.timezone
- external: ecs
name: source.ip
- external: ecs
Expand Down
8 changes: 4 additions & 4 deletions packages/nginx/data_stream/error/_dev/test/pipeline/test-error-raw.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
"web"
],
"created": "2020-04-28T11:07:58.223Z",
"ingested": "2022-12-09T10:33:39.961425637Z",
"ingested": "2023-08-14T16:15:40.160870483Z",
"kind": "event",
"original": "2016/10/25 14:49:34 [error] 54053#0: *1 open() \"/usr/local/Cellar/nginx/1.10.2_1/html/favicon.ico\" failed (2: No such file or directory), client: 127.0.0.1, server: localhost, request: \"GET /favicon.ico HTTP/1.1\", host: \"localhost:8080\", referrer: \"http://localhost:8080/\"",
"type": [
Expand Down Expand Up @@ -46,7 +46,7 @@
"web"
],
"created": "2020-04-28T11:07:58.223Z",
"ingested": "2022-12-09T10:33:39.961441971Z",
"ingested": "2023-08-14T16:15:40.160883417Z",
"kind": "event",
"original": "2016/10/25 14:50:44 [error] 54053#0: *3 open() \"/usr/local/Cellar/nginx/1.10.2_1/html/adsasd\" failed (2: No such file or directory), client: 127.0.0.1, server: localhost, request: \"GET /adsasd HTTP/1.1\", host: \"localhost:8080\"",
"type": [
Expand Down Expand Up @@ -82,7 +82,7 @@
"web"
],
"created": "2020-04-28T11:07:58.223Z",
"ingested": "2022-12-09T10:33:39.961444512Z",
"ingested": "2023-08-14T16:15:40.160885912Z",
"kind": "event",
"original": "2019/10/30 23:26:34 [error] 205860#205860: *180289 FastCGI sent in stderr: \"PHP message: PHP Warning: Declaration of FEE_Field_Terms::wrap($content, $taxonomy, $before, $sep, $after) should be compatible with FEE_Field_Post::wrap($content, $post_id = 0) in /var/www/xxx/web/wp-content/plugins/front-end-editor/php/fields/post.php on line 0\nPHP message: PHP Warning: Declaration of FEE_Field_Tags::wrap($content, $before, $sep, $after) should be compatible with FEE_Field_Terms::wrap($content, $taxonomy, $before, $sep, $after) in /var/www/xxx/web/wp-content/plugins/front-end-editor/php/fields/post.php on line 0\nPHP message: PHP Warning: Declaration of FEE_Field_Category::wrap($content, $sep, $parents) should be compatible with FEE_Field_Terms::wrap($content, $taxonomy, $before, $sep, $after) in /var/www/xxx/web/wp-content/plugins/front-end-editor/php/fields/post.php on line 0",
"type": [
Expand Down Expand Up @@ -118,7 +118,7 @@
"web"
],
"created": "2020-04-28T11:07:58.223Z",
"ingested": "2022-12-09T10:33:39.961446596Z",
"ingested": "2023-08-14T16:15:40.160887865Z",
"kind": "event",
"original": "2019/11/05 14:50:44 [error] 54053#0: *3 open() \"/usr/local/Cellar/nginx/1.10.2_1/html/adsasd\" failed (2: No such file or directory), client: 127.0.0.1, server: localhost, request: \"GET /pysio HTTP/1.1\", host: \"localhost:8080\"",
"type": [
Expand Down
48 changes: 48 additions & 0 deletions packages/nginx/data_stream/error/fields/ecs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,28 @@
name: ecs.version
- external: ecs
name: host.ip
- external: ecs
name: host.geo.city_name
- external: ecs
name: host.geo.continent_code
- external: ecs
name: host.geo.continent_name
- external: ecs
name: host.geo.country_iso_code
- external: ecs
name: host.geo.country_name
- external: ecs
name: host.geo.location
- external: ecs
name: host.geo.name
- external: ecs
name: host.geo.postal_code
- external: ecs
name: host.geo.region_iso_code
- external: ecs
name: host.geo.region_name
- external: ecs
name: host.geo.timezone
- external: ecs
name: log.file.path
- external: ecs
Expand All @@ -12,5 +34,31 @@
name: process.pid
- external: ecs
name: process.thread.id
- external: ecs
name: related.ip
- external: ecs
name: source.geo.city_name
- external: ecs
name: source.geo.continent_code
- external: ecs
name: source.geo.continent_name
- external: ecs
name: source.geo.country_iso_code
- external: ecs
name: source.geo.country_name
- external: ecs
name: source.geo.location
- external: ecs
name: source.geo.name
- external: ecs
name: source.geo.postal_code
- external: ecs
name: source.geo.region_iso_code
- external: ecs
name: source.geo.region_name
- external: ecs
name: source.geo.timezone
- external: ecs
name: source.ip
- external: ecs
name: tags
Loading